VPN Server
Your Sertone gateway includes a built-in VPN server. Any device you own — laptop, phone, tablet — can connect to your gateway securely from anywhere in the world. No third-party VPN subscription, no extra software to install on the server side. It is already running.
What You Get
Every Sertone gateway runs a VPN server that accepts connections from your devices. Once a device is connected:
- Secure remote access — manage your gateway from anywhere as if you were on the same local network. Access the admin panel, monitor services, and adjust settings without exposing your gateway to the public internet.
- Encrypted tunnel — all traffic between your device and your gateway is fully encrypted. Nobody on the network between you can see what you are doing.
- Up to 253 devices — connect laptops, phones, tablets, or servers. Each gets its own config and can be revoked individually at any time.
- Works everywhere — WireGuard clients are available for Windows, macOS, iOS, Android, and Linux. The same config works on all of them.
How to Connect a Device
Step 1 — Get your VPN config
In your gateway's admin panel, go to Settings → VPN. Click Generate config. A .conf file downloads to your device immediately. Each device should have its own config — do not share config files between devices.
Step 2 — Install WireGuard
Download the free WireGuard client for your device:
- Windows — official installer from wireguard.com
- macOS — available on the Mac App Store or via Homebrew
- iOS — WireGuard app on the App Store
- Android — WireGuard app on Google Play
- Linux — available in all major package managers
Step 3 — Import and connect
Open WireGuard, click Add tunnel (or the + button on mobile), and select the .conf file you downloaded. Then click Activate. You are connected.
Firewall Note
If your gateway machine is behind a firewall or router, you need to allow inbound UDP traffic on port 51820 and forward it to your gateway machine. This is the only port the VPN server uses.
If your gateway is on a cloud server with a firewall (AWS security group, DigitalOcean firewall, Hetzner firewall rules, etc.), add a rule to allow UDP port 51820 from anywhere.
Managing Connected Devices
In Settings → VPN you can see:
- All devices that have a config — whether or not they are currently connected
- Last seen time for each device (when it last made a handshake)
- Which devices are currently active
To disconnect a device permanently, click Revoke next to it. Its config immediately stops working. The device cannot reconnect unless you generate a new config for it.
To rotate a device's config (e.g. if the config file was lost or compromised), click Reset config. A new config is generated and the old one is invalidated immediately.
Frequently Asked Questions
Does the VPN affect my API traffic?
No. The VPN is a separate channel for managing your gateway. API calls from consumers go through the Sertone network as normal — they are unaffected by whether you have the VPN active.
Can I use the VPN as a general internet VPN?
By default, only traffic destined for your gateway's local network routes through the VPN. Your general internet traffic goes through your regular connection. If you want to route all your internet traffic through your gateway, you can enable full-tunnel mode in your WireGuard client by changing the Allowed IPs setting to 0.0.0.0/0 in the imported config.
Does my gateway need a public IP for the VPN to work?
Yes — your gateway machine needs a reachable address so your devices can connect to it. A public IP or a domain name pointing to it is required. If your gateway is behind NAT (e.g., a home router), you will need to set up port forwarding for UDP port 51820.
How many devices can connect at the same time?
Up to 253 devices can have configs. There is no limit on how many can be connected simultaneously.
Is my VPN traffic logged?
No. Your gateway does not log VPN traffic. The gateway is yours — it runs on your machine, and only you have access to it.