"
I upgraded to 25.1 last night and did also notice issues with accessing my wireguard server in OPNsense. After a few hours of digging around, checking logs, firewall rules and various other settings, I found that a setting in Firewall normalization for my "WireGuard (Group)" was misconfigured and not allowing any peer's handshake to go through.
What fixed it for me was:
Firewall -> Settings -> Normalization -> "WireGuard (Group)" [or what ever your instance name is] -> Edit.
Direction was set to in, and needed to be set to "Any" according to the documentation.
Immediately after I changed this one setting, all of my WireGuard clients were able to connect again. I have no idea if this was a bug in the update (I'm not able to compare old configuration yet), or was just working in the old version out of sheer luck and broke when updated.
Anyway, I hope this helps someone else with this issue.
What fixed it for me was:
Firewall -> Settings -> Normalization -> "WireGuard (Group)" [or what ever your instance name is] -> Edit.
Direction was set to in, and needed to be set to "Any" according to the documentation.
Immediately after I changed this one setting, all of my WireGuard clients were able to connect again. I have no idea if this was a bug in the update (I'm not able to compare old configuration yet), or was just working in the old version out of sheer luck and broke when updated.
Anyway, I hope this helps someone else with this issue.
