I could not get opnsense to act as my wireguard vpn host/server by following the official docs.
At some point I was just trying anything I could think of, and it's possible that I had not restarted the service after changing something else. But, the last thing I changed that made it work was to specifically add the port for the endpoint.
https://docs.opnsense.org/manual/how-tos/wireguard-client.html says, about configuring the endpoint(s):
Endpoint Port (empty) Not required for inbound connections - dynamic
I put the default port (51820) I was using in there and it started working. Before that I could get the connection to come up from a remote endpoint but no traffic would pass.
Again, perhaps I'm wrong and it was something else I initially set wrong then fixed and had not restarted the service yet.
An endpoint port is definitely not required if the endpoint initiates the connection. If this didn't work, the reason most likely was something else.
Cheers
Maurice
100% agree with Maurice's comment. I have multiple road warrior endpoints set up, all working without a port specified in the OPNsense endpoint config