Investigate VPN routing issues
As a client on the wireguard VPN, I can't route packets to any internal hosts except the gateway and hypervisor the gateway is on. From my laptop:
$ nmap 172.16.33.0/24
Starting Nmap 7.40 ( https://nmap.org ) at 2019-03-09 13:15 PST
Nmap scan report for 172.16.33.193
Host is up (0.049s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
Nmap scan report for 172.16.33.238
Host is up (0.037s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (2 hosts up) scanned in 32.62 seconds
Other VMs on the 172.17.0.0/24
subnet (fruit private network) are also inaccessible via the VPN.