The MAC36PRO supports connection to a WireGuard VPN server using a standard WireGuard configuration file (.conf). The configuration defines the local VPN interface parameters and the remote peer (VPN server) settings required to establish the encrypted tunnel.
A typical WireGuard configuration file consists of two main sections:
-
[Interface] – defines the local device configuration.
-
[Peer] – defines the remote WireGuard peer (VPN server) parameters.
Example Configuration
The following example shows a simplified configuration structure. Sensitive values such as private keys, public keys, and IP addresses should always be protected. The example below uses placeholders for security purposes.
[Interface]
PrivateKey = <DEVICE_PRIVATE_KEY>
Address = 10.20.40.14
[Peer]
PublicKey = <SERVER_PUBLIC_KEY>
AllowedIPs = 10.20.40.0/24
Endpoint = <VPN_SERVER_IP>:51820
PersistentKeepalive = 30
Parameter Description
[Interface]
-
PrivateKey
The private key assigned to the MAC36PRO WireGuard interface. This key must remain confidential. -
Address
The IP address assigned to the device inside the VPN network.
[Peer]
-
PublicKey
The public key of the WireGuard VPN server. -
AllowedIPs
Defines which network traffic is routed through the VPN tunnel. -
Endpoint
The public IP address or hostname of the WireGuard VPN server, including the listening port. -
PersistentKeepalive
Optional parameter used to maintain the VPN connection through NAT or firewall devices.
AllowedIPs Limitation
The MAC36PRO implementation does not support full-tunnel configurations.
Using:
AllowedIPs = 0.0.0.0/0
is not supported and will not be accepted by the device configuration.
Instead, the AllowedIPs parameter must specify the VPN network or subnet that should be reachable through the tunnel. Only traffic destined for the defined VPN network will be routed through the WireGuard connection.
Example:
AllowedIPs = 10.20.40.0/24
This configuration allows the device to communicate only with hosts located within the VPN server network.