MQTT custom sensor in configuration.yaml
No I mean api wise.
I wrote earlier, you don’t read carefully 
MQTT - work
OTA - work
API - dont work in wireguard config.
API problem solved.
change default port 6053 to other.
api:
port: 9999
I did not know that MQTT implementation is so simple.
I got MQTT working, but not API and OTA. This works in my home LAN, but not outside. But this is a difficult issue, because the default Wireguard AddOn uses NAT and this eliminates the access from the LAN to a Wireguard client. NAT must be changed to a propper routing.
I disabled reboot on API not connected. I added a few options and took some inspiration from @bodychmarcin . So I have now a functional demo and can now get to serious applications.
substitutions:
device_name: "m5stack-atom-lite-1"
device_friendly_name: "M5Stack Atom Lite 1"
device_description: "M5Stack Atom Lite 1"
time_timezone: "Europe/Zurich"
esphome:
name: ${device_name}
friendly_name: $device_friendly_name
comment: "${device_description}"
name_add_mac_suffix: false
esp32:
board: m5stack-atom
framework:
type: arduino
wifi:
networks:
- ssid: !secret wifi_ssid5
password: !secret wifi_password5
- ssid: !secret wifi_ssid4
password: !secret wifi_password4
- ssid: !secret wifi_ssid3
password: !secret wifi_password3
- ssid: !secret wifi_ssid2
password: !secret wifi_password2
- ssid: !secret wifi_ssid
password: !secret wifi_password
#fast_connect: true
#use_address: "172.27.66.6"
# Enable fallback hotspot (captive portal) in case wifi connection fails
ap:
ssid: ${device_name}
password: !secret wifi_fallback_password
captive_portal:
# Enable logging
logger:
# level: VERY_VERBOSE
# Enable Home Assistant API
api:
encryption:
key: !secret home_assistant_key
reboot_timeout: 0s
ota:
password: !secret ota_password
light:
- platform: esp32_rmt_led_strip
rgb_order: GRB
pin: 27
num_leds: 1
rmt_channel: 0
chipset: SK6812
name: "Status LED"
id: status_led
default_transition_length: 0.1s
effects:
- random:
- random:
name: Random slow
transition_length: 15s
update_interval: 20s
- flicker:
- addressable_rainbow:
- addressable_rainbow:
name: Rainbow slow
speed: 1
width: 100
- strobe:
name: Blink
- strobe:
name: Flash
colors:
- state: true
brightness: 100%
duration: 50ms
- state: false
duration: 950ms
- pulse:
- pulse:
name: "Slow Pulse"
update_interval: 5s
- lambda:
name: My Custom Effect
update_interval: 1s
lambda: |-
static int state = 0;
auto call = id(status_led).turn_on();
// Transition of 1000ms = 1s
call.set_transition_length(1000);
if (state == 0) {
call.set_rgb(1.0, 1.0, 1.0);
} else if (state == 1) {
call.set_rgb(1.0, 0.0, 1.0);
} else if (state == 2) {
call.set_rgb(0.0, 0.0, 1.0);
} else {
call.set_rgb(1.0, 0.0, 0.0);
}
call.perform();
state += 1;
if (state == 4)
state = 0;
binary_sensor:
- platform: gpio
pin:
number: 39
inverted: True
name: Button
filters:
- delayed_off: 10ms
on_press:
then:
- light.toggle: status_led
- platform: wireguard
status:
name: 'WireGuard Status'
time:
- platform: sntp
id: sntp_time
mqtt:
broker: 192.168.1.88
username: !secret mqtt_user
password: !secret mqtt_password
#discovery: false
web_server:
port: 80
include_internal: true
ota: False
wireguard:
address: 172.27.66.6
private_key: !secret wg_privkey
peer_public_key: !secret wg_pubkey
peer_endpoint: !secret wg_host
peer_port: !secret wg_port
peer_persistent_keepalive: 30s
require_connection_to_proceed: true
netmask: 0.0.0.0
#peer_allowed_ips:
# - 192.168.1.0/24
I would like to be abled to do remote OTA and to use the API instead of MQTT. Is here an expert on Wireguard server configuration including hassio docker and routing setup ?
1 Like
Did you manage to realize your idea? does the API work via wireguard?
