Hello,

I am trying to configure a real WireGuard site-to-site connection between two TP-Link routers, but I am not able to solve it

Router A: TP-Link Archer AXE75  
LAN subnet: 192.168.0.0/24 

Router B: TP-Link Archer BE400  
LAN subnet: 192.168.2.0/24 (NAS is located here)

The WireGuard tunnel establishes correctly and the tunnel IPs are reachable from both sides.

However, I cannot access any device behind Router A from Router B using their real LAN IPs.

With NAT enabled on the AXE75, the setup only works using port forwarding, which turns the VPN into a simple client/forwarding setup and does not behave as a site-to-site VPN.

When NAT is disabled, the AXE75 firmware does not allow:

- adding static routes via the WireGuard interface
- forwarding traffic from WireGuard to the LAN
- selecting WireGuard as a routable interface

As a result, traffic that reaches the WireGuard interface is dropped and never routed to the LAN behind Router A.

My goal is to route traffic between:
192.168.0.0/24 ↔ 192.168.2.0/24
through the WireGuard tunnel, without NAT or port forwarding, and to access the IP camera from the NAS using its real LAN IP.

Is this functionality supported by the stock TP-Link firmware, or is WireGuard limited to NAT-based client usage on these models?

Thabk you in advance!