I also tried setting on wgserver. It's much more complicated. That's because the wgserver can't distinguish wgclient's LAN clients with "WireGuard Client Options - IP Masquerading" on.
The steps are:
- client: turn off wgclient IP Masquerading
- server: add WireGuard Server Route Rule
- server: add firewall rule at luci