No, see last post just above yours. I still need help configuring the Wireguard Server AddOn differently (without NAT but with routing), probably from @frenck . But as I understand docker and Nnetworking, this can be tricky to route from an “internal” VPN network like Wireguard has, to the “outside” and especially from my local LAN (and Home Assistant itself) to a VPN connected client.
1 Like
Hi, I have exactly the same problem. I’m trying to solve it, as soon as I found a way to route from Wireguard to Hassio, I immediately report
Hello,
I had the same problem, ESP32 connected with wireguard VPN addon in HAOS.
Only MQTT work
I found that the problem is that ESPHOME is behind SSL Proxy
(additional settings for SSL proxy didn´t work for me)
I solve it with second HA instance (on different machine which is not behind the proxy)
connected to my main HA instance via HACS custom component.
MQTT work
API work
bluetooth proxy on ESP also work so I am able to use BLE sensors on remote site as bonus
I know , the easier way is to set up SSL proxy, but I don´t know how to do it
Hi - maybe too late, maybe not…
I have the same issue - esphome/wireguard was not visible from HA
I had to enter the following line to config.yaml of HA:
command_line:
- sensor:
name: Wireguard addon internal IP
command: “host_result=$(host a0d7b954-wireguard); addon_ip=${host_result##* }; ip route replace 172.244.66.0/24 via $addon_ip src 192.168.2.4”
172.244.66.0 - ip of wg / server is 172.244.66.1
192.168.2.4 - ip of HA host
it fixing the routing from wg subnet to local one, to enable esp device be visible in HA
hopping it helps!
1 Like
Hello glitch69. I have the same problem but not very expert. I wold appreciate if you can show me where did you calculate the a0d7b954. ? is an addres of what ?. thanks in advance
I added this to my commandline part:
- sensor:
name: Wireguard addon internal IP
command: “host_result=$(host a0d7b954-wireguard); addon_ip=${host_result##* }; ip route replace 172.244.66.0/24 via $addon_ip src 192.168.111.88”
And I get this error:
Command failed (with return code 1): “host_result=$(host a0d7b954-wireguard); addon_ip=${host_result##* }; ip route replace 172.244.66.0/24 via $addon_ip src 192.168.111.88”
Probably it would my sense you check the exact syntax and/or paste your example as preformated text like I did above.
Thanks
Thank you @glitch69! Your example got me on the right track. For others looking to get this working, follow these steps:
-
Use the ‘Advanced SSH & Web Terminal’ add-on and run this command in the terminal:
host a0d7b954-wireguardThis will give you the Docker IP of your WireGuard instance (mine was 172.30.33.11). Confirm the hostname on the WireGuard add-on info screen.
-
You will need:
- Docker IP of your WireGuard instance (e.g., 172.30.33.11)
- WireGuard VPN subnet (e.g., 10.42.42.0/24)
- Your Home Assistant server LAN IP (e.g., 192.168.1.242)
-
Add the following to your
configuration.yaml:- platform: command_line name: WireGuard addon internal IP command: > ip route replace 10.42.42.0/24 via 172.30.33.11 src 192.168.1.242 -
Restart Home Assistant.
-
In the integrations, add an ESP device using the WireGuard IP of your ESP device. It may show as offline in the ESPHome add-on, but you should still be able to connect and view logs wirelessly.
-
Ensure you have the
use_addresssetting under WiFi in your ESP configuration.
I hope this helps someone else. I spent way too long figuring this out.
2 Likes
@skyflyt86 When adding this to the config.yml is there a certain area that this needs to be added. I have tried setting this up several times now with no success. I am able to ping to the esp8266 device over the wireguard vpn but cannot add the device in home a assistant through integrations → esphome node → IP/port. I am insure if I am missing something but just wanted to ask. The only way that I can ping the esp device is by running the command listed above ( `host_result=$(host a0d7b954-wireguard); addon_ip=${host_result##*
}; ip route replace 192.168.5.0/24 via $addon_ip src 192.168.x.x. Placing in th proper IPs accordingly.
Thanks, for any help
I assume this is with the Wireguard add-on for Home Assistant? I’m having similar issues, but I’m running Wireguard on my Unifi dream machine router. Is there a similar approach I need to use in my situation?
No, this discussion is about esphome.
I’m using ESPhome within HA as well, but I’m not using the Wireguard add-on for HA, I’m running Wireguard on my Unifi firewall.
