Open the menu "Services > VPN > Connections" on the Intra2net system and create a new connection. Select the type "WireGuard: Site-to-Site or custom configuration" and in the next step "Other device without any existing WireGuard VPN connections".

Enter the external DNS hostname of the remote site and the UDP port number of the remote WireGuard interface.

Select the nets to be connected on both sides.

Configure the rights for incoming connections from the remote site. Take particular care not to select a firewall ruleset that is too permissive and only allow the connections that are actually required. If in doubt, create a dedicated firewall ruleset for this VPN connection.

The last step is to configure activation. A passively/manually started connection remains offline for the time being and is then started when required. This can be done via the mainpage, via an IP packet to be sent from this side or via a handshake from the other side.

If the connection is always started, the Intra2net system constantly tries to establish the connection and keep it open. For the latter in particular, a keepalive should also be configured, which keeps a connection online once it has been opened.

Export the connection configuration by clicking on "Download". This is a complete configuration for a WireGuard interface including a private key. Transfer this to the other site.

The configuration contains the private key and pre-shared key and should therefore only be transmitted in encrypted form.

Import the configuration file on the other router or firewall.

Under Linux, the file is normally stored as /etc/wireguard/wg0.conf.

Depending on the product, you may also have to configure the data from the configuration file via individual items in a user interface. If in doubt, consult the product documentation.