Wireguard Site2Site setup with OpenWrt 23.05

I have a NanoPI R4S - Home and a Blume2 - Farm. R4s is running FriendlyElec OpenWrt 23.05 - Farm is running ImmortalWrt 23.05. Each router has a cable modem with an external IP attached to the the routers. I followed Dev Odyssey Youtube video - Dev Odyssey SIte to site video.

I am getting "Destination not reachable" when i ping 10.20.10.1 and 10.0..10.2 - which are the Farm Ip's. Below are the Home - R10 and Farm - R20 configurations

type or paste code here
```uci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru



R10 Wireguard Public Key sarts with "ER" 


root@R10:~# uci show network && uci show firewall
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.@device[0]=device
network.@device[0].name='eth0'
network.@device[0].macaddr='XXXXXXXX'
network.wan=interface
network.wan.device='eth0'
network.wan.proto='dhcp'
network.wan.peerdns='0'
network.wan.dns='1.1.1.3' '1.0.0.3'
network.wan6=interface
network.wan6.device='eth0'
network.wan6.proto='dhcpv6'
network.@device[1]=device
network.@device[1].name='br-lan'
network.@device[1].type='bridge'
network.@device[1].ports='eth1'
network.@device[2]=device
network.@device[2].name='eth1'
network.@device[2].macaddr='xxxxxxxxxxx'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='10.10.10.1'
network.lan.netmask='255.255.255.0'
network.lan.dns='1.1.1.3' '1.0.0.3'
network.lan.delegate='0'
network.site_home=interface
network.site_home.proto='wireguard'
network.site_home.private_key='xxxxxxxxxxxxxxxxxxx'
network.site_home.listen_port='51820'
network.site_home.addresses='10.0.10.1/32'
network.@wireguard_site_home[0]=wireguard_site_home
network.@wireguard_site_home[0].description='site_farm'
network.@wireguard_site_home[0].public_key='xxxxxxxxxxxxxxxxxxxxxxxx'
network.@wireguard_site_home[0].allowed_ips='10.0.10.0/24' '10.20.10.0/24'
network.@wireguard_site_home[0].route_allowed_ips='1'
network.@wireguard_site_home[0].endpoint_host='xxxxxxxxxxxxxxxx'
network.@wireguard_site_home[0].endpoint_port='51820'
network.@wireguard_site_home[0].persistent_keepalive='25'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='ACCEPT'
firewall.@defaults[0].fullcone='0'
firewall.@defaults[0].synflood_protect='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].fullcone4='1'
firewall.@zone[1].fullcone6='1'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@rule[9]=rule
firewall.@rule[9].name='Reject-IPv6'
firewall.@rule[9].family='ipv6'
firewall.@rule[9].src='wan'
firewall.@rule[9].dest='*'
firewall.@rule[9].target='REJECT'
firewall.@rule[9].enabled='0'
FIREWALL.@ZONE[2]=ZONE
FIREWALL.@ZONE[2].NAME='VPN'
FIREWALL.@ZONE[2].INPUT='ACCEPT'
FIREWALL.@ZONE[2].OUTPUT='ACCEPT'
FIREWALL.@ZONE[2].FORWARD='ACCEPT'
FIREWALL.@ZONE[2].NETWORK='SITE_HOME'
FIREWALL.@FORWARDING[1]=FORWARDING
FIREWALL.@FORWARDING[1].SRC='LAN'
FIREWALL.@FORWARDING[1].DEST='VPN'
FIREWALL.@FORWARDING[2]=FORWARDING
FIREWALL.@FORWARDING[2].SRC='VPN'
FIREWALL.@FORWARDING[2].DEST='WAN'
FIREWALL.@REDIRECT[0]=REDIRECT
FIREWALL.@REDIRECT[0].DEST='VPN'
FIREWALL.@REDIRECT[0].TARGET='DNAT'
FIREWALL.@REDIRECT[0].NAME='WG0'
FIREWALL.@REDIRECT[0].PROTO='UDP'
FIREWALL.@REDIRECT[0].SRC='WAN'
FIREWALL.@REDIRECT[0].SRC_DPORT='51820'
FIREWALL.@REDIRECT[0].DEST_IP='10.0.10.1/32'
FIREWALL.@REDIRECT[0].DEST_PORT='51820'
