Help with synology nas wireguard setup

RouterOS Forwarding Protocols
1

Hello

I am behind cgnat and port forwarding is not possible And also a static ip

I have two vps to tunnel traffic from home via vps (want to check which is faster)

On nas to connect

  1. vps 1 wg is
    [Interface]

Private Key = /0CmwhuddTndDMi2QQqQGc=
Address = 10.0.0.11/32

[Peer]
Public Key = key=
AllowedIPs = 10.0.0.1/32
Endpoint = vps1ip:51820
PersistentKeepalive = 25

  1. vps 2 wg is
    [Interface]
    PrivateKey = +XgQrEKD2w=
    Address = 10.0.0.20/32

[Peer]
PublicKey = GHR92uORsZvzbdd8GkSin/=
AllowedIPs = 10.0.0.1/32
Endpoint = vps2ip:51820
PersistentKeepalive = 25

vps 1 has config and iptables as follows [Interface]
PrivateKey = Gadde=
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = 2YaVQ/+k=
AllowedIPs = 10.0.0.11/32

iptables -A FORWARD -p tcp -d 10.0.0.11 --dport 32400 -j ACCEPT
iptables -A FORWARD -p tcp -s 10.0.0.11 --sport 32400 -j ACCEPT

iptables -A PREROUTING -t nat -p tcp -d vps1ip --dport 32400 -j DNAT --to-destination 10.0.0.11:32400
iptables -A POSTROUTING -t nat -p tcp -d 10.0.0.11 --dport 32400 -j SNAT --to-source 10.0.0.1

iptables -t nat -A POSTROUTING -s 10.0.0.11 -o enp3s0 -j MASQUERADE

vps 2 has config and iptables as follows
[Interface]
PrivateKey =/7usbb0objdgeFX20=
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = kry=
AllowedIPs = 10.0.0.20/32

iptables -A FORWARD -p tcp -d 10.0.0.20 --dport 32400 -j ACCEPT
iptables -A FORWARD -p tcp -s 10.0.0.20 --sport 32400 -j ACCEPT

iptables -A PREROUTING -t nat -p tcp -d vps2ip --dport 32400 -j DNAT --to-destination 10.0.0.20:32400
iptables -A POSTROUTING -t nat -p tcp -d 10.0.0.20 --dport 32400 -j SNAT --to-source 10.0.0.1

iptables -t nat -A POSTROUTING -s 10.0.0.20 -o ens160 -j MASQUERADE

Actual nas internal ip is 192.168.1.10

both have net.ipv4.ip_forward = 1
both have ufw disabled

both can ping each other meaning vps1 and nas , vps2 and nas

but plex is not accessible on vps2

And on vps 1 it is only accessible if I put custom url of vps1 public ip in plex settings but remote access shows no access although it runs remotely fine

Any settings which I missed or did wrong

This setup is to ensure only plex routes through the bps and rest services on nas is via isp only

Please guide

2

Sorry wrong forum