For your first question: I went to www.portchecktool.com and found that the connection is being refused. So I think this is the issue. I will have to dig in a bit more, but I do believe the answer to your 2nd and 3rd question are - yes.
Wanted to help you potentially avoid a wild goose chase—port checking tools won’t detect a wireguard port as open…it’s specifically designed to not advertise its presence for security purposes. Bad handshake requests are ignored, making it look like a firewall DROP rule.
Oh wow. That is a good tip. Because that could drive someone like me insane. (Un)fortunately— I know there’s an issue. Any traffic I pass through my wg vpn ends up nowhere. So I know the tragic is being redirected, but I can’t tell where or why it doesn’t make it inside my home network.
Either way, I got Tailscale to work right out the rip, so I’m just rocking that until I have more time to tinker with WG.