1 files changed, 19 insertions, 13 deletions

diff --git a/docs/configuration/interfaces/wireguard.rst b/docs/configuration/interfaces/wireguard.rst
index 18a888df..885720e1 100644
--- a/docs/configuration/interfaces/wireguard.rst
+++ b/docs/configuration/interfaces/wireguard.rst
@@ -183,6 +183,10 @@ traffic.
   The command :opcmd:`show interfaces wireguard wg01 public-key` will then show the
   public key, which needs to be shared with the peer.
 
+.. cmdinclude:: /_include/interface-per-client-thread.txt
+   :var0: wireguard
+   :var1: wg01
+
 **remote side - commands**
 
 .. code-block:: none
@@ -194,6 +198,7 @@ traffic.
   set interfaces wireguard wg01 peer to-wg01 port '51820'
   set interfaces wireguard wg01 peer to-wg01 public-key 'EKY0dxRrSD98QHjfHOK13mZ5PJ7hnddRZt5woB3szyw='
   set interfaces wireguard wg01 port '51820'
+  set interfaces wireguard wg01 private-key 'OLTQY3HuK5qWDgVs6fJR093SwPgOmCKkDI1+vJLGoFU='
 
   set protocols static route 192.168.1.0/24 interface wg01
 
@@ -206,18 +211,18 @@ firewall exception.
 
 .. code-block:: none
 
-    set firewall name OUTSIDE_LOCAL rule 10 action accept
-    set firewall name OUTSIDE_LOCAL rule 10 description 'Allow established/related'
-    set firewall name OUTSIDE_LOCAL rule 10 state established enable
-    set firewall name OUTSIDE_LOCAL rule 10 state related enable
-    set firewall name OUTSIDE_LOCAL rule 20 action accept
-    set firewall name OUTSIDE_LOCAL rule 20 description WireGuard_IN
-    set firewall name OUTSIDE_LOCAL rule 20 destination port 51820
-    set firewall name OUTSIDE_LOCAL rule 20 log enable
-    set firewall name OUTSIDE_LOCAL rule 20 protocol udp
-    set firewall name OUTSIDE_LOCAL rule 20 source
-
-You should also ensure that the OUTISDE_LOCAL firewall group is applied to the
+    set firewall ipv4 name OUTSIDE_LOCAL rule 10 action accept
+    set firewall ipv4 name OUTSIDE_LOCAL rule 10 description 'Allow established/related'
+    set firewall ipv4 name OUTSIDE_LOCAL rule 10 state established enable
+    set firewall ipv4 name OUTSIDE_LOCAL rule 10 state related enable
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 action accept
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 description WireGuard_IN
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 destination port 51820
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 log enable
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 protocol udp
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 source
+
+You should also ensure that the OUTSIDE_LOCAL firewall group is applied to the
 WAN interface and a direction (local).
 
 .. code-block:: none
@@ -291,6 +296,7 @@ value needs to be lower than the UDP timeout.
             pubkey BknHcLFo8nOo8Dwq2CjaC/TedchKQ0ebxC7GYn7Al00=
         }
         port 2224
+        private-key OLTQY3HuK5qWDgVs6fJR093SwPgOmCKkDI1+vJLGoFU=
     }
 
 The following is the config for the iPhone peer above. It's important to
@@ -407,7 +413,7 @@ the VyOS CLI.
   into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become
   the peer name in the snippet.
 
-  In addition you will specifiy the IP address or FQDN for the client where it
+  In addition you will specify the IP address or FQDN for the client where it
   will connect to. The address parameter can be used up to two times and is used
   to assign the clients specific IPv4 (/32) or IPv6 (/128) address.