WG: apply advertised routes on server immediately; relax rp_filter for routed clients

client/install_client.sh

@@ -347,6 +347,8 @@ build_lan_nat_hooks_if_needed() {
   local fwd="/etc/sysctl.d/99-wireguard-client-forwarding.conf"
   cat > "$fwd" <<EOF_FWD
 net.ipv4.ip_forward=1
+net.ipv4.conf.all.rp_filter=2
+net.ipv4.conf.default.rp_filter=2
 EOF_FWD
   sysctl --system >/dev/null || true