firewall.@redirect[1]=redirect
firewall.@redirect[1].dest='lan'
firewall.@redirect[1].target='DNAT'
firewall.@redirect[1].name='npm-80'
firewall.@redirect[1].src='wan'
firewall.@redirect[1].src_dport='80'
firewall.@redirect[1].dest_ip='10.10.10.2'
firewall.@redirect[1].dest_port='80'
firewall.@redirect[2]=redirect
firewall.@redirect[2].dest='lan'
firewall.@redirect[2].target='DNAT'
firewall.@redirect[2].name='npm-443'
firewall.@redirect[2].src='wan'
firewall.@redirect[2].src_dport='443'
firewall.@redirect[2].dest_ip='10.10.10.2'
firewall.@redirect[2].dest_port='443'
firewall.@redirect[3]=redirect
firewall.@redirect[3].dest='lan'
firewall.@redirect[3].target='DNAT'
firewall.@redirect[3].name='wge-pi48'
firewall.@redirect[3].family='ipv4'
firewall.@redirect[3].proto='udp'
firewall.@redirect[3].src='wan'
firewall.@redirect[3].src_dport='51930'
firewall.@redirect[3].dest_ip='10.10.10.2'
firewall.@redirect[3].dest_port='51930'
root@R10:~# 

root@R10:~# root@R20:~# ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    inet 150.252.165.134/24 brd 150.252.165.255 scope global eth0
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 10.20.10.1/24 brd 10.20.10.255 scope global br-lan
       valid_lft forever preferred_lft forever
8: site_farm: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN qlen 1000
    inet 10.0.10.2/32 brd 255.255.255.255 scope global site_farm
       valid_lft forever preferred_lft forever
default via 150.252.165.1 dev eth0  src 150.252.165.134 
10.0.10.0/24 dev site_farm scope link 
10.10.10.0/24 dev site_farm scope link 
10.20.10.0/24 dev br-lan scope link  src 10.20.10.1 
150.252.165.0/24 dev eth0 scope link  src 150.252.165.134 
174.106.117.177 via 150.252.165.1 dev eth0 
local 10.0.10.2 dev site_farm table local scope host  src 10.0.10.2 
local 10.20.10.1 dev br-lan table local scope host  src 10.20.10.1 
broadcast 10.20.10.255 dev br-lan table local scope link  src 10.20.10.1 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
local 150.252.165.134 dev eth0 table local scope host  src 150.252.165.134 
broadcast 150.252.165.255 dev eth0 table local scope link  src 150.252.165.134 
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default 

root@R10:~# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].cachesize='1000'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].ednspacket_max='1232'
dhcp.@dnsmasq[0].filter_aaaa='0'
dhcp.@dnsmasq[0].filter_a='0'
dhcp.@dnsmasq[0].confdir='/tmp/dnsmasq.d'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='101'
dhcp.lan.limit='48'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv4='server'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'

root@R10:~# 

WireGuard Status
Instance "site_home"

 site_home · Port 51820 · ERrfpO25BTV8tRJ9R20papEcXwBqIwm6Vqv5NyZhQ2o=
Peer	Endpoint	Data Received	Data Transmitted	Latest Handshake

site_farm
54ayV…ShLzg=
	150.252.165.134:51820	2.64 MiB	1.27 MiB	Tue, 03 Jun 2025 19:24:54 GMT (1m ago)
	
	
site_home
Type: Ethernet Adapter
Device: site_home
Connected: yes
RX: 2.78 MB (10659 Pkts.)
TX: 1.33 MB (7796 Pkts.)
site_home
	
Protocol: WireGuard VPN
Uptime: 2h 45m 38s
RX: 2.78 MB (10659 Pkts.)
TX: 1.33 MB (7796 Pkts.)
IPv4: 10.0.10.1/32

C:\Users\rwe>ipconfig

Windows IP Configuration


Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   Link-local IPv6 Address . . . . . : fe80::3463:b3c6:a165:d807%17