Did you find a solution for your situation? I’m in a similar boat.
It needs to be in the “sensor” section of your configuration.yaml if you dont already have that sectionit would look like this:
sensor:
- platform: command_line
name: Wireguard addon internal IP
command: >
ip route replace 10.42.42.0/24 via 172.30.33.11 src 192.168.1.242
Also its super important that you add the use_address section in your esp config under the wifi config for the device. it should look like this:
wifi:
networks:
- ssid: "SSID"
password: "PWD"
hidden: True
- ssid: "backup wifi SSID"
password: "Password"
use_address: 10.42.42.7
Tried that solution but I wasn’t successful.
In general I’m able to establish a Wireguard connection from the ESPHome device. ESP logs and Wg logs contains according entries. But I’m unable to add the ESP to HA, I’ll still get the known error about API.
Wireguard AddOn configuration
Server
host: myFQDN
addresses:
- 172.27.66.1
dns: []
Peers
- name: garage-victron
addresses:
- 172.27.66.2
allowed_ips: []
client_allowed_ips: []
The ESPHome YAML looks like this:
substitutions:
name: garage-victron
friendly_name: Garage Victron
esphome:
name: ${name}
friendly_name: ${friendly_name}
esp8266:
board: esp01_1m
logger:
api:
ota:
- platform: esphome
wifi:
ssid: !secret test_ssid # my iPhone Hotspot
password: !secret test_password
use_address: !secret victron_wg_address # equals to 172.27.66.2
time:
- platform: sntp
servers:
- 0.de.pool.ntp.org
- 1.de.pool.ntp.org
- 2.de.pool.ntp.org
timezone: Europe/Berlin
wireguard:
address: !secret victron_wg_address # equals to 172.27.66.2
private_key: !secret victron_wg_private_key
peer_endpoint: !secret wg_peer_endpoint
peer_public_key: !secret wg_peer_public_key
netmask: 0.0.0.0
peer_persistent_keepalive: 25s
binary_sensor:
- platform: wireguard
status:
name: 'WireGuard Status'
sensor:
- platform: wifi_signal # Reports the WiFi signal strength/RSSI in dB
name: "WiFi Signal dB"
id: wifi_signal_db
update_interval: 60s
entity_category: "diagnostic"
- platform: copy # Reports the WiFi signal strength in %
source_id: wifi_signal_db
name: "WiFi Signal Percent"
filters:
- lambda: return min(max(2 * (x + 100.0), 0.0), 100.0);
unit_of_measurement: "Signal %"
entity_category: "diagnostic"
device_class: ""
- platform: wireguard
latest_handshake:
name: 'WireGuard Latest Handshake'
text_sensor:
- platform: wifi_info
ip_address:
name: ESP IP Address
address_0:
name: ESP IP Address 0
address_1:
name: ESP IP Address 1
address_2:
name: ESP IP Address 2
address_3:
name: ESP IP Address 3
address_4:
name: ESP IP Address 4
ssid:
name: ESP Connected SSID
bssid:
name: ESP Connected BSSID
mac_address:
name: ESP Mac Wifi Address
scan_results:
name: ESP Latest Scan Results
dns_address:
name: ESP DNS Address
- platform: wireguard
address:
name: 'WireGuard Address'
Logs from ESP:
[12:41:09][I][app:100]: ESPHome version 2024.10.1 compiled on Oct 22 2024, 12:34:30
[12:41:09][C][wifi:600]: WiFi:
[12:41:09][C][wifi:428]: Local MAC: C8:C9:A3:3B:18:F5
[12:41:09][C][wifi:433]: SSID: [redacted]
[12:41:09][C][wifi:436]: IP Address: 172.20.10.2
[12:41:09][C][wifi:439]: BSSID: [redacted]
[12:41:09][C][wifi:441]: Hostname: 'garage-victron'
[12:41:09][C][wifi:443]: Signal strength: -50 dB ▂▄▆█
[12:41:09][C][wifi:447]: Channel: 6
[12:41:09][C][wifi:448]: Subnet: 255.255.255.240
[12:41:09][C][wifi:449]: Gateway: 172.20.10.1
[12:41:09][C][wifi:450]: DNS1: 172.20.10.1
[12:41:09][C][wifi:451]: DNS2: 0.0.0.0
