Hi @jcusimano I have created a lab according information that you have shared:
Here is all configuration. I have checked both clients and server working without any problem
-------------- The Keys -----------------------------
privkey default
EAIljv6wUPTfrgG1Gwon8a+GIzqZuRRmve2kgVJIFEM=
pubkey default
nOp1gE2ZtJQbvl1a2YsGQbQfqfhojjLsNls8ZVczzhY=
=============================================
privkey IIT
ELqtft2PAuoPN+CbkOV0etfUvhpzEgh5ncYMeYLZt3Y=
pubkey IIT
p+lPs+DZMgtkh6PrOLXb8sidkWmXR5u2XNMAEHp2lRc=
=============================================
privkey tab
AEo0N9QclevtVfl+jVrd5mhRlJ5d4uG8yWqrqUBrNmw=
pubkey tab
qtC90rW0tyd8yq5IdG9YWIrQS5faF/fhTOPJW6f8LhI=
----------------- Server Configuration -------------------------
set firewall name wan-local rule 60 action ‘accept’
set firewall name wan-local rule 60 description ‘allow wireguard’
set firewall name wan-local rule 60 destination port ‘51820’
set firewall name wan-local rule 60 protocol ‘udp’
set interfaces ethernet eth0 address ‘64.131.109.245/24’
set interfaces ethernet eth0 description ‘WAN’
set interfaces ethernet eth0 firewall local name ‘wan-local’
set interfaces ethernet eth1 address ‘10.15.99.1/24’
set interfaces ethernet eth1 description ‘LAN’
set interfaces wireguard wg0 address ‘10.1.99.3/24’
set interfaces wireguard wg0 description ‘Test’
set interfaces wireguard wg0 port ‘51820’
set interfaces wireguard wg0 peer IIT allowed-ips ‘10.1.99.4/32’
set interfaces wireguard wg0 peer IIT persistent-keepalive ‘15’
set interfaces wireguard wg0 peer IIT pubkey ‘p+lPs+DZMgtkh6PrOLXb8sidkWmXR5u2XNMAEHp2lRc=’
set interfaces wireguard wg0 peer tab allowed-ips ‘10.1.99.5/32’
set interfaces wireguard wg0 peer tab persistent-keepalive ‘15’
set interfaces wireguard wg0 peer tab pubkey ‘qtC90rW0tyd8yq5IdG9YWIrQS5faF/fhTOPJW6f8LhI=’
set nat source rule 17 outbound-interface ‘eth0’
set nat source rule 17 source address ‘10.15.99.0/24’
set nat source rule 17 translation address ‘masquerade’
set protocols static interface-route 10.1.99.0/24 next-hop-interface wg0
----------------------- Client IIT configuration -----------------------
[Interface]
Address = 10.1.99.4/32
DNS = 10.1.40.250
PrivateKey = ELqtft2PAuoPN+CbkOV0etfUvhpzEgh5ncYMeYLZt3Y=
[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = 64.131.109.245:51820
PersistentKeepalive = 25
PublicKey = nOp1gE2ZtJQbvl1a2YsGQbQfqfhojjLsNls8ZVczzhY=
--------------------------------- Client Tab configuration ------------------------
[Interface]
Address = 10.1.99.5/32
DNS = 10.1.40.250
PrivateKey = AEo0N9QclevtVfl+jVrd5mhRlJ5d4uG8yWqrqUBrNmw=
[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = 64.131.109.245:51820
PersistentKeepalive = 25
PublicKey = nOp1gE2ZtJQbvl1a2YsGQbQfqfhojjLsNls8ZVczzhY=
PS. Subnet mask and interface number can be different in your system.