Wireguard peer is not reachable from public internet

Hello, I am trying to assign a publicly route able ipv4 IP to a Mikrotik router behind NAT.

The Wireguard itself is working.

user@router.example.com# show interfaces wireguard
 wireguard wg10 {
     address XXX.XXX.XXX.5/30
     description VPN-to-failover-BGP
     peer my-peer {
         allowed-ips 0.0.0.0/0
         public-key <REDACTED-PUBLIC-KEY>
     }
     port 13231
     private-key <REDACTED-PRIVATE-KEY>
 }
[edit]
user@router.example.com#

PING from VYOS:

user@router.example.com:\~$ ping XXX.XXX.XXX.6
PING XXX.XXX.XXX.6 (XXX.XXX.XXX.6) 56(84) bytes of data.
64 bytes from XXX.XXX.XXX.6: icmp_seq=1 ttl=64 time=65.8 ms
64 bytes from XXX.XXX.XXX.6: icmp_seq=2 ttl=64 time=66.3 ms
64 bytes from XXX.XXX.XXX.6: icmp_seq=3 ttl=64 time=65.4 ms
^C
— XXX.XXX.XXX.6 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 65.441/65.843/66.261/0.334 ms
user@router.example.com:\~$

Ping From Mikrotik:

[admin@MikroTik] > ping XXX.XXX.XXX.5
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                         
    0 XXX.XXX.XXX.5                              56  64 66ms151us 
    1 XXX.XXX.XXX.5                              56  64 66ms52us  
    2 XXX.XXX.XXX.5                              56  64 65ms775us 
    3 XXX.XXX.XXX.5                              56  64 65ms616us 
    4 XXX.XXX.XXX.5                              56  64 66ms97us  
    sent=5 received=5 packet-loss=0% min-rtt=65ms616us avg-rtt=65ms938us max-rtt=66ms151us 

[admin@MikroTik] > 

Ping from a separate device on internet:

PS C:\Users\user> ping XXX.XXX.XXX.6

Pinging XXX.XXX.XXX.6 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for XXX.XXX.XXX.6:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PS C:\Users\user>

PS C:\Users\user> ping XXX.XXX.XXX.5

Pinging  XXX.XXX.XXX.5 with 32 bytes of data:
Reply from  XXX.XXX.XXX.5: bytes=32 time=33ms TTL=59
Reply from  XXX.XXX.XXX.5: bytes=32 time=35ms TTL=59
Reply from  XXX.XXX.XXX.5: bytes=32 time=35ms TTL=59
Reply from  XXX.XXX.XXX.5: bytes=32 time=37ms TTL=59

Ping statistics for  XXX.XXX.XXX.5:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 33ms, Maximum = 37ms, Average = 35ms
PS C:\Users\user>

Note: XXX.XXX.XXX.5 and XXX.XXX.XXX.6 are public ipv4 addresses, and are not behind NAT.

XXX.XXX.XXX.6 < this is the VPN ip of the Mikrotik device.
and also
XXX.XXX.XXX.5 < is the wireguard Interface IP.

we can ping XXX.XXX.XXX.5 from internet but ping to XXX.XXX.XXX.6 not working from internet.
How to fix?

Do you have a default route on your router?

This seems like a simple routing-table issue.

default route on mikrotik or vyos?

Yes i have Default route in both vyos and mikrotik router.
vyos is getting default route from BGP upstream.
and manually added default route in mikrotik router.

I can share config and logs if you want.
Stuck with this issue for a quite a while now.

Are you sure your wire guard is really working? If you look at the stats for the wireguard tunnel, are you actually getting packets coming in? Can you ping both 5 and 6 from both of your Mikrotik and your vyos?

Yes, I can confirm wireguard is working.

The tunnel is active and packets are going through.
I am trying to do BGP over wireguard tunnel.

You say the .6 address is the mikrotik, but is behind nat? Do you have the mikrotik config available