diff --git a/app/Models/Server.php b/app/Models/Server.php
index cb9dc1b..f9f4a30 100644
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@@ -25,6 +25,22 @@ class Server extends Model
         ];
     }
 
+    public static function boot(): void
+    {
+        parent::boot();
+
+        static::creating(function (self $server) {
+            // $server->internal_ip_ending = random_int(2, 254);
+            $existingServer = Server::whereOrganisationId($server->organisation_id)
+                ->orderByDesc('internal_ip_ending')
+                ->first();
+            
+            $server->internal_ip_ending = $existingServer
+                ? $existingServer->internal_ip_ending + 1
+                : 2;
+        });
+    }
+
     public function externalNetwork(): BelongsTo
     {
         return $this->belongsTo(Network::class, 'external_network_id');
diff --git a/database/migrations/2025_03_27_120552_create_servers_table.php b/database/migrations/2025_03_27_120552_create_servers_table.php
index 0db8f48..a89f249 100644
--- a/database/migrations/2025_03_27_120552_create_servers_table.php
+++ b/database/migrations/2025_03_27_120552_create_servers_table.php
@@ -22,6 +22,8 @@ return new class extends Migration
             $table->string('ipv6');
             $table->string('private_ip');
             $table->string('provider_status');
+            $table->string('internal_ip');
+            $table->integer('internal_ip_ending');
             $table->string('status');
             $table->string('region');
             $table->string('os');
diff --git a/provision.sh b/provision.sh
index 544865d..ffdc0c8 100644
--- a/provision.sh
+++ b/provision.sh
@@ -51,6 +51,11 @@ if [ ! -d /root/.ssh ]; then
     touch /root/.ssh/authorized_keys
 fi
 
+# Create the wireguard directory
+if [ ! -d /root/.wg ]; then
+    mkdir -p /root/.wg
+fi
+
 # Set The Hostname If Necessary
 echo "[!hostname!]" > /etc/hostname sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 [!hostname!].localdomain [!hostname!] localhost/' /etc/hosts
 hostname [!hostname!]
@@ -59,6 +64,7 @@ hostname [!hostname!]
 useradd keystone
 mkdir -p /home/keystone/.ssh
 mkdir -p /home/keystone/.keystone
+mkdir -p /home/keystone/.wg
 adduser keystone sudo
 
 # Setup Bash For Keystone User
@@ -84,6 +90,18 @@ ssh-keygen -f /home/keystone/.ssh/id_ed25519 -t ed25519 -N ''
 # Restart SSH
 service ssh restart
 
+# Create the wireguard key pairs
+wg genkey > /root/.wg/privatekey
+wg pubkey < /root/.wg/privatekey > /root/.wg/publickey
+
+# Configure wireguard
+ip link add dev wg0 type wireguard
+ip address add dev wg0 192.168.2.1/24
+wg set wg0 listen-port 51820 private-key /root/.wg/privatekey
+ip link set up dev wg0
+
+# wg set wg0 peer <PEER_PUBLIC_KEY> allowed-ips <PEER_VPN_IP>/32
+
 # Setup Keystone Home Directory Permissions
 chown -R keystone:keystone /home/keystone
 chmod -R 755 /home/keystone
diff --git a/readme.md b/readme.md
index 4c8b02a..3b846e6 100644
--- a/readme.md
+++ b/readme.md
@@ -12,3 +12,4 @@ Every application has a gateway (just a load balancer), regardless of how many a
 We're going to install wireguard on each server to provide a secure connection between every server and manage internal connections via the firewall with ufw.
 For each server provider, we should create a private network on that provider to get the lowest latency, which means allocating the wireguard connections needs to be done intelligently. If the server provider is not the same, we should use the public IP, otherwise use the private one internally.
 If a server is created on a provider, we should create the 'keystone' network. Maybe search to see if it already exists first.
+