Internet comes on an AT&T fiber BGW-320. The public IP is 99.35.xx.yy which the BGW presents to pfSense as 172.16.1.1. The local Network from pfSense is 192.168.1.0/24. The Wireguard Network is 10.15.1.0/24.
I’ve tried Android and Windows peers but the handshake never occurs. I would appreciate it greatly if anyone would look at my configuration and tell me if I have some fatal error in the way I have set it up. Thank you!
I should have mentioned that I have a vanilla consumer Netgear router (replaced by pfSense). I can still swap it in for testing and it successfully forwards port 51820 to an rPi running piVPN.
I figured it out. Looking at my own quote above, it became apparent to me that I was not properly bridging (technically “IP Passthrough” on the BGW320) the WAN IP to pfSense. pfSense should have been seeing the 99.35.xx.yy address. Turns out that I had an error in the MAC address in the BGW configuration that resulted in NAT.