Wireguard w/failover via virtual bridge

[XplosiV]

Good afternoon all,

I'm hoping someone here can help, I will start with my objective and then the issues I'm having Ignore that WAN is disconnected at present, I'm going through my old router until I can get this vp2430 configured right.

I have a vp2430 configured as follows:

Code Select Expand

igc0 = wan, igc1 = lan, igc 2 = opt1, igc3 = opt2, igc1, igc2, igc3 make up bridge0 (switched lan ports)
I'm trying to utilise nordvpn/nordlynx with wireguard but with a failover and aliases for specific devices so the opnsense router will vpn the selected devices, if the tunnel drops, it'll failover to the 2nd tunnel, then 3rd, then finally WAN.

I have aliases with the devices
I have gateways & a gateway group
I have 'some' firewall rules (these are probably where I'm going wrong)
However there is never a completed handshake as nothing seems to be coming in (or is being blocked/filtered)

I will try and attach some screen grabs, hopefully they will line up

The way wireguard has been setup is one instance with one peer. So I have 3x nat outbound rules (one for each instance/peer)
I have 3 rules on the bridge
I have 2 rules on the WAN
I have 0 rules on the wg group (suspect issue here)
Each wg instance has an allow any rule (i tihnk)

I have more screens but can't post them in this post.

Any help appreciated very much! Thank you in advance