Display the public key of a WireGuard interface on the other router or firewall. This can often be viewed in a menu for the WireGuard interfaces or the WireGuard status. The command wg can be used on the Linux command line. Make sure that you export the public key and not the private key. If in doubt, consult the product documentation.

Copy the public key to the clipboard.

On the Intra2net system, open the menu "System > Key > Foreign keys", click on "New", paste the key from the clipboard and save.

Open the menu "Services > VPN > Connections" on the Intra2net system and create a new connection. Select the type "WireGuard: Site-to-site or custom configuration" and in the next step "Another device with existing WireGuard VPN connections".

Enter the external DNS hostname of the remote site and the UDP port number of the WireGuard interface there. Select the previously imported public key of the remote site.

Select the nets to be connected on both sides.

Configure the rights for incoming connections from the remote site. Take particular care not to select a firewall ruleset that is too permissive and only allow the connections that are actually required. If in doubt, create a dedicated firewall ruleset for this VPN connection.

The last step is to configure activation. A passively/manually started connection remains offline for the time being and is then started when required. This can be done via the mainpage, via an IP packet to be sent from this side or via a handshake from the other side.

If the connection is always started, the Intra2net system constantly tries to establish the connection and keep it open. For the latter in particular, a keepalive should also be configured, which keeps a connection online once it has been opened.

Export the connection configuration by clicking on "Download" and transfer it to the other side. The configuration contains the pre-shared key and should therefore only be transferred in encrypted form.

Add the previously exported configuration file to the existing configuration of the other router or firewall.

If the device allows you to edit the configuration in wg-quick format, add the new connection as another "[peer]" section at the end of the existing file. Under Linux, you will normally find the files in the /etc/wireguard/ directory. If there are files for several interfaces, make sure to edit the one from which you previously exported the public key.

Depending on the product, you may also have to configure the data from the configuration file via individual items in a user interface. If in doubt, consult the product documentation.