Sorry for the delayed follow up - I didn’t see a notification you’d responded. So I made those changes you mentioned and that’s where I am now and it hasn’t fixed it. I can confirm that from my cell phone I can ping 10.30.42.1 and wg shows the handshake. I still can’t get to anything beyond the VPN server, though. I’d been given advice to remove the iptables postrouting MASQUERADE lines or static routes so I’d think it was a problem with the responses, but I don’t see any requests from the VPN server at 192.168.120.71 or the VPN 10.x range to the firewall,…
UPDATE - Yep, it was as I suspected. I went back in and put the iptables lines back in and it’s working. I did, FWIW, use the lines from another site but they look pretty similar except yours uses %i instead of the wireguard interface name. I’m not sure if that’s contributing to the issue, but that means this is what I used instead:
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Actually, I believe the other guide also included installing wireguard-tools, and also a package, something like resolvconf, that may have been the key as well. Sorry I don’t have that definitively, but I am so glad it works. Thanks for the help!