Hi Kalin,

1. Disable the FW and test.
>
Tried - disabling one fw shows wg traffic flowing.


> 2. Try ping from one router to the other using the configured public IP
> address
>
> That works as well with the default fw config on OpenWRT/LEDE/LibreCMC


> 3. Ping the other using the WG IP address
>
> my problem is that ping between the WG IP addresses is not working. I see
some PostUp and Postdown examples in the regular configurations like the
ones below
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A
POSTROUTING -o enp5s0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT;
ip6tables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D
POSTROUTING -o enp5s0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT;
ip6tables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE
In the LEDE/OpenWRT derivatives those are marked in the GUI with MASQUERADE
and route allowed ips options, but still I'm getting stuck.  I moved my VPN
network from /25 to another /24 and still was stuck.

> If all runs them it is a routing problem left to solve...
>
> Agree. I'm a bit at loss which routing - the kernel one or the forwarding
of packets. Will tear down and start from scratch with another test.

> Kalin.
>