1. Disable the FW and test.
Tried - disabling one fw shows wg traffic flowing.
2. Try ping from one router to the other using the configured public IP address
That works as well with the default fw config on OpenWRT/LEDE/LibreCMC
3. Ping the other using the WG IP address
my problem is that ping between the WG IP addresses is not working. I see some PostUp and Postdown examples in the regular configurations like the ones below
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE
In the LEDE/OpenWRT derivatives those are marked in the GUI with MASQUERADE and route allowed ips options, but still I'm getting stuck. I moved my VPN network from /25 to another /24 and still was stuck.
If all runs them it is a routing problem left to solve...
Agree. I'm a bit at loss which routing - the kernel one or the forwarding of packets. Will tear down and start from scratch with another test.