OPNsense 25.7 at two sites. One on a physical box, other a VM on Proxmox. Wireguard setup connects - both instances and peers show green connection. Have a firewall rule setup to allow all inbound on the wg interface (for both ANY protocol and ICMP). Firewall log shows traffic coming in through the tunnel, but it gets blocked by the automatic "default deny / state violation rule" so it never reaches the designated internal subnet. I have the firewall set to "conservative" already. This is happening in both directions. So, seems like the WAN rules are OK, and the Instance and Peer settings are working, but something is affecting the state. IPSEC (legacy) had been working well, but trying to get Wireguard working before IPSEC legacy gets removed. I can supply more info or pictures if helpful.