diff --git a/sio2/sisr/50-wireguard/wg-private.key b/sio2/sisr/50-wireguard/wg-private.key
new file mode 100644
index 0000000..aa14381
--- /dev/null
+++ b/sio2/sisr/50-wireguard/wg-private.key
@@ -0,0 +1 @@
+SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=
diff --git a/sio2/sisr/50-wireguard/wg-public.key b/sio2/sisr/50-wireguard/wg-public.key
new file mode 100644
index 0000000..71a2b6b
--- /dev/null
+++ b/sio2/sisr/50-wireguard/wg-public.key
@@ -0,0 +1 @@
+pKM5noo3ZF3v3t3fBJBYzvFt61ItJxIkEHC0uXkCgAU=
diff --git a/sio2/sisr/50-wireguard/wg0.conf b/sio2/sisr/50-wireguard/wg0.conf
new file mode 100644
index 0000000..89a2c23
--- /dev/null
+++ b/sio2/sisr/50-wireguard/wg0.conf
@@ -0,0 +1,14 @@
+# générer des clés : cd /etc/wireguard; umask 077 ; wg genkey | tee private.key | wg pubkey > public.key 
+[Interface]
+Address = 10.0.2.1/24 # Adresses autorisées dans le VPN
+Listenport = 51820
+
+# clé privée de machine A (actuelle)
+PrivateKey = SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=
+# UDP service port; 51820 is a common choice for WireGuard
+ListenPort = 51820
+
+[Peer]
+# clé publique de machine B (l'autre)
+PublicKey = qhiQishoQMM6Y/g7OnUeLNX5T2p0FQx2oq+F/qKQfVc=
+AllowedIPs = 10.0.2.1/24 # le peer peut acceder au serveur