This article walks you through setting up a WireGuard site-to-site VPN tunnel using Route10. This lets you securely connect two remote networks over the internet — enabling communication between specific subnets.

⚠️ Note: This guide assumes each site has a unique LAN subnet. Adjusting subnets is outside the scope of this article.

1. Go to https://manage.alta.inc/,and open it twice (either in 2 separate tabs, or 2 side by side windows). This will be easier to do from a computer, but will soon be supported on mobile devices.
2. First, we need each site's hostname. To get this:

• • Go to the Network section.
  • Hover the mouse cursor over the IP address for Route10.
  • Move the cursor over the hover modal that appears.
  • Triple-click the DDNS hostname line to fully select it, or click and drag to highlight it manually.
  • Press Ctrl + C (or ⌘ + C on Mac) to copy the line, or right-click and choose Copy.
  • Paste it in step 4a below.
  • Repeat the steps for the second site.
    

3. Back on site 1, from the VPN page click the + beside Clients/S2S. Repeat on site 2.
4. We’ll start building and generating configs on both sites here.
   1. On Site 1, paste the DDNS hostname of site 2 into the Hostname field
   2. On Site 1, hover over the question mark beside PSK, then click the link to generate one. This is the same PSK you want to enter on site 2 so copy that to site 2 as well..
      
   3. On site 1, hover the cursor over the question mark beside Private Key and perform both click actions. The first will copy content, the second will fill in the field. Paste this public key into site 2’s config.
      
   4. Repeat step 4c on Site 2 to copy, but this time paste its public key into site 1’s config.
   5. Choose unique private IPs for each endpoint that don’t overlap with existing subnets. 
   6. Configure the subnets of the remote site you want accessible as well as the /32 of the remote peer itself (so adding the IP from step e, with a /32 of the remote peer on each side).

Important: When setting up the tunnel on Site 1, you're entering the public information from Site 2, and vice versa. Public information being hostname, public key, and subnets. Think of each site as saying: "Here's how to reach the other end."

5. After you’ve entered the settings of the remote peer on each site, they may look somewhat similar to this:

6. To test the connection, go to Network, hold Shift, and click on the name of the Route10 device to open the Web Terminal.
7. Use ping to test reachability to a remote LAN device (e.g., ping 192.168.42.1), and wg show to view WireGuard status.