diff --git a/hosts b/hosts
index f5d61c09e74e5297d7e1b6d2594e9a7cadd45f54..22b567d8b4822a61c56d0bbdd78858ee602b4c11 100644
--- a/hosts
+++ b/hosts
@@ -80,6 +80,7 @@ re2o-ldap.adm.crans.org
 gitlab-ci.adm.crans.org
 hodaur.adm.crans.org
 monitoring.adm.crans.org
+boeing.adm.crans.org
 
 [ovh_physical]
 sputnik.adm.crans.org
diff --git a/roles/wireguard/templates/wireguard/sputnik.conf.j2 b/roles/wireguard/templates/wireguard/sputnik.conf.j2
index 7e921c8929cb627acf52d2604ce2d51a4f83d9cf..4f0ec94aa29a0afc20f132ce5920bf956bded9b8 100644
--- a/roles/wireguard/templates/wireguard/sputnik.conf.j2
+++ b/roles/wireguard/templates/wireguard/sputnik.conf.j2
@@ -9,20 +9,20 @@ PostUp = /sbin/ip link set sputnik alias adm
 
 [Peer]
 PublicKey = {{ wireguard.peer_public_key }}
-AllowedIPs = 172.31.0.1/32, fd0c:700:0:8::1/128, 10.231.136.0/24, 2a0c:700:0:2::/64
-Endpoint = 138.231.136.131:51820
+AllowedIPs = 172.31.0.1/32, fd0c:700:0:8::1/128, {{ query('ldap', 'network', 'adm') }}, fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64
+Endpoint = {{ (query('ldap', 'ip', 'boeing', 'srv') | ipv4)[0]Â }}:51820
 {% else %}
 [Interface]
 Address = 172.31.0.1/30, fd0c:700:0:8::1/64
 ListenPort = 51820
 PrivateKey = {{ wireguard.private_key }}
 
-PostUp =   ifup   {{ wireguard.if }}; iptables -t nat -A PREROUTING -d 10.231.136.21 -j DNAT --to-destination 172.31.0.2; iptables -t nat -A POSTROUTING -j MASQUERADE; ip6tables -t nat -A PREROUTING -d 2a0c:700:0:2:73:70ff:fe75:7402/128 -j DNAT --to-destination fd0c:700:0:8::2; ip6tables -t nat -A POSTROUTING -j MASQUERADE
-PostDown = ifdown {{ wireguard.if }}; iptables -t nat -D PREROUTING -d 10.231.136.21 -j DNAT --to-destination 172.31.0.2; iptables -t nat -D POSTROUTING -j MASQUERADE; ip6tables -t nat -D PREROUTING -d 2a0c:700:0:2:73:70ff:fe75:7402/128 -j DNAT --to-destination fd0c:700:0:8::2; ip6tables -t nat -D POSTROUTING -j MASQUERADE
+# PostUp =   ifup   {{ wireguard.if }}; iptables -t nat -A PREROUTING -d 10.231.136.21 -j DNAT --to-destination 172.31.0.2; iptables -t nat -A POSTROUTING -j MASQUERADE; ip6tables -t nat -A PREROUTING -d 2a0c:700:0:2:73:70ff:fe75:7402/128 -j DNAT --to-destination fd0c:700:0:8::2; ip6tables -t nat -A POSTROUTING -j MASQUERADE
+# PostDown = ifdown {{ wireguard.if }}; iptables -t nat -D PREROUTING -d 10.231.136.21 -j DNAT --to-destination 172.31.0.2; iptables -t nat -D POSTROUTING -j MASQUERADE; ip6tables -t nat -D PREROUTING -d 2a0c:700:0:2:73:70ff:fe75:7402/128 -j DNAT --to-destination fd0c:700:0:8::2; ip6tables -t nat -D POSTROUTING -j MASQUERADE
 
 [Peer]
 PublicKey = {{ wireguard.peer_public_key }}
 AllowedIPs = 172.31.0.2/32, fd0c:700:0:8::2/128
-Endpoint = 46.105.102.188:51820
+Endpoint = {{ (query('ldap', 'ip', 'sputnik', 'srv') | ipv4)[0] }}:51820
 {% endif %}