Table of Contents
Below you will find a description of the steps you need to take before you can use WireGuard.
WireGuard requires a pair of private and public keys on each remote site involved. This is then linked to a virtual WireGuard interface.
Go to the menu "" and create a new key of the type "".
Go to the menu "" and create a new virtual interface. Assign the custom key you have just created.
Each WireGuard interface requires its own UDP port number via which it can be addressed externally. These port numbers can be freely selected. However, it is recommended to assign port numbers from 800 upwards to the Intra2net system, as conflicts with other WireGuard-capable routers and with source ports for other outgoing UDP connections such as DNS have been observed with the port number 51820 often used with other systems.
Each WireGuard interface requires an IP address in order to communicate. The Intra2net system can reuse the IP addresses of other interfaces in order to avoid possible IP conflicts with other networks. To do this, select the interface to which most VPN remote sites are subsequently connected. For example, the primary local network.
The interfaces whose IPs are not used here can also be connected without any problems via WireGuard. However, connections originating from the Intra2net system itself and entering the VPN connection use this IP as the source address. In order for these connections to function, the source address must therefore be accepted by the VPN remote side. If a connection has already been configured for the network of this IP anyway, no further steps are necessary.
![[Hint]](../images/admon/note.png) | Hint |
|---|---|
It is highly recommended to create only one WireGuard interface for all VPN connections. |
Although you can easily create several WireGuard interfaces, these occupy limited resources in the system. Therefore, this should only be done when really necessary and should be examined critically.