   IPv4 Address. . . . . . . . . . . : 10.10.10.107
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.10.1


C:\Users\rwe>ping 10.20.10.1

Pinging 10.20.10.1 with 32 bytes of data:
Reply from 10.20.10.1: Destination port unreachable.
Reply from 10.20.10.1: Destination port unreachable.
Reply from 10.20.10.1: Destination port unreachable.
Reply from 10.20.10.1: Destination port unreachable.

Ping statistics for 10.20.10.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\Users\rwe>ping 10.0.10.2

Pinging 10.0.10.2 with 32 bytes of data:
Reply from 10.0.10.2: Destination port unreachable.
Reply from 10.0.10.2: Destination port unreachable.
Reply from 10.0.10.2: Destination port unreachable.
Reply from 10.0.10.2: Destination port unreachable.

Ping statistics for 10.0.10.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\Users\rwe>`
`Preformatted text``
ci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru


R20 Wireguard public key starts with "54"

root@R20:~# uci show network && uci show firewall
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='xxxxxxxxxxx'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='eth1'
network.@device[1]=device
network.@device[1].name='eth1'
network.@device[1].macaddr='xxxxxxxxxxxxxxxxx'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='10.20.10.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.dns='1.1.1.3' '1.0.0.3'
network.@device[2]=device
network.@device[2].name='eth0'
network.@device[2].macaddr='xxxxxxxxxxxxxxx'
network.wan=interface
network.wan.device='eth0'
network.wan.proto='dhcp'
network.wan.peerdns='0'
network.wan.dns='1.1.1.3' '1.0.0.3'
network.wan.force_link='1'
network.wan6=interface
network.wan6.device='eth0'
network.wan6.proto='dhcpv6'
network.site_farm=interface
network.site_farm.proto='wireguard'
network.site_farm.private_key='xxxxxxxxxxxxxxxxxxxxxxxxxxxx'
network.site_farm.listen_port='51820'
network.site_farm.addresses='10.0.10.2/32'
network.@wireguard_site_farm[0]=wireguard_site_farm
network.@wireguard_site_farm[0].description='site_home'
network.@wireguard_site_farm[0].public_key='xxxxxxxxxxxxxxxxxxxxxxxxxxx'
network.@wireguard_site_farm[0].allowed_ips='10.0.10.0/24' '10.10.10.0/24'
network.@wireguard_site_farm[0].route_allowed_ips='1'
network.@wireguard_site_farm[0].endpoint_host='xxxxxxxxxxxxxxxxxxxxxx'
network.@wireguard_site_farm[0].endpoint_port='51820'
network.@wireguard_site_farm[0].persistent_keepalive='25'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='REJECT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].flow_offloading='1'
firewall.@defaults[0].flow_offloading_hw='1'
firewall.@defaults[0].fullcone='1'
firewall.@defaults[0].synflood_protect='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@redirect[0]=redirect
firewall.@redirect[0].dest='lan'
firewall.@redirect[0].target='DNAT'
firewall.@redirect[0].name='pivpn-pi44'
firewall.@redirect[0].proto='udp'
firewall.@redirect[0].src='wan'
firewall.@redirect[0].src_dport='51830'
firewall.@redirect[0].dest_ip='10.20.10.2'
firewall.@redirect[0].dest_port='51830'

FIREWALL.@ZONE[2]=ZONE
FIREWALL.@ZONE[2].NAME='VPN'
FIREWALL.@ZONE[2].INPUT='REJECT'
FIREWALL.@ZONE[2].OUTPUT='ACCEPT'
FIREWALL.@ZONE[2].FORWARD='REJECT'
FIREWALL.@ZONE[2].NETWORK='SITE_FARM'
