I tried that DNS loopup. It’s showing 2 IP addresses, I’ll call them ‘A’ and ‘B’, for every country except Canada (where I am), which is showing a different one, ‘C’.
None of them are my actual IP as shown by my router and by whatsmyip, which is IP address ‘D’.
(I don’t use IPv6 and have it disabled wherever possible. My ISP is still going through the multi-year investigation phase in that area so it’s extremely challenging to try to get it working.)
When I use ‘D’ in my wireguard, it works fine. Using A or B doesn’t. (I assume C is cloudflare’s locally optimized address or something).
A and B (and probably C) are of course cloudflare trapping (routing?) and keeping my IP safe, which is fine and understood. I just thought that if my A record was a grey cloud and not proxied, it would pass everything through transparently.
I’ve gone ahead and added a new ‘A’ record for ‘wireguard.blah.com’ using my direct IP address, and it works now. I find that confusing though because the IP address I used for it is the same one shown for the only other ‘A’ record, namely my ‘blah.com’ domain. And they’re both not proxied (“DNS only”). So they look identical but act differently. I’ll put that down to my lack of understanding on things.
At any rate, it works now. I just now have to install a script on my server to keep the IP address current as I’m not on a home ‘business’ plan and it changes occasionally.
Thanks for the help!