If the 'Allowed IP's at your end of the tunnel, allows all traffice for the user e.g. 0.0.0.0/0, or various settings that achieve the same thing with a higher priority, then you might want to experiment with your Allowed IP's setting.

0.0.0.0/0, or similar, essentially allows your router to accept anything that arrives at your router, and one of the behaviors exhibited is exactly what you describe.

If this is the case, then try changing the Allowed IP's to be only the User's IP's you want to give access to your end of the tunnel.

Thank You for reply

If i understood correctly i change AllowedIPs from 0.0.0.0/0 to this user ip, unfortunately after that change user could not reconnect.

Maybe I misunderstood.

  @peter223 

In the example above the relevant lines of WireGuard configuration at the 'Data Centre' end of the tunnel (this is you) could read, depending on your use case ....

[interface]

Address = 192.168.60.19

[Peer]

AllowedIPs = 192.168.60.55 / 32 and 192.168.0.20 / 32

In addition, it's not clear why you have a DNS entry in your config; it's probably down to your particlar use case. If the above example (or similar) doesn't work, then try removing the DNS entry.