That is the whole point here:
1. The best / most secure way to do it is to create a client configuration on the client itself. You need the server ip, port, public key and optionally, the shared secret for that. Then you would have to import the client's public key into the server and use that as the key (not the other way around). If you do that, the peer generator does not help, either way.
2. If you trust OpnSense to create a private key, you can use the peer generator and import the generated secrets - including the private key - into your client. That works best with the QR code, which you can directly scan from the screen if your device supports it. You can also copy & paste the text and transfer it some other way to your client. However, since you probably lack a secure way to do that, it is debatable if you should. If there was a way to download the config directly, many people would not notice what security problem they are about to create just now.
3. Lastly, if you want to use the peer generator regardless - do not complain that you cannot export the client configuration after the fact. Actually, it is a sign of security that the client's private key is not stored on the server. Also, if you need to export the peer config later on, you can always delete that peer configuration and create a new config with a new key instead - it will work just as well and nobody has the old key, anyway - this being the very reason why you need that config again.
1. The best / most secure way to do it is to create a client configuration on the client itself. You need the server ip, port, public key and optionally, the shared secret for that. Then you would have to import the client's public key into the server and use that as the key (not the other way around). If you do that, the peer generator does not help, either way.
2. If you trust OpnSense to create a private key, you can use the peer generator and import the generated secrets - including the private key - into your client. That works best with the QR code, which you can directly scan from the screen if your device supports it. You can also copy & paste the text and transfer it some other way to your client. However, since you probably lack a secure way to do that, it is debatable if you should. If there was a way to download the config directly, many people would not notice what security problem they are about to create just now.
3. Lastly, if you want to use the peer generator regardless - do not complain that you cannot export the client configuration after the fact. Actually, it is a sign of security that the client's private key is not stored on the server. Also, if you need to export the peer config later on, you can always delete that peer configuration and create a new config with a new key instead - it will work just as well and nobody has the old key, anyway - this being the very reason why you need that config again.
"