@rplant, It also better to win a big lottery, but not always possible.
So if you are able to modify the wireguard client as I noted in a post above...........then you will still need to modify the MT config.
You need to allow wg traffic to the server and return traffic back to the client.
You also need traffic from the server to the printer .......
1. Dont need to add netmask on dhpc server-network. Remove it. ( it could be added by default but I dont think so )
2. Remove static default DNS setting;
/ip dns static
add address=192.168.29.1 comment=defconf name=router.lan
3. Remove old default firewall rule
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
and replace with the following:
add chain=forward action=accept comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add chain=forward action=accept comment="WPC to server" in-interface=wg_gt dst-address=192.168.29.0/24
add chain=forward action=accept comment="Server to printer" src-address=192.168.29.0/24 out-interface=wg-gt
add chain=forward action=accept comment="port forwarding" connection-nat-state=dstnat disabled=yes { enable if required or remove }
add chain=forward action=drop comment="drop all else"
Now for the routes....... But that triggers a review of the allowed IP..
MISSING is the subnet that the Windows PCs/Printer are on!!
The allowed IPs may not require it in terms of that the traffic being sent by the PC may only come from its wireguard IP address as source, BUT,
the routes will still need it for return traffic or at the minimum traffic to the printer, and so will allowed IPs...........
however you have a boatload of routes for wireguard already that make no sense to me.
Can you confirm that the printer and the windows PC are on the same subnet and if so WHICH subnet!!
In other words, clean up the mess of routes you have, remove all wg_gt routes except the following:
/ip route
add comment=MISP distance=2 dst-address=0.0.0.0/0 gateway=\
97.107.55.129 pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
add comment="Wireguard & Printer" dst-address=SUBNET gateway=wg_gt routing table=main
Where SUBNET is the subnet that the windows PC and printer are located.
AND MODIFY
/interface wireguard peers
add allowed-address=10.255.255.4/32,
SUBNET comment="GT Mobile" interface=\
wg_gt public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"