There seems to be a bug in the Wireguards with ROS 7.23, when power fails to MT device, wireguard tunnels will not come back up (to different end net/devices). The initiating device reports it's trying to connect, but not receiving responses, yet nothing is reported on the other side (also MT device, or not). So, at first I changed ports, and it came back up. Now I know if I just delete the peer & recreate on the MT initiator side, it works again. Annoying to have to do this at every power fail.
Sounds like a config issue. Has been working perfectly here
One of the usual problems when this shows up is with time synchronization.
Wireguard handshakes contain a timestamp. For each peer (on each side of the connection) the last seen timestamp is stored, and it's expected to move forward monotonically. If this is not the case, the handshake is rejected. This is done in order to prevent replay attacks, and is part of the standard wireguard specification. Recreating, disabling-enabling the peer, etc. clear this last timestamp information.
Mikrotiks don't contain real time clocks, so for them, time resets when power is lost. If there is no method configured to update their clocks, what you experience is a usual result.
There are other ways in which a reconnect might fail, but this is the most common one.
Even when you configure your device to use NTP or other method, it may take some time (that was intentional ... ) before it syncs.
Your deletion of the peer and recreating it, shouldn't be needed.
Simply disable the WireGuard peer or interface, wait a bit, and then enable it again.
This can be scripted to be done some minutes after startup (or if you really want, until the message in log which indicates time has been adjusted is detected).
I think that shouldn't be needed anymore. There used to be a problem (I think around 7.16-7.17) where wireguard got stuck with a failed handshake. But it should retry every few minutes now... if keepalive is configured. So, at least officially, only a few minutes could be gained by a manual restart.
Configs are (mostly) the same as they have been for years, although it is certainly possible that I changed something & forgot. If I did change something, it wasn't much. NTP is configured, with syncs in the PPM. The main thing that has happened on the device (HAPax3) recently is an update from ROS 7.19 -> 7.23. I know I can back it up to long term, but I thought I should mention it here anyway in case some new problem is developing.
Maybe there is some new failure mode, who knows.
You can investigate the retry behavior by looking at the failed handshake attempts in the log.