FIREWALL.@FORWARDING[1]=FORWARDING
FIREWALL.@FORWARDING[1].SRC='LAN'
FIREWALL.@FORWARDING[1].DEST='VPN'
FIREWALL.@FORWARDING[2]=FORWARDING
FIREWALL.@FORWARDING[2].SRC='VPN'
FIREWALL.@FORWARDING[2].DEST='WAN'
FIREWALL.@REDIRECT[1]=REDIRECT
FIREWALL.@REDIRECT[1].DEST='VPN'
FIREWALL.@REDIRECT[1].TARGET='DNAT'
FIREWALL.@REDIRECT[1].NAME='WG0'
FIREWALL.@REDIRECT[1].PROTO='UDP'
FIREWALL.@REDIRECT[1].SRC='WAN'
FIREWALL.@REDIRECT[1].SRC_DPORT='51820'
FIREWALL.@REDIRECT[1].DEST_IP='10.0.10.2/32'
FIREWALL.@REDIRECT[1].DEST_PORT='51820'

root@R20:~# 

root@R20:~# ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    inet 150.252.165.134/24 brd 150.252.165.255 scope global eth0
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 10.20.10.1/24 brd 10.20.10.255 scope global br-lan
       valid_lft forever preferred_lft forever
8: site_farm: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN qlen 1000
    inet 10.0.10.2/32 brd 255.255.255.255 scope global site_farm
       valid_lft forever preferred_lft forever
default via 150.252.165.1 dev eth0  src 150.252.165.134 
10.0.10.0/24 dev site_farm scope link 
10.10.10.0/24 dev site_farm scope link 
10.20.10.0/24 dev br-lan scope link  src 10.20.10.1 
150.252.165.0/24 dev eth0 scope link  src 150.252.165.134 
174.106.117.177 via 150.252.165.1 dev eth0 
local 10.0.10.2 dev site_farm table local scope host  src 10.0.10.2 
local 10.20.10.1 dev br-lan table local scope host  src 10.20.10.1 
broadcast 10.20.10.255 dev br-lan table local scope link  src 10.20.10.1 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
local 150.252.165.134 dev eth0 table local scope host  src 150.252.165.134 
broadcast 150.252.165.255 dev eth0 table local scope link  src 150.252.165.134 
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default 

root@R20:~# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].min_cache_ttl='3600'
dhcp.@dnsmasq[0].use_stale_cache='3600'
dhcp.@dnsmasq[0].cachesize='8000'
dhcp.@dnsmasq[0].nonegcache='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].dns_redirect='1'
dhcp.@dnsmasq[0].ednspacket_max='1232'
dhcp.@dnsmasq[0].filter_aaaa='0'
dhcp.@dnsmasq[0].filter_a='0'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='101'
dhcp.lan.limit='48'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv4='server'
dhcp.lan.ra='server'
dhcp.lan.ra_flags='other-config'
dhcp.lan.max_preferred_lifetime='2700'
dhcp.lan.max_valid_lifetime='5400'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'

root@R20:~# 

WireGuard Status
Instance "site_farm"

 site_farm · Port 51820 · 54ayVTPtXZ4tTee25GAVjaCQ9TkVdCoCUi/35GShLzg=
Peer	Endpoint	Data Received	Data Transmitted	Latest Handshake

site_home
ERrfp…ZhQ2o=
	174.106.117.177:51820	1.38 MiB	2.69 MiB	Tue, 03 Jun 2025 19:24:54 GMT (34s ago)
	
	
site_farm
Type: Ethernet Adapter
Device: site_farm
Connected: yes
RX: 1.48 MB (8391 Pkts.)
TX: 3.11 MB (11317 Pkts.)
site_farm
	
Protocol: WireGuard VPN
Uptime: 2h 49m 8s
RX: 1.48 MB (8391 Pkts.)
TX: 3.11 MB (11317 Pkts.)
IPv4: 10.0.10.2/32
	
	
	```
type or paste code here

Apologies is this is not frmatted properply (my first post)

I would appreciate eyes on this.. Thank you

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

Which OS are you speaking of? The Nanopi R4S is from the OpenWrt download. are you referring to the Immortal os?