This one makes sure the wireguard will use the ISP and not the VPN.
Then you need to masquerade wireguard IPs to the eth0 IP when the destination is in the lan, or to the openvpn client when the destination is the internet.
2 Likes