How to access LAN through single lan connection via Wireguard on Brume 2

I want to be able to do the following at another place of mine:

192.168.1.1 = ISP router / cable modem
192.168.1.100 = Brume 2 (one cable in LAN, WAN disabled/bridged to br-lan, gw 192.168.1.1 for br-lan)
192.168.1.99 = LAN (all LAN devices have gw 192.168.1.1)

And now I want to access from outside internet into LAN through wireguard.

The Brume 2 would just be connected with one cable in LAN port to the 192.168.1.1 router, which is then connected to a switch and the other PCs in LAN are connected to the switch.

I have disabled the WAN port of the Brume 2 via the GLInet web interface so WAN becomes another LAN / bridge of br-lan:

image

image

I can already reach the Wireguard server from outside (port forwarding from 192.168.1.1 to 192.168.1.100).

The problem now is, I cant reach any LAN PCs or the ISP router itself from the WG client. I just can reach 192.168.1.100 and 10.0.0.1, that’s it.

I have already allowed wgserver forwarding in LUCI to LAN:

image

I have set a default gw in LUCI for the br-lan device:

image

I can ping from ssh console of the Brume the lan devices:

image

But I cant reach any PCs nor the ISP router from the WG clients.

What else is there to do to make this work? I have already tried to enable NAT masquerading on the WGServer on/off both with no result. Do I need to set a static route too somewhere? I tried experimenting with it but with no luck so far.

I dont want the Brume 2 act as another 2nd router in front or between the clients with two subnets, just as a Wireguard server which then allows to access LAN through it.

Or is there a better elegant way to achieve this? I tried to give WGServer the same subnet address, for example 192.168.1.201 and client 202, that also didnt work. Or do I need to add wgserver to br-lan for this to work too?

Do I need to add a WG static in here maybe? If so which one:

Not sure what would make sense to add though, 192.168.1.0/24 192.168.1.1 wouldnt make much sense because it is already the default gw of br-lan, no? I tried to add that anyway, and it also didnt work.

What about adding a static route at 192.168.1.1, something like 10.0.0.0/24 192.168.1.100 ?

Update:

I fixed it by activating NAT masquerading also on the br-lan device on the Brume 2:

image

But is this the right way to do it?