Wireguard access to Talos

[lewandowskim1988]

Goal

I would like to access my cluster remotely.

Current configuration

My current topology looks like following

I have existing wireguard server running in cloud with public IP. I am able to run traffic via it from my laptop without any problem (split or full).
I generated additional wireguard for my Talos controlplane and worker node and injected it like:

machine:
  network:
    hostname: ${hostname}
    interfaces:
      - interface: wg0
        addresses:
          - 10.10.10.4/32
        wireguard:
          privateKey: +A+...
          peers:
            - allowedIPs:
                - 192.168.10.0/24
                - 10.10.10.0/24
              endpoint: vpn...:51820   # Pointing to cloud server
              publicKey: E4K...
              persistentKeepaliveInterval: 25s

both on cp and worker with different private key and addresses.

What is working

Configuration is apply without any complains.
I see new interface (wg0) when run talosctl get addresses --nodes 192...
I see new wireguard IP added along with local network IP.
I see controlplane and worker node on my wireguard server when I run wg show

What is not working

I am not able to access my k8s cluster remotely from my laptop or wireguard machine.
When running ping 10.10.10.4 I get just packets loss.

What I need to add/fix to make it work?

[smira]

You need probably to have addresses set to 10.10.10.4/24 or to add specific routes. Right now your Wireguard interface can't return packets.

The Wireguard routing in peers is independent of Linux packet routing.

[lewandowskim1988]

No luck but thanks for help.