Help me setup Gateway about wireguard-site-to-site HOT 2 OPEN

Hey I think I figured this out. I didn't use DNAT rules, rather MASQUERADE rules. I've tried to read up on the differences -- mostly MASQUERADE if you're not certain if the IP addresses might change whereas DNAT/SNAT if IP addresses are static. In terms of working with the specifics within pfSense -- it was all kind of tricky -- at least for me. Yes I assigned Wireguard a tunnel with its own interface and assigned the tunnel a specific IP address. I created a gateway for the WG interface and selected the gateway IP address to be dynamic. I then created a static route for the WG network - and assigned the Wireguard network the gateway of the WG interface. I'm not sure of all the ins and outs, however it's also possible to create these gateway assigning a static IP rather than using the dynamic configuration option. I'm assuming the dynamic option is more equivalent to the MASQUERADE option where as assigning as static IP would be more equivalent of the SNAT/DNAT option.

from wireguard-site-to-site.

I did this but I used one of the free oracle VPS tiers. Basically, I used IP tables to forward down the Wireguard tunnel. On the Pfsense side, you need to configure the Wireguard tunnel to have its own interface. Then you need to set up a gateway for the Wireguard tunnel with a static route point to the /24 subnet of whatever your Wireguard network is. I also enabled the static route filtering option in system-advanced-firewal&nat. Make sure on your Pfsense side that 0.0.0.0/0 is in the allowed IPs for the Wireguard peer on Pfsense.
Images:
https://i.imgur.com/FARnzqs.png
https://i.imgur.com/EW2Q474.png
https://i.imgur.com/CumQcsn.png
https://i.imgur.com/GjhoLxE.png
https://i.imgur.com/q9Nex7H.png
https://i.imgur.com/DbrtkVZ.png
https://i.imgur.com/tPwVQrJ.png

from wireguard-site-to-site.