Hi,
I made it back to the 141 subnet and when I look in WireGuard Status, it says my mobile client is connected.
In the [peer] section on the router for this device, I now have 'Allowed IPs' 0.0.0.0/0
In the [Interface] section on the Android client, I have 'Addresses' 192.168.141.8/32
So, although I am connected, I have no route to any device on the 141 subnet. I tried to access LuCI from a browser on the Android device and I tried opening a shell with JuiceSSH on the Android device.
Also, with the tunnel up on the Android device, I have no access to anything else from that device either.
I know I'm not grasping something here lol, gonna re-read what you all kindly said above and see if I can figure out the Allowed IP/Addresses concepts as it still isn't clear what router and client are expecting in their respective fields.
EDIT:
Below are what I see in LuCI for the WireGuard config, and the 'Motog6' peer
[Network > Interfaces > WireGuard141 > General Settings]
Status: Device: WireGuard141
Uptime: 0h 5m 31s
RX: 320B (3 Pkts.)
TX: 664B (17Pkts.)
Protocol: WireGuard VPN
Bring up on boot : checked
Private Key: ********************************
Required: Base 64-encoded private key for this interface.
Listen Port: 51815
Optional. UDP port used for outgoing and incoming packets.
IP Addresses: blank
Recommended. IP addresses of the WireGuard interface.
[Network > Interfaces > WireGuard141 > Peers]
Description: motog6
Optional. Description of peer.
Public Key: ***********************************
Required. Base64-encoded public key of peer
Preshared Key: blank
Optional. Base64-encoded preshared key. Adds in an additional layer of symmetric-key cryptography for post-quantum resistance.
Allowed IPs: 0.0.0.0/0
Required. IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel.
Route Allowed IPs: checked
Optional. Create routes for Allowed IPs for this peer.
Endpoint Host: blank
Optional. Host of peer. Names are resolved prior to bringing up the interface.
Endpoint Port: blank
Optional. Port of peer.
Persistent Keep Alive: 25
Optional. Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25.
[Status -> WireGuard Status]
Peer: motog6
Public Key: ************************************
Endpoint: DDNS resolved Public IP of router:random port
Allowed IPs: none
Persistent Keepalive: 25s
Latest Handshake: Thu, 29 Oct 2020 09:47:42 GMT (1m ago)
Data Received: 2 KiB
Data Transmitted: 3 KiB
Below is the config from the WireGuard client on the Android device motog6
[Interface]
Name
141
Public key
Addresses
192.168.141.8/32
[Peer]
Public key
Allowed IPs
0.0.0.0/0
Endpoint:
addnsdotnetname:51815
Transfer
rx 632 B, tx 8.95 KiB
Both router and Android show as connected and the log on Android confirms it has done key exchange and is sending keep alive packets.
On the Android device, with the tunnel up, I have no access to anywhere as far as I can tell.