wireguard VPN linux client failed to connect when AllowedIPs = 0.0.0.0/0

Question

I set up a wireguard server and while I use a linux client to connect to it, all internet connection failed, I can't even ping VPN gateway IP.

Below is my setup and client's symptom:

• Server: CentOS/Ubuntu
• Client machine: Ubuntu
• config file: wg-client.conf, which sets AllowedIP=0.0.0.0/0

All connections on client are lost

ping 10.2.0.1       ## (this is vpn gateway IP) not work
ping something.com  ## not work

Below are some related info shown on my client machine.

$ ip route show
default via 192.168.2.1 dev enp3s0
10.2.0.0/24 dev wg-client proto kernel scope link src 10.2.0.2

$ ip rule show
0:  from all lookup local
32764:  from all lookup main suppress_prefixlength 0
32765:  not from all fwmark 0xca6c lookup 51820
32766:  from all lookup main
32767:  from all lookup default

Here is what wg status when my client connect to server

On client:

sudo wg
'interface: wg-client
  public key: ...
  private key: (hidden)
  listening port: 58434
  fwmark: 0xca6c

peer: ...
  endpoint: <server-ip>:51828
  allowed ips: 0.0.0.0/0
  latest handshake: 11 seconds ago
  transfer: 92 B received, 9.50 KiB sent
  persistent keepalive: every 25 seconds

On Server:

sudo wg
interface: wg0
  public key: ...
  private key: (hidden)
  listening port: 51828

peer: ...
  endpoint: <client-ip>:1920
  allowed ips: 10.2.0.2/32
  latest handshake: 6 minutes, 45 seconds ago
  transfer: 180 B received, 92 B sent

As shown, the connection is built successfully, but I can not ping anything, including gateway 10.2.0.1. When I bring down wg on client, the connection resumed.

Other info that may help someone to help identify my problem

• tcpdump -i wg-client icmp does not capture any packets.
• ifconfig wg-client shows that all my packets are dropped (why?)
• When I set AllowedIP = 10.2.0.2/24, the connection looks normal, and I can ping VPN gateway now, nslookup google.com 10.2.0.1 also works, but my internet access does not go through VPN tunnel.
• I tried connected from Windows client and macOS client, both works successfully. Only failed on linux client(ubuntu)
• I can assure my firewall does not block my requests, and I can't capture any packet on server.

Do I miss anything in the setup? This buggs me for several days, I really need some help, Thank you.

Also, I have examine detail in this article and still cannot fix my problem.