Hello,
I had set up a functional wireguard config in a "road warrior" scenario. It no longer works after the required reboot of today's update to 18.7.9. it looks like the handshake is successful but I can't ping anything or resolve DNS.
Quoteinterface: wg0
  public key: hCHSYE6ljF608lc58piqyhxdfRFl5Ydd2p0Umj1vHk4=
  private key: (hidden)
  listening port: 51820
peer: 6gmHy2Vg5BB6u6iUw3LAlPA7YNT8g0Ub2zPbyk5MUDc=
  endpoint: 174.192.0.178:8088
  allowed ips: 192.168.2.2/32
  latest handshake: 11 minutes, 39 seconds ago
  transfer: 4.64 KiB received, 96 B sent
peer: u5EqdHj1Ifdlbx5/PihyegJGuYA5R988yO/H/t0IEwA=
  allowed ips: 192.168.2.3/32
ifconfig:
Quotevtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1492
options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
ether 3e:b3:55:3d:41:28
hwaddr 3e:b3:55:3d:41:28
inet6 fe80::3cb3:55ff:fe3d:4128%vtnet0 prefixlen 64 scopeid 0x1 
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
ether ea:34:e0:7a:43:84
hwaddr ea:34:e0:7a:43:84
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 
inet6 fe80::e834:e0ff:fe7a:4384%vtnet1 prefixlen 64 scopeid 0x2 
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
enc0: flags=0<> metric 0 mtu 1536
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: enc 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128 
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
inet 127.0.0.1 netmask 0xff000000 
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo 
pflog0: flags=100<PROMISC> metric 0 mtu 33160
groups: pflog 
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync 
syncpeer: 0.0.0.0 maxupd: 128 defer: off
ovpnc1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun openvpn 
pppoe1: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1484
inet6 fe80::86d:e850:f8da:454e%pppoe1 prefixlen 64 scopeid 0x8 
inet 71.181.122.57 --> 10.10.10.10  netmask 0xffffffff 
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ztanv9hnl3qfnl8: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 5000 mtu 2800
options=80000<LINKSTATE>
ether aa:62:f1:6c:f7:d7
hwaddr 00:bd:4d:d9:f7:09
inet6 fe80::2bd:4dff:fed9:f709%ztanv9hnl3qfnl8 prefixlen 64 scopeid 0x9 
inet 192.168.191.1 netmask 0xffffff00 broadcast 192.168.191.255 
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
groups: tap 
Opened by PID 84763
wg0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1420
options=80000<LINKSTATE>
inet 192.168.2.1 --> 192.168.2.1  netmask 0xffffff00 
inet6 fe80::86d:e850:f8da:454e%wg0 prefixlen 64 scopeid 0xa 
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun 
Opened by PID 9  
			
				Can you add via CLI:
ifconfig wg0 group wireguard
			
			
			
				Ran that command but still no traffic, only the successful handshake.
Edit: Actually looks like no handshake now.
			
			
			
				opnsense-revert -r 18.7.8 os-wireguard-devel
Then reboot ..
			
			
			
				That worked, thanks!
			
			
			
				We'll try to address this tomorrow in a hotfix.