diff --git a/internal/networkd/configuration.go b/internal/networkd/configuration.go
index f4af801..b13e648 100644
--- a/internal/networkd/configuration.go
+++ b/internal/networkd/configuration.go
@@ -31,6 +31,11 @@ type BridgeMembership struct {
 	BridgeName string
 }
 
+type NameAndConfig struct {
+	Name   string
+	Config config.Config
+}
+
 func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, error) {
 	files := []NetworkdConfigFile{}
 
@@ -88,7 +93,23 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
 		}
 	}
 
-	// Step 4 Generate Bond Members
+	// Step 4 Generate wireguard netdev files
+	for name := range conf.VPN.Wireguard.Interfaces {
+		buf := new(bytes.Buffer)
+		err := templates.ExecuteTemplate(buf, "create-wireguard.netdev.tmpl", NameAndConfig{
+			Name:   name,
+			Config: conf,
+		})
+		if err != nil {
+			return nil, fmt.Errorf("executing create-wireguard.netdev.tmpl template: %w", err)
+		}
+		files = append(files, NetworkdConfigFile{
+			Name:    fmt.Sprintf("40-create-wireguard-%v.netdev", name),
+			Content: buf.String(),
+		})
+	}
+
+	// Step 5 Generate Bond Members
 	for name, inter := range conf.Network.Interfaces {
 		if inter.Type == network.Bond && inter.BondMembers != nil {
 			for _, member := range *inter.BondMembers {
@@ -101,14 +122,14 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
 					return nil, fmt.Errorf("executing bond-membership.network.tmpl template: %w", err)
 				}
 				files = append(files, NetworkdConfigFile{
-					Name:    fmt.Sprintf("40-bond-membership-%v.network", name),
+					Name:    fmt.Sprintf("50-bond-membership-%v.network", name),
 					Content: buf.String(),
 				})
 			}
 		}
 	}
 
-	// Step 5 Generate Bridge Members
+	// Step 6 Generate Bridge Members
 	for name, inter := range conf.Network.Interfaces {
 		if inter.Type == network.Bridge && inter.BridgeMembers != nil {
 			for _, member := range *inter.BridgeMembers {
@@ -121,14 +142,14 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
 					return nil, fmt.Errorf("executing bridge-membership.network.tmpl template: %w", err)
 				}
 				files = append(files, NetworkdConfigFile{
-					Name:    fmt.Sprintf("50-bridge-membership-%v.network", name),
+					Name:    fmt.Sprintf("60-bridge-membership-%v.network", name),
 					Content: buf.String(),
 				})
 			}
 		}
 	}
 
-	// Step 6 Generate addressing network files
+	// Step 7 Generate addressing network files
 	for name, inter := range conf.Network.Interfaces {
 		// Vlans
 		vlans := []string{}
@@ -162,7 +183,7 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
 			return nil, fmt.Errorf("executing config-addressing.network.tmpl template: %w", err)
 		}
 		files = append(files, NetworkdConfigFile{
-			Name:    fmt.Sprintf("60-config-addressing-%v.network", name),
+			Name:    fmt.Sprintf("70-config-addressing-%v.network", name),
 			Content: buf.String(),
 		})
 	}
diff --git a/internal/networkd/template.go b/internal/networkd/template.go
index 70cf99d..87d00ac 100644
--- a/internal/networkd/template.go
+++ b/internal/networkd/template.go
@@ -3,6 +3,9 @@ package networkd
 import (
 	"embed"
 	"text/template"
+
+	"nfsense.net/nfsense/internal/definitions/config"
+	"nfsense.net/nfsense/internal/definitions/object"
 )
 
 //go:embed template
@@ -12,8 +15,22 @@ var templates *template.Template
 func init() {
 
 	var err error
-	templates, err = template.New("").ParseFS(templateFS, "template/*.tmpl")
+	templates, err = template.New("").Funcs(template.FuncMap{
+		"getAddressObjectsAsCidr": getAddressObjectsAsCidr,
+	}).ParseFS(templateFS, "template/*.tmpl")
 	if err != nil {
 		panic(err)
 	}
 }
+
+func getAddressObjectsAsCidr(conf config.Config, name string) string {
+	addr := conf.Object.Addresses[name]
+	switch addr.Type {
+	case object.Host:
+		return addr.Host.String() + "/32"
+	case object.NetworkAddress:
+		return addr.NetworkAddress.String()
+	default:
+		panic("unsupported Address Type")
+	}
+}
diff --git a/internal/networkd/template/create-wireguard.netdev.tmpl b/internal/networkd/template/create-wireguard.netdev.tmpl
new file mode 100644
index 0000000..54756a0
--- /dev/null
+++ b/internal/networkd/template/create-wireguard.netdev.tmpl
@@ -0,0 +1,24 @@
+[NetDev]
+Name={{ $.Name }}
+Kind=wireguard
+
+{{- $intertface := index $.Config.VPN.Wireguard.Interfaces .Name  }}
+
+[WireGuard]
+ListenPort={{ $intertface.ListenPort }}
+PrivateKey={{ $intertface.PrivateKey }}
+
+{{ range $i, $peerName := $intertface.Peers }}
+{{- $peer := index $.Config.VPN.Wireguard.Peers $peerName  }}
+[WireGuardPeer]
+PublicKey={{ $peer.PublicKey }}
+{{- if ne $peer.PresharedKey nil }}
+PresharedKey={{ $peer.PresharedKey }}
+{{- end }}
+{{range  $i, $allowedIpName := $peer.AllowedIPs }}
+AllowedIPs={{ getAddressObjectsAsCidr $.Config $allowedIpName}}
+{{- end }}
+{{- if ne $peer.Endpoint nil }}
+Endpoint={{ $peer.Endpoint }}
+{{- end }}
+{{- end }}