Messages

Several things (making some assumptions about tunnel IPs based on what you have currently):

- Gateway config - IP address should be 10.5.0.1. Remove the monitor IP for the time being (once the tunnel is working you can run a traceroute to figure out what the VPN tunnel IP is at the VPN provider's end, unless you already know that)

- OPNsense local config - Tunnel address should be 10.5.0.2/32 - I am assuming this is what your VPN provider has said should be set as the tunnel IP at your end

- OPNsense endpoint config - Allowed IPs should just be 0.0.0.0/0

Neither.

It's the local IPs of the particular machines/VMs etc that you want to use the tunnel.

Eg you have a PC on 192.168.1.10 in your network. Include that.

Or you have an entire VLAN subnet like 10.0.1.10/24 that you want anything on that subnet to use the tunnel. Include that.

You're missing some of the most important info - your WG configs and the gateway, for example.

Can I suggest that you show what you have set up for each step of the wiki how-to?

I'd guess remove the duplicate from config.xml

It would probably be more productive for you to post screenshots of all your configs (masking private keys), as your situation will be different to others.

Sounds like you want to implement selective routing: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

You can do it without a VPS, but you still need another endpoint with a different public IP to tunnel through. That's what commercial VPN providers like Mullvad are commonly used for, if you don't want to roll your own solution with a VPS

Hopefully you didn't do everything exactly the same, as you will have conflicting subnets, ports, keys etc. xD Post configs?

Those rules are not new to the update and won't be causing your issues

This may help you: https://forum.opnsense.org/index.php?topic=18745.msg97953#msg97953

Not sure what json you are referring to. OPNsense's primary configuration file is /conf/config.xml

Back a few versions ago the underlying code was similar enough that a direct import was possible. That's not the case now

You should be able to achieve this by firewall rules (policy based routing) and allowed IPs in WG

You've explained very little about your own setup so hard to comment. Eg what sort of prefix does your ISP give you? What configuration have you set up in OPNsense? Is your ISP modem a pure modem or a modem/router? If the latter is it bridged? Note that with IPv6 sometimes even bridging does not fully pass through IPv6 - you have to disable IPv6 on the modem/router before bridging to ensure it doesn't pinch the prefix.

You still can. Have the "on-demand activation" on in the iOS app, then exclude the SSIDs for your LAN network. So it will only activate when you are not on LAN (and deactivate when you get back on LAN)