diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix
index 4f8b8f7..950c2ad 100644
--- a/hosts/dn42-il-gw1/configuration.nix
+++ b/hosts/dn42-il-gw1/configuration.nix
@@ -243,6 +243,25 @@
       ];
       privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path;
     };
+    # jona / cryne
+    wg3402 = {
+      ips = [
+        "fe80::2574/128"
+      ];
+      postSetup = ''
+      ip addr replace dev wg3402 fe80::2574/128 peer fe80::3402/128
+      '';
+      listenPort = 53402;
+      allowedIPsAsRoutes = false;
+      peers = [
+        {
+          allowedIPs = [ "fe80::/10" "fd00::/8" ];
+          endpoint = "dn42.cryne.me:42574";
+          publicKey = "YsKInIp90is8ysnQDHGoKnz2CqlTMWMZDmQ+vwvN2C0=";
+        }
+      ];
+      privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path;
+    };
     # lutoma
     wg4719 = {
       ips = [
@@ -296,6 +315,7 @@
     51411 # wg1411
     51718 # wg1718
     52189 # wg2189
+    53402 # wg3402
     54719 # wg4719
     56190 # wg6190
   ];
@@ -391,6 +411,13 @@
         remoteAsn = "4242422189";
         localAddress = "fe80::2574";
       }
+      {
+        peerName = "peer_3402";
+        remoteAddress = "fe80::3402";
+        interfaceName = "wg3402";
+        remoteAsn = "4242423402";
+        localAddress = "fe80::2574";
+      }
       {
         peerName = "peer_4719";
         remoteAddress = "fe80::acab";