On Sun, 2023-10-15 at 14:55 +0000, Andrew Oakeley wrote:
I'd be inclined to set your allowed-address for the peers to 0.0.0.0/0
On Mon, 2023-10-16 at 09:10 +1100, Roger Plant wrote:
On the Server, You need to add 192.168.16.3 to the allowed addresses in the Client peer entry.
On the Client, You need to add 192.168.16.1 (or maybe .16.0/24 if there will be other peers attached to server in future) to the allowed addresses in the Server peer entry.
I had already tried what Roger suggested, and had added ",192.168.16.0/24" to the allowed-address on each end. It changed the error, but only on the client end, from the error 126 to a timeout. So I just now tried what Andrew suggested, and FMS it then worked; I could ping each Wireguard interface address from its "opposing" address on the link. But WHY?!? Why was it not enough to add just the Wireguard link subnet to each end's allowed-address list? Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160