diff --git a/bgpwtf/machines/edge01.waw.bgp.wtf.nix b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
index d26f2191..e9d88e58 100644
--- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
@@ -58,6 +58,44 @@ in rec {
     out = "/var/lib/unbound/rsh.conf";
   };
 
+  networking.wireguard.interfaces = {
+    wg-camp = {
+      ips = [
+        "185.236.240.68/31"
+        "2a0d:eb00:2137:1::e/127"
+      ];
+      allowedIPsAsRoutes = false;
+      listenPort = 51820;
+      generatePrivateKeyFile = true;
+      privateKeyFile = "/root/camp-wg";
+      peers = [
+        {
+          publicKey = "TbXDHeHwT4/xQ1+l4HH9EzbYUUCU4Pk/r0nsGSw+qUc=";
+          allowedIPs = [
+            "185.236.240.69/32"
+            "185.236.241.0/24"
+            "2a0d:eb00:8007::/48"
+            "2a0d:eb00:2137:1::f/128"
+          ];
+        }
+      ];
+    };
+  };
+
+  hscloud.routing.static.v6.camp = {
+    table = "aggregate";
+    address = "2a0d:eb00:8007::";
+    prefixLength = 48;
+    via = "2a0d:eb00:2137:1::f";
+  };
+  hscloud.routing.static.v4.camp = {
+    table = "aggregate";
+    address = "185.236.241.0";
+    prefixLength = 24;
+    via = "185.236.240.69";
+  };
+
+
   hscloud.renameInterfaces = {
     # Link to Nitronet CPE.
     e1-nnet.mac = "ac:1f:6b:1c:d7:ae";
@@ -172,7 +210,7 @@ in rec {
   '';
   hscloud.routing.originate = {
     # WAW prefixes, exposed into internet BGP table.
-    v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 24; };
+    v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 23; };
     v6.waw = { table = "internet"; address = "2a0d:eb00::"; prefixLength = 32; };
 
     # Default gateway via us, exposed into aggregated table.