VPN

9. VPN (WireGuard) 

 The VPN page in SLZB-OS contains a WireGuard settings helper , allowing the Zigbee coordinator to securely connect to your Home Assistant server or other remote endpoint. 

 

 

 9.1 WireGuard Overview 

 WireGuard is a modern, highly secure VPN protocol. In SLZB-OS, it: 

 

 

 Establishes an encrypted link between your coordinator and a remote server (e.g., Home Assistant). 

 

 

 Protects data in transit across the internet or local networks. 

 

 

 Provides privacy and prevents unauthorized access. 

 

 

 

 Note: You must have the WireGuard add-on installed and configured on your Home Assistant or other VPN server. 

 

 

 9.2 How WireGuard Works for Home Assistant 

 When configured: 

 

 

 Your coordinator connects to the WireGuard server. 

 

 

 All Zigbee and management traffic is securely tunneled through this encrypted channel. 

 

 

 The remote server sees the coordinator as if it were on the same local network. 

 

 

 This is useful when: 

 

 

 Your coordinator is in a different physical location than the server. 

 

 

 You want to expose the coordinator to Home Assistant without opening public ports. 

 

 

 

 9.3 WireGuard Settings 

 The page provides the following editable fields: 

 

 

 Local IP Address IP address of the coordinator inside the VPN network. 

 

 

 Private Key Secret key unique to the coordinator. Keep it confidential. 

 

 

 Public Key Coordinator’s public key (share with the WireGuard server so it can authenticate your device). 

 

 

 Peer Public Key The public key of the VPN server or peer you will connect to. 

 

 

 Endpoint IP address or domain name of the VPN server, plus port (e.g., vpn.example.com:51820 ). 

 

 

 Allowed IPs Specifies which IP ranges are routed through the VPN tunnel (e.g., 0.0.0.0/0 to route all traffic). 

 

 

 Persistent Keepalive Interval in seconds to send keepalive packets and maintain connection (useful behind NAT). 

 

 

 

 9.4 Save & Connect 

 

 

 After filling all fields, click Save to store settings. 

 

 

 The VPN will attempt connection automatically using the provided details. 

 

 

 

 9.5 Security Recommendations 

 

 

 Use a strong Private/Public key pair generated for the device only. 

 

 

 Limit Allowed IPs to the networks actually needed for Zigbee control. 

 

 

 Keep Persistent Keepalive enabled if the device is behind NAT or in networks with aggressive idle timeouts.