Messages

I have not used the wireguard just yet, so let's just say i'll be of perhaps no help.

For past 30yrs of me working on/with fw's and ipsec, the fw device either just shoves the remote side nets into a matching tunnel, or, the fw device routes the remote side nets to a tunnel object (route statement). After that (so after ipsec on both ends) the fw then has to decide if the net is local (directly attached, so arp) or does it need a route for next hop. That's usually all a tunnel setup needs to have L3 working in terms of just moving packets.

But, wireguard is not ipsec, so will leave the mystery to you.

Thanks you so much!