Messages

Without a successful handshake it won't work. Make sure you are entering the proper public and private keys in their respective fields in peer and instance.

No solution but I just posted the exact same issue so I'm following this as well!

Did you follow step 4(b) in the guide you linked?

https://docs.opnsense.org/manual/how-tos/wireguard-client.html#step-4-b-create-an-outbound-nat-rule

I don't see an outbound NAT rule in your screenshots.

I am trying to route traffic from a specific vlan on opnsense through a wg tunnel with the endpoint being my vpn provider.

I am following this guide:

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#step-9-configure-routing

and everything is working except I can't get a port forward from my vpn provider to show as open. I created a port forward rule to route all incoming traffic on wireguard_torguard interface destined for wireguard_torguard net with port 21500 to internal ip 192.168.50.2 port 21500.

I ran packet capture and here are the results (I re-arranged them in chronological order instead of interface order):

https://privatebin.net/?aaee79ea38c495be#PiBx5swbLTnCvCavrnHKEVNQ8iRMAEmAoYp4QtW7Syo

From what I can tell, packets are being sent over my wireguard_torguard interface to vlan_50, vlan_50 receives the packets, vlan_50 returns the traffic but it's being sent out of wan interface rather than wireguard_torguard interface.

Basic information:
wireguard tunnel address: 10.13.128.141
vlan_50 subnet: 192.168.50.0/24
Wireguard tunnel shows successful handshake and I can ping/curl from vlan_50 host to external ips and it resolves as vpn ip

Any ideas on why this is happening and how I could resolve? I am new to troubleshooting with opnsense so if there are any logs or additional information I can provide I am happy to do so.

Thanks!