from Hacker News

WireGuard for the ESP32

by bishopsmother on 12/29/22, 10:52 AM with 125 comments

by keewee7 on 12/29/22, 12:06 PM
It's interesting how the ESP32 has become the de facto IoT MCU used in almost all new IoT products.
Other companies like TI and STMicro had their own cheap WiFi/BLE MCUs but their devkits used to be too expensive for hobbyists and students. But the Chinese startup behind the ESPxx chips made sure that their devkits were cheap enough for hobbyists and students and through that influence they now also dominate the professional industry.
by willemmerson on 12/29/22, 5:21 PM
It's not completely related but I've been thinking that having a router connected via wireguard might be a good way to do IoT deployments.
Generally IoT devices make an outbound connection to a server and use MQTTS for bi-directional data flow, because of the difficulty of inbound connections due to firewalls, NAT etc. But this has some downsides in that you have to run an MQTT server, each device is doing it's own TLS (which uses a lot of ram and increases firmware size on an ESP32), and MQTT doesn't really have end-to-end message confirmation.
It seems like a better way would be for each esp32 device to be in a wireshark network and to be running it's own HTTP webserver (which is easy to do with the SDK). Therefore any device can be sent a message from the server using a simple POST request to its ip address, and can send messages to the server using the servers HTTP api. It's much easier to test HTTP api's than mess about with MQTT, and individual devices don't need to do SSL because all data between the devices and server is encrypted by wireguard.
I suspect there's something I've overlooked, I think addressing individual devices could be difficult if you only know their IP addresses.
by alex_sf on 12/29/22, 3:43 PM
There seems to be people in these comments that know, so: is there something similar to the ESP32 but for cellular networks? A small, cheap microcontroller that I can add a SIM to and get connectivity?
The only ones I've messed with before were from Adafruit, but they are all 3g which is, afaik, completely decom'd now.
by squarefoot on 12/29/22, 4:26 PM
Did anyone test it on the ESP32-CAM? A quick search didn't produce much, although I believe that small module could benefit a lot from the added layer of security, assuming the hardware could withstand the added overhead on streamed video.
https://docs.ai-thinker.com/en/esp32-cam
https://www.youtube.com/watch?v=visj0KE5VtY
by atonse on 12/29/22, 6:15 PM
A Tailscale IoT mesh would be killer.
by lormayna on 12/29/22, 4:56 PM
What about the power consumption? ESP32 is not the best in term of energy efficiency, I guess that a series of crypto operations like the ones requested by a WG tunnel would have an impact on power and this can be a problem for a battery-powered ESP32.
by jvanderbot on 12/29/22, 3:13 PM
Well there's another project I can cross off my to-do list.
by adriancr on 12/29/22, 12:04 PM
This is awesome, any benchmarks on bandwidth so far?
by fulafel on 12/29/22, 5:38 PM
Are there memory safe language options for programming security critical internet facing interfaces like this on ESP32?
by no_time on 12/29/22, 12:41 PM
Is there a significant difference between doing HTTP over TLS vs HTTP over WireGuard?
I enjoy WireGuard and it's tooling but in this case TLS seems like the better, battle tested option without any significant downsides if all you are doing is HTTP anyways...
by dmos62 on 12/29/22, 1:34 PM
What are some of the things you can do when you have wireguard in your embedded device?
by gorgoiler on 12/29/22, 12:38 PM
Wow, congratulations. There's something lovely about seeing systems being configured in C source code. While I wasn't around at the time I imagine this is the way many of machines of the 1970s were configured as well (unless you had some kind of fancy Unix machine that could host its own compiler.)
by thingyop on 12/29/22, 5:34 PM
nice.