Hey, thanks for the quick edit. This is going to help a lot of people.
One tweak - on the server side, peer section AllowedIPs should be /32, but on the client side, their address should be /24 (otherwise they won't be able to reach the .1 address of the vpn server). A lot of people get this confused, since we're not really specifying Address+Mask in the AllowedIPs setting. We're listing addresses or address ranges that should route through to this peer. In this case the client is not also a router, so we should only send traffic for their specific IP through this peer connection, thus /32 mask. If the client/peer was also a router, then we would have their tunnel address/32, plus the network address range beyond, like 192.168.99.1/24.
So in #7 consider changing this:
In the Allowed IP’s section, enter a random IP address in the subnet you previously chose, for example 10.200.200.2/32. This will be the client’s internal IP address.
To something like this:
In the Allowed IP’s section you're indicating what addresses are reached through the tunnel to this peer. In our example we only want to send traffic to the one client's address. To do this, pick an IP address for the client in the subnet you previously chose, and use /32 at the end. For example 10.200.200.2/32.
In #8 is where it will break with /32, so maybe change from this:
Go back to the app and In Addresses , put the exact same of what you specified in Allowed IPs of the client peer, e.g. 10.200.200.2/32.
To something like this:
Go back to the app and in Addresses, put the address you chose for the client and entered on the server in the peer Allowed IPs section, but use the real subnet mask (/24 in CIDR notation) like you did for the server Address, e.g. 10.200.200.2/24.
Maybe you can simplify that a bit. But that's a first crack at explaining it.