WG one way communication

[LieT]

Hi.

I need help setting up the WG client on OpnSense.
general information

WG Server
Extip:89.110.XX.YY
WG ip: 10.66.66.1(/24)

WG Client(OpnS) over PPPoE:
Extip: 185.23.VV.ZZ
WG IP: 10.66.66.2
LANIP:172.16.15.0/24

OS:Ubuntu
Config, generated linux setup script on wg server, for client:
[Interface]
PrivateKey = KEY
Address = 10.66.66.2/32,fd42:42:42::2/128
DNS = 8.8.8.8,8.8.4.4

[Peer]
PublicKey = KEY
PresharedKey = KEY
Endpoint = 89.110.XX.YY:63690
AllowedIPs = 0.0.0.0/0,::/0

I have configured Instance and Peer. item - 'Disable routes' is disabled. because if enabled, WG writes 0.0.0.0/1 to routes and all traffic tries to get into this route.


I created a new gateway for WG interface,  10.66.66.1 and assigned it to the network 10.66.66.0/24. and create route 10.66.66.0/24 -> 10.66.66.1(also tried with 66.1 - no luck. then left it at 66.2)

What do I have in the end?!

ping to 10.66.66.2 is successful, in the opposite direction - not. although tcpdump sees traffic.
In the firewall logs, there is no mention of the 10.66.66.0/24 network at all, so I cannot track at what stage the blocking may occur, if that is the issue.

There are allowing rules on the WAN interface. I will attach screenshots below.

Questions:
1) how to make traffic go from client to server, and not just vice versa?
2) why does the firewall not display WG traffic?
3) why did this happen?
4) What exactly is the path taken by a single packet? WGServer- WGServerinterface- WGClientInterface or WGServer- WGServerinterface- WAN-PortForwardFirewall- WGClientInterface? or some other? it feels like that. that the raised WG tunnel ignores the Firewall but it is unsecure

[florit]

Is 10.66.66.2  to contact Gateway on Server side?
I did. Not See the Problem when 10.66.66.0 is routed on Server Side

   Take a Look at Firewall:Rules:wg0