PepVPN NAT Virtual MAC Address Derivation


This article shows how clients can be given static IP address assignments when using PepVPN in NAT mode. It states the client MAC address is a virtual address derived from the device serial number. Is it possible to detail how it is derived? This would greatly aid when provisioning a large number of devices as we could figure out the MAC address and create the DHCP reservation before physically deploying the device.


UPDATE: Correct answer is in comment 3 below.


Sorry @rkozak, obviously I’m remembering something really outdated and the Profile ID requirement was deprecated long time ago back into 2016. All firmware since 6.3.2 should use the following guide without the need of PepVPN Profile ID and solely use Serial Number to generate the virtual MAC address.

So here is how it’s derived:


For example, the device with SN: BAAD-F00D-CAFE, connected to NAT Mode server PepVPN profile ID 1, will have the following MAC Address generated for it:

MAC: 52-00-00-AD-F0-0D

52-00-00: this is a static prefix.
AE-F0-0D: this is part of the serial number of the device.

So no more Profile ID in the virtual MAC.