Lacking context, is this device connected to an upstream router and is simply acting as an AP getting a private address on the LAN of the upstream router.
The confusion stems from the fact that you state its an AP but then you create a subnet and pool etc, for users and thus you are really wanting a router.
So right now your config is between, and you need to decide, wifi router or AP. If its an AP the main router should provide the subnet(s) to the AP and its users.
How that gets to the AP is up to you. The AP (being an MT) can accept a TRUNK Port carrying many vlans… like
a. the one the AP gets its IP address from (trusted subnet)
b. the the that the users on the AP are supposed to be on.
IF your upstream router is incapable of vlans, then you are pretty much stuck with using the mT as a wifi router, and not strictly an AP., unless all can be on the same flat subnet provided by the main router.
Thanks for the response. This is all in MT unit. I tried to depict in a poor man’s ascii art {inside braces as stand alone devices acting ap with dhcp for wifi clients on 10.10.10.0/24}
There is no upstream router affecting this MT. The ether 1 on this MT is using NAT for the wifi subnet10.10.10.0. The Lan port= ether1 connected to a local internet gateway 192.168.1.254.
wlan and ether1 are bridged named: wlan-bg.
Please ley me know if u require more information
Thanks once again. I have solved my little problem by adding route between wg end point and the local internet gateway. I was trying to avoid mangle which is now avoided.
{inside braces as stand alone devices acting ap with dhcp for wifi clients on 10.10.10.0/24}