I've been running wireguard with systemd in Debian for some time 
now.

On 2020-04-16 木 18:23, Hans Kraus <hans@hanswkraus.com> wrote:
> /etc/systemd/network/wg0.netdev
> ---------------------------------------------
> [NetDev]
> Name=wg0
> Kind=wireguard
> Description=Wireguard kraush
>
> [WireGuard]
> PrivateKey=<private key server>
> ListenPort=#####
>
> [WireGuardPeer]
> PublicKey=<public key client>
> AllowedIPs=<free range>.0/24
> ---------------------------------------------

The only thing I can think of here is that your AllowedIPs ends 
with a
zero - on the server you have to specify the exact IP 
address. It's on
the client side where you let the AllowedIPs be a wildcard.

Examples:

server-side:
---
[WireGuardPeer]
# Client1 address
AllowedIPs=192.168.2.5

[WireGuardPeer]
# Client2 address
AllowedIPs=192.168.2.6
---


client-side:
---
[WireGuardPeer]
# Entire wireguard range
AllowedIPs=192.168.2.0/24
---

> /etc/systemd/network/wg0.network
> ---------------------------------------------
> [Match]
> Name=wg0
>
> [Network]
> Address=<free range>.1/24
> ---------------------------------------------

You might want to consider adding

 IPForward=yes

for the server's .network file, and

 FwMark=1234

to client's .netdev file, to be sure you can do proper road 
warrioring
down the line.

I'm also a bit paranoid and have added the following to my client
.network files:

client.network:
---
[Route]
Address=192.168.2.0/24
---


Hopefully the peer address fix solves your issues.

--
Jonas Kalderstam
PGP key: 987C54AB0D4451ED