Wireguard tunnel not working

[Hachibi]

Hello there,

I have been trying to run a basic security topology including an Opnsense 26.1 in my EVE-NG set up.

The "Client_Distant" is supposeded an employee working remotly. I simulated the internet as such:

Remote_PC 1.1.1.2/24 <--> Router_Internet 1.1.1.1
Router_Internet 4.4.4.2/30 <--> Opnsense_WAN 4.4.4.1

My defautl route is up and active and has 4.4.4.2 as next-hop.
I've configured the WG instance (Tunnel adr 10.10.10.1) and i created the Peer (AllowedIPs 10.10.10.2/32 + Endpoint address 1.1.1.2) and linked both objects together.

Did the same thing from my employee running on debian, i've exchanged both public keys, routing is up on the other side. I see the employee's attempt arriving at the FW but i always get the following message:

WAN In 2026-03-25T21:30:03 UDP 1.1.1.2:39848 4.4.4.1:51820 block Default deny/state violation rule

I've tried all i could think of, i made any/any rules on both Tunnel and WAN, i mean any/any is basically everything is allowed to flow through. Pls help :(

[Hachibi]

On the screenshot, i have not yet changed the hostnames properly but the s2 is my actual router, it's a vEOS Arista switch turned into an L3 switch and i am only attempting the wireguard tunnel with FW1 only.

Thanks in advance for the help.