[Solved] Wireguard setup

[abundantmuscle]

BTW, I notice that your interface on OPNsense is wg1. Does that mean you have another WG interface for something else (wg0)? Could that be causing routing conflicts?

So I had a wg0 and deleted everything to start fresh and it starts at wg1 now everytime even tough wg0 is not listed anywhere within OPNsense.

[Greelan]

So I had a wg0 and deleted everything to start fresh and it starts at wg1 now everytime even tough wg0 is not listed anywhere within OPNsense.

Hmm. This is ringing alarm bells for me. It seems like there is some legacy config somewhere that could be causing your issues. Perhaps you need to manually search your OPNsense config (/conf/config.xml) to find out.

You can also look at your firewall rule list under Diagnostics/Statistics to see if any legacy FW rules are there for wg0.

I've seen this before. An interface is deleted, but legacy config remains, just no longer visible in the UI. There was a change some time ago to OPNsense's code that was meant to address this, but some issues might remain.

[Demusman]

As I said, you need to look into what Allowed IPs means.

As I said, I know exactly what they are. I have many Wireguard tunnels and they all work.

[abundantmuscle]

So after all that, I have it figured out, it was nothing to do with wireguard on OPNsense. I set it up on my phone and connected without issue and was aboe to pull up the OPNsense UI, TrueNAS UI on 192.168.3.0/24 network. This lead me to the 2 servers in Hetzner. I recalled an issue I had with LetsEncrypt a while back, where their firewall doesn't tag outbound traffic so if a response comes back it knows what to do with it. Long story short, I opened the peer ports on their web ui firewall and the handshake completed and everything works.

Thanks everyone for the verification of my config and tips etc. I still want to look at the xml for that legacy config next tough just to get things tidied up.