Wireguard on Opnsense won't reply to clients after receiving incoming WG packets

[BenMc]

I'm trying to set up Wireguard on Opnsense 23.7.6 and I can't get WG to reply to my clients. I have a firewall rule that accepts incoming WG packets (UDP port 51820 on WAN interface) and, when I enable logging, I see firewall log messages showing that the packets arrive and are passed. (I.e. the log messages in Live View is green).

But, I never see any log messages in Wireguard. I've enabled ALL log categories in the WireGuard log file and all I'll ever see are messages showing start and stop of the Wireguard interface (wg1). Nothing that indicates any kind of activity like a client trying to 'log in' to WG. No errors, not debug messages, nothing... Meanwhile, the clients just retry sending the initial handshake packets over and over again.

I added 'wg1' to my interface mappings and I see 'wg1' in my interface list on the Dashboard page. So, that seems OK. I've tried Windows and Android clients and neither is able to connect.

I'm out of ideas. Any suggestions about how to fix or debug this?

Thanks.

[Monviech (Cedrik)]

Have you added any peers to your instance? In instances you have to select the peers.

If theres still no reply the keys might be wrong. Wireguard doesnt respond if theres no matching key.

[BenMc]

Thanks for your reply.

Yes, I've added the peer to the server instance.

But, thanks for suggesting I check the keys. I, henceforth known as Idiot, had copied my client's private key into the public key configuration of that peer on the server.

The tunnel came right up once I fixed that. Duh.

Thanks again.