"
It does appear that this Normalization setting (on both 25.1 and 25.1.1) is getting corrupted following the upgrade from 24.x. I was able to get LAN traffic but not WAN following the upgrade with our Wireguard VPN setup. Re-applying this setting (mine still said "any") resolved the issue.
Thanks for the find GrantasarusRex!
Thanks for the find GrantasarusRex!
Quote from: GrantasarusRex on February 10, 2025, 04:52:13 PMI upgraded to 25.1 last night and did also notice issues with accessing my wireguard server in OPNsense. After a few hours of digging around, checking logs, firewall rules and various other settings, I found that a setting in Firewall normalization for my "WireGuard (Group)" was misconfigured and not allowing any peer's handshake to go through.
What fixed it for me was:
Firewall -> Settings -> Normalization -> "WireGuard (Group)" [or what ever your instance name is] -> Edit.
Direction was set to in, and needed to be set to "Any" according to the documentation.
Immediately after I changed this one setting, all of my WireGuard clients were able to connect again. I have no idea if this was a bug in the update (I'm not able to compare old configuration yet), or was just working in the old version out of sheer luck and broke when updated.
Anyway, I hope this helps someone else with this issue.
