There is a misunderstanding here (see past tense in the "so far, ..." sentence) and what follows immediately afterwards in the same post you are quoting here:
All your VPN clients have been given an entry in the network table with a "mock-MAC" used by FTL to treat IP-only devices as it they were known by their hardware address (this relies on a certain stability of the IP<->client relation which is most often given in VPNs).
The rest of the quoted post gives an example how to do this, you can use that without the extra checkout step. The hardware address for your Wireguard devices will be the IP, prefixed by ip-, so, e.g.,