The Intra2net system should be addressable for the VPN clients via a DNS name on the Internet.
If the Intra2net system has a fixed IP, set up a DNS entry for it in your own official domain. The system can then be accessed under a name such as
intra.company.comormail.example.com. This can normally be set up free of charge and quickly by the web space provider who manages the domain.If the Intra2net system is assigned a different IP each time it dials into the Internet, a DynDNS service must be set up for addressing. See Section 10.13, „DynDNS“.
Although it is possible to use a fixed IP for WireGuard directly and without a DNS entry, the DNS entry is clearly recommended. This is because changing the IP when changing provider or contract would otherwise be time-consuming. In addition, other TLS-based services of the Intra2net system require a certificate, which certification authorities only issue for DNS hostnames. This can then also be used for the VPN.
Go to the menu "" and enter this externally accessible DNS name in the field "".
Check how the Intra2net system is connected to the Internet. To do this, check the type of active provider in the "" menu. If it is a (DSL) dial-up line, everything is fine and you can proceed to the next step.
If it is a provider type with a router, check whether this router assigns an unchanged official IP to the Intra2net system or whether it assigns an IP from a private address range via NAT. In the latter case, port forwarding must be configured on the router for the UDP port of the WireGuard interface (see Section 60.1, „Own key and interface“) to the IP of the Intra2net system.
Check the firewall ruleset for incoming connections from the Internet. It is selected in the "" menu for the active provider and can be examined using the magnifying glass icon. In it, "" must be activated. If a complete firewall ruleset is used, access to the predefined service "" must be permitted.