On both peers, install the Wireguard module and tools:
apt install wireguard
Create the configuration file at /etc/wireguard/wg0.conf:
[Interface]
Address = 192.168.3.1
PrivateKey = `wg genkey`
[Peer]
PublicKey = `wg pubkey < privkey-of-other-peer`
PresharedKey = `wg genpsk`
AllowedIPs = 192.168.3.2
The PresharedKey must be identical across peers. Make sure to share it over a secure channel.
On at least one of the peers, set Endpoint in the [Peer] section to the internet hostname and listening port of the other peer. Set the listening port by adding Port to the [Interface] section.
You will need to set AllowedIPs to the Address of the other peer. You can use another subnet if 192.168.3.0 is already being used.
Turn on the tunnel using:
wg-quick up wg0
See connection information using:
wg show
Try pinging the other peer:
ping 192.168.3.2