Thanks. Starting over this time yielded the results I was after.
My lan still exists at 10.0.0.x; Brume 2 = 10.0.0.1
WG’s tunnel address is 10.0.8.1/24 (so as not to conflict with the default Open VPN server (which I am not using at the moment)) and I have both masquerading and Allow Remote Access LAN enabled. I took the defaults for the client config.
With my iPhone disconnected from wifi, I connected to the VPN and could get to the Brume 2 admin page at 10.0.0.1. Not only that, but I could actually get to my SMB server, on my Mac, using my Mac’s IP address of 10.0.0.2.
This is really good, and exactly the use case for my Brume 2 (which I kinda enjoy, having had tinkered with OpenWRT back in 2005/6).
I have another question about DNS, but I’ll ask that in a separate thread. Thanks again.