After configuring Wireguard interface and firewall, I reboot the router. Wireguard interface comes up, connects to peer, everything is good. Now I reboot again.
Wireguard interface wg0 doesn't come up and seems completely unconfigured.
# ifconfig wg0
wg0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
POINTOPOINT NOARP MTU:1420 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
If I bring it up via ifconfig wg0 up, it doesn't connect.
# ifconfig wg0
wg0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.0.2 P-t-P:172.16.0.2 Mask:255.255.255.255
inet6 addr: fd01:5ca1:ab1e:87b7:8b7e:da41:23b8:1654/128 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:548 (548.0 B) TX bytes:21080 (20.5 KiB)
Relevant part of /etc/config/network:
config interface 'wg0'
option proto 'wireguard'
option private_key 'X'
list addresses '172.16.0.2/32'
list addresses 'fd01:5ca1:ab1e:87b7:8b7e:da41:23b8:1654/128'
option listen_port '32409'
config wireguard_wg0
option public_key 'bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo='
option description 'Cloudflare'
option persistent_keepalive '25'
option endpoint_port '2408'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
option route_allowed_ips '1'
option endpoint_host 'engage.cloudflareclient.com'
I've done the time synchronization stuff - have set servers by IP, but no joy.