Aww snap. I tried to get this right but you did catch my typo.
Thank you for pointing out the 0.0.0.0/0. I was aware that it was a catch all and to get the tunnel running it worked, but I am grateful for the expert advice.
Q: if I limit the Allowed IPs in the cell phones WG config to 192.168.0.0/24 would I still be able to use the speedtest.net app on the cell phone to test tunnel speed ?
The peer is issued the 10.0.0.2 and BlueIris (BI) sees this connection but refuses to authenticate because it is not on the LAN. BI logs do reflect that, and I suppose it is true since it is a different subnet. There is a work-around on BI in the user account settings so I can live with this.
I guess I have been spoiled by the simplicity of a PPTP configuration. My thinking was that I should be able to either:
A - use a setup like for PPTP where the client and server are just reserved IPs on the subnet you want to access
or
B - use NAT to convert 10.0.0.2 into 192.168.0.252 or similar
In this way the client would always be on the desired subnet.
