Can't access wireguard peer from home network

[OtterTech]

I have been using OPNsense for a couple years, though I am still very much a beginner, so please bear with me. Searched up and down for an answer to this but, can't quite figure it out.

Wireguard is configured on OPNsense and running beautifully with several peers (multiple phones, laptop, etc) connecting back to our home network. I just added a raspberry pi as a peer that is connected at my inlaws house (it's running a digital picture frame). I had thought that I could access it from home to toss on new photos via filezilla, but I can't access it (using it's address: 10.0.0.6). I'm sure this is an easy firewall rule, or some small "allowed IPs" situation, but I just can't figure it out on my own. Any tips? Easy fix?

[OtterTech]

I'm sure this is a low-interest low-priority question compared to the more involved post floating around, but I would SO appreciate a little guidance here. I'm considering running another wireguard instance and pointing it to the 10.0.0.0/32 network.. would that work?

Anybody willing to even point me in the right direction with a tutorial online? I've learned a ton from this community, and this is the first wall I've hit that I can't seem to figure out on my own.

[cookiemonster]

It's the "allowed ips" part of the peer setup on the receiving end in this case. In other words, at your inlaws' side, the connection needs to allow to get to the device.
My guess is that you have a WG endpoint configured at the inlaw's, the pi, with it's own ip LAN address. But you connect to your inlaw's router first. That's where the "allowed ips" probably has only it's own ip as the tunnel-end, as the only allowed ip.
inlaw-pi <-- inlaw router <=== internet  <--your router <your pc with filezilla
Is that about right? And then, you could compare it with the settings on your OPN WG endpoints setup that allow peers connecting INTO your network.

[OtterTech]

Thanks so much for your response! That makes sense I think.. So if my network is 192.168.100.0/32 (still learning subnets.. would it be /24?) I'd just add that to the "allowed IPs"? Again.. thanks for bearing with a newbie here. Also, when I ssh to the pi (or use filezilla) would I use the tunnel address the pi is given (10.0.0.6)?

Thanks again!

[cookiemonster]

/32 is a single host. /24 is the normal class C range, 254 hosts.
So your network is most likely 192.168.100.0/24 and your PC with Filezilla will be inside that range.
Then WG creates a separate network of 254 hosts say 10.0.0.1/24 but your endpoints you create to come in will be issued a single ip in the WG range for example 10.0.0.2/32. That is the ip for the endpoint to receive.
Edit: best to re-use a better written explanation: https://homenetworkguy.com/how-to/configure-wireguard-opnsense/
Read it all but the most relevant part for you at this juncture is "Add Firewall Rules to Access Internal Network(s)/Internet"