Wireguard Site-2-Site traffic hanging: state violation rule

[Gauss23]

Hi,

I have a problem since 23.1 with my Wireguard setup. It worked like a clockwork for so long.
Setup:
3 branch offices (A, B and C) involved, connections between A&C and B&C. A&B have an OpenVPN tunnel between them for historical reasons.
A&B use "real" internet connection
C is on a Telekom 5g router and needs to initiate the connection, as there is no port forwarding possible.
C is loosing the connection since one upgrade. It is not really the the Wireguard connection which breaks, it seems to be some state problem. From one moment to another all packets coming via Wireguard are blocked because of a "state violation rule" (see screenshot). I configured one client on C, so that I can connect to it without using the Site-2-Site tunnel.
I logged in via SSH and tried to restart the Wireguard service with service wireguard restart. I can see that there a fresh handshakes on Site A&B but not traffic is flowing. I also tried pfctl -F states but that also doesn't help. Only thing that works is rebooting OPNsense on site C. Then it will work maybe for 2-3 days, sometimes it starts to hang earlier.
Site C is running 23.1.3 as.a virtual machine on a Proxmox host. The setup was working without any issue for many months.

What else can I check when this happens?

[CJ]

Add keepalive 25 to each of your peers.  Currently the wireguard connection gets broken when there's no traffic.

[Gauss23]

Add keepalive 25 to each of your peers.  Currently the wireguard connection gets broken when there's no traffic.

Thanks. I already had keepalive 25 on the "mobile" side. I now added it to other sides of the tunnels. So far no breakdown yet. Fingers crossed.