Mikrotik BTH generates Wireguard configuration files with an additional peer at the bottom with AllowedIPs set to 0.0.0.0/32 and a very odd PublicKey as follows. Could someone explain what purpose does this peer entry serve?

From my understanding, one uses your smartphone to create an initial tunnel while behind the router.
Then one can use the smartphone BTH app ( under MANAGED SHARES) to generate qr codes or config files for other smart phones/laptops etc...... (laptops use the wireguard app itself).

THe router is capable of generating one QR code/config file for a remote user and maybe that is what you are asking about??

Hi @anav, thanks for the reply.

The functioning of BTH it is pretty clear to me, my question is about this "mysterious" peer with PublicKey //////////////////////////////////////////8= that is being added.

If I remove this from the config everything works regardless. I don't understand the need of a second peer... Also I don't understand 0.0.0.0/32 to be honest. Has this something to do with the Mikrotik Relay functionality in case the WAN IP is not public?

If you have direct access to your router (it has public IP) then one connection is enough, but if your device is behind NAT or has non public IP, the connection will go over our MikroTIk Relay service, this is what the other config is for.

If you have direct access to your router (it has public IP) then one connection is enough, but if your device is behind NAT or has non public IP, the connection will go over our MikroTIk Relay service, this is what the other config is for.

Thanks for the reply. I suspected that, thanks a lot for clarifying.

Thank you emarj, I misunderstood your question and gave you a duff answer, now I understand that additional BTH config, and will be able to assist others more accurately down the line.
Thanks to @Normis, for clearing that up................... Suggest you add it to the MT document section on BTH so its clear to all readers as well.