WAN Failover, Untangle, and Wireguard

We have a Terminal Server. Users access it via Wireguard and an Untangle firewall.
We just installed a failover Verizon modem.
Wireguard has a Wan Failover app. When the primary internet connection goes down and the secondary takes over there will be a new IP address.
I assume I will need to recreate all the Wireguard VPN Tunnels.
Should I setup DynDns to detect the failover IP address?
Is this the correct route or is there something better/simpler?

If the secondary IP is not static then something like DynDNS should work.

It’s static. But it will be different than the primary IP.

So do I need to configure 2 separate tunnels for each user for each WAN?

Yes, that is an easy way to fix it.

Is that the optimal setup?

Depends on how fast you want something to fail over, you could setup a DNS entry with a low TTL so you only have to have one tunnel, but you are then relying on end points to update their DNS if their is a failure.

So I suppose setup 2 tunnels per user and instruct them to use the secondary when there is an outage of the primary ISP.