The blog post from casept was almost working for me, except for one little thing to mention in section You’ll also need to set the client up on your server

uci add_list network.@wireguard_wg0[-1].allowed_ips="0.0.0.0/0" (obviously) is replacing the existing default route, which renders internet unusable ;)

As we’re routing the clients traffic anyway, we can just allow the single host address like uci add_list network.@wireguard_wg0[-1].allowed_ips="192.168.199.2/32" (192.168.199.0/24 as WireGuards subnet in this example).