Almost every problem I've seen someone have with WireGuard comes down to one of two things:
1. They misunderstand what AllowedIPs actually does
2. They don't understand networking.
WireGuard is _incredibly_ simple. Not easy. Simple. You configure your peering on each side, and what you end up with is--as far as userspace can tell--a perfectly normal layer 3 interface. You are then free to configure your firewall rules and route tables however you like in order to achieve your goals.
If you understand networking (and how to perform network configuration on Linux), then this is a powerful tool.
If you don't understand networking, then you end up writing posts like this.
Having just implemented wireguard for the first time, and having extensive networking knowledge, I agree it is simple but not easy, and the primary reason is the really poor documentation. If they just had a proper how to guide for first time users it would help a lot. The documentation on the wireguard site is lacking in that respect.
1. They misunderstand what AllowedIPs actually does
2. They don't understand networking.
WireGuard is _incredibly_ simple. Not easy. Simple. You configure your peering on each side, and what you end up with is--as far as userspace can tell--a perfectly normal layer 3 interface. You are then free to configure your firewall rules and route tables however you like in order to achieve your goals.
If you understand networking (and how to perform network configuration on Linux), then this is a powerful tool. If you don't understand networking, then you end up writing posts like this.