So you believe connection was established to the sever. But I can't route my traffic through it.
Last year I trying to setup openvpn on my device and share the connection as a new wireless network (see this topic).
Now I want to do the same thing using wireguard; setup a wireguard client on my router and share it separately from primary wan, as a new wireless connection.
First of all refrain from posting the screenshots and better post the config files as psherman suggested.
Second the route that you have applied in wgvpn table for default is sending everything out of the wan interface and not the wireguard.
Don't use public nameservers on the LAN interface. Use them in the WAN instead.
VPI/VCI in the ATM is not something secret that needs to be redacted.
The addresses of the interface Cloudflare are most likely private (192.168.X.Y, 10.X.Y.Z, 172.16-31.X.Y), so you can leave them. No need to assign a listen_port, unless you are sure that it can be reached. For example I don't see any firewall rule to allow udp/5342 on the wan.
On the Cloudflare peer config you are listing the allowed IPs in two /1 ranges, but you don't route them. If you don't want to route them you can use the 0.0.0.0/0, but my guess is that you want to route them.
The static route points everything coming from the WGNET interface to the WAN. This is not allowed according to the firewall forwardings that you have in place.
So first explain to us in simple words what flows do you want to allow, e.g lan->wan only, wgNet->Cloudflare only or lan->wan primary/ Cloudaflare some hosts.
Another idea would be the following: remove all VPN configs, routes, and firewall rules and essentially start fresh. Get the router to connect to the WG based VPN and pass all traffic through the tunnel. Once that is done, you can setup more granular configurations to handle traffic steering/policies, etc. This way, you ensure there is a known working configuration as a starting point and you can be certain that your tunnel is properly established. With any policy based routing, additional granular firewall rules and routes, and so on, you could end up chasing your tail. If you have an extra router to play with (or setup a VM), you can get the general config up without disruption of your existing router. And you can take backups before and at any interesting points along the way to grab a snapshot of working sub-configuration details.
Thanks for the tips. this is the whole story:
I have openwrt 19.07.1 installed on my device (TP-Link TD-W8970). I using my device as Modem/Router & AccessPoint. I connect to the Internet using DSL Line (PPPoE protocol) using this device. To bypass Net restrections and Net blocking, I had to use one of the VPN solutions on my PC/Laptop/Mobile phone and etc... this is why I want to use a VPN server. Last year I tried to setup openvpn directly on my openwrt, so when I connected to my Modem, I don't need enable VPN on my Phone or Laptop. you can see my last year topic here I just wanna do the same thing as I done last year, this time using wireguard protocol: My 8970 connect to the WAN (Internet) Using DSL and I access to the internet by connecting to the 'wifi1'. now I want to setup a wireguard client on my 8970 and share tunneled connection as a new network/wifi named 'wifi2'. that's it.
Here, I told you to clear the port. For the addresses I said to leave them because they are private, meaning that they don't need to be redacted. Sorry if I wasn't clear. Use the Addresses from the config file. I don't like the masks /32 and /128. If it still doesn't work, consider changing them to match the mask of the server, for example /24 and /64.
config interface 'CloudFlare'
option proto 'wireguard'
option private_key '*'
list addresses '172.16.0.2/24'
list addresses 'fd01:5ca1:ab1e:8f32:d504:87c5:43d0:6002/64'
No, .2 is the address that the Wireguard tunnel has on the OpenWrt side.
On the Cloudflare side you have a different one.
Do you have the Wireguard configuration of the Cloudflare server?
you right. it's weird because when I successfully connect using this .conf on my windows, 172.16.0.1 still unreachable to me, even though my traffic pass through VPN and my Public IP changed.
This is the configuration of the client, the one you are using in OpenWrt and Windows.
I am asking for the configuration that you have on the other side, the Cloudflare server.