I have been experiencing this for a while (months/years) and decided to report this now. It seems to be the same problem reported here: https://discuss.grapheneos.org/d/4195-wireguard-on-second-profile-not-allowing-connections
What is happening is that if I enable a VPN in the owner profile using either the official Wireguard app or the unofficial WG Tunnel app, as soon as that VPN is active then the network becomes completely offline in any other secondary profile. This is only solved by disconnecting the VPN in the owner profile.
I don't have "Always-on VPN" enabled in system settings, but I did experiment with it on and off and it didn't change the outcome. Naturally I also made sure that "Block connections without VPN" is not enabled.
The interesting thing is that if I use the Mullvad VPN app, then this issue does not occur and the other profiles act as the VPN is not active, which is consistent to how the documentation and the explanations I've seen here in this forum say about how the VPN should work (= only in the same profile, invisible in others).
I wonder why this happens only with these two apps but not the Mullvad one? And even if the problem is with the apps, isn't it a OS bug if the app (deliberately or not) can affect networking in other profiles? Aren't they supposed to be independent and kept isolated by the OS?