diff --git a/files/ospfd.conf b/files/ospfd.conf
index d7b71a2..dfe6c0f 100644
--- a/files/ospfd.conf
+++ b/files/ospfd.conf
@@ -28,4 +28,7 @@ area 0.0.0.0 {
 	interface wg0 {
 		type p2p
 	}
+	interface wg2 {
+		type p2p
+	}
 }
diff --git a/files/pf.wg2.conf b/files/pf.wg2.conf
new file mode 100644
index 0000000..3cbd879
--- /dev/null
+++ b/files/pf.wg2.conf
@@ -0,0 +1,8 @@
+# allow incoming udp packets for wg2
+pass in proto udp from any to self port 51822
+
+# allow ospf on wg2
+pass on wg2 proto ospf
+
+# allow prometheus on wg2
+pass on wg2 proto tcp from any to self port 9100
diff --git a/playbook_provision_backbone.yml b/playbook_provision_backbone.yml
index 8f1a4a2..f57fb37 100644
--- a/playbook_provision_backbone.yml
+++ b/playbook_provision_backbone.yml
@@ -2,26 +2,32 @@
 - name: configure tunnel on eae-adp-jump01
   hosts: eae-adp-jump01
   tasks:
-    - name: create wg0 interface file
+    - name: create wgX interface files
       template:
-        src: templates/hostname.wg0
-        dest: /etc/hostname.wg0
+        src: "{{ item }}"
+        dest: /etc/
         mode: 0600
+      with_fileglob:
+        - "templates/hostname.wg*"
       notify:
         - reload interfaces
 
-    - name: create pf.wg0.conf file
+    - name: create pf.wgX.conf files
       copy:
-        src: files/pf.wg0.conf
-        dest: /etc/pf.wg0.conf
+        src: "{{ item }}"
+        dest: /etc/
         mode: 0600
+      with_fileglob:
+        - "files/pf.wg*.conf"
       notify:
         - reload firewall
 
-    - name: include pf.wg0.conf in pf.include.conf
+    - name: include pf.wgX.conf in pf.include.conf
       lineinfile:
         path: /etc/pf.include.conf
-        line: 'include "/etc/pf.wg0.conf"'
+        line: 'include "/etc/{{ item | basename }}"'
+      with_fileglob:
+        - "files/pf.wg*.conf"
       notify:
         - reload firewall
 
@@ -50,4 +56,4 @@
     - name: restart ospfd
       service:
         name: ospfd
-        state: restart
+        state: restarted
diff --git a/templates/hostname.wg2 b/templates/hostname.wg2
new file mode 100644
index 0000000..93b715e
--- /dev/null
+++ b/templates/hostname.wg2
@@ -0,0 +1,5 @@
+inet 10.85.254.0/31
+mtu 1350
+wgport 51820
+wgkey {{ lookup('passwordstore', 'wg/wg2/eae-adp-jump01') }}
+wgpeer {{ lookup('passwordstore', 'wg/wg2/ffl-ans-gw-core01.pub') }} wgpsk {{ lookup('passwordstore', 'wg/wg2/psk') }} wgaip 0.0.0.0/0