[12:41:09][C][logger:185]: Logger:
[12:41:09][C][logger:186]: Level: DEBUG
[12:41:09][C][logger:188]: Log Baud Rate: 115200
[12:41:09][C][logger:189]: Hardware UART: UART0
[12:41:09][C][copy.sensor:015]: Copy Sensor 'WiFi Signal Percent'
[12:41:09][C][copy.sensor:015]: State Class: 'measurement'
[12:41:09][C][copy.sensor:015]: Unit of Measurement: 'Signal %'
[12:41:09][C][copy.sensor:015]: Accuracy Decimals: 0
[12:41:09][C][wifi_info:014]: WifiInfo Mac Address 'ESP Mac Wifi Address'
[12:41:09][C][sntp:048]: SNTP Time:
[12:41:09][C][sntp:049]: Server 1: '0.de.pool.ntp.org'
[12:41:09][C][sntp:050]: Server 2: '1.de.pool.ntp.org'
[12:41:09][C][sntp:051]: Server 3: '2.de.pool.ntp.org'
[12:41:09][C][sntp:052]: Timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
[12:41:09][C][wireguard:132]: WireGuard:
[12:41:09][C][wireguard:133]: Address: 172.27.66.2
[12:41:09][C][wireguard:134]: Netmask: 0.0.0.0
[12:41:09][C][wireguard:135]: Private Key: [redacted]
[12:41:09][C][wireguard:136]: Peer Endpoint: [redacted]
[12:41:09][C][wireguard:137]: Peer Port: [redacted]
[12:41:09][C][wireguard:138]: Peer Public Key: [redacted]
[12:41:09][C][wireguard:139]: Peer Pre-shared Key: [redacted]
[12:41:09][C][wireguard:141]: Peer Allowed IPs:
[12:41:09][C][wireguard:143]: - 0.0.0.0/0.0.0.0
[12:41:09][C][wireguard:145]: Peer Persistent Keepalive: 25s
[12:41:09][C][wireguard:147]: Reboot Timeout: 900s
[12:41:09][C][wireguard:150]: Require Connection to Proceed: NO
[12:41:09][C][wireguard:151]: Update Interval: 10.0s
[12:41:09][D][sntp:072]: Synchronized time: 2024-10-22 12:41:09
[12:41:09][D][wireguard:251]: starting WireGuard connection...
[12:41:09][I][wireguard:255]: WireGuard connection started
[12:41:09][D][wireguard:264]: configuring WireGuard allowed IPs list...
[12:41:09][D][wireguard:272]: allowed IPs list configured correctly
[12:41:09][W][component:237]: Component sntp.time took a long time for an operation (413 ms).
[12:41:09][W][component:238]: Components should block for at most 30 ms.
[12:41:09][C][mdns:116]: mDNS:
[12:41:09][C][mdns:117]: Hostname: garage-victron
[12:41:09][C][esphome.ota:073]: Over-The-Air updates:
[12:41:09][C][esphome.ota:074]: Address: 172.27.66.2:8266
[12:41:09][C][esphome.ota:075]: Version: 2
[12:41:09][D][text_sensor:064]: 'ESP IP Address': Sending state '172.27.66.2'
[12:41:09][D][text_sensor:064]: 'ESP IP Address 0': Sending state '172.27.66.2'
[12:41:09][D][text_sensor:064]: 'ESP IP Address 1': Sending state '172.20.10.2'
[12:41:17][I][wireguard:095]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:17][D][binary_sensor:036]: 'WireGuard Status': Sending state ON
[12:41:17][D][sensor:093]: 'WireGuard Latest Handshake': Sending state 1729593728.00000 with 0 decimals of accuracy
[12:41:27][D][wireguard:098]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:37][D][wireguard:098]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:47][D][wireguard:098]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:54][D][sensor:093]: 'WiFi Signal dB': Sending state -49.00000 dBm with 0 decimals of accuracy
[12:41:54][D][sensor:093]: 'WiFi Signal Percent': Sending state 100.00000 Signal % with 0 decimals of accuracy
[12:41:57][D][wireguard:098]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:59][I][safe_mode:041]: Boot seems successful; resetting boot loop counter
Wireguard logs:
peer: zHlmTg[...]=
endpoint: 109.43.178.169:30889
allowed ips: 172.27.66.2/32
latest handshake: 42 seconds ago
transfer: 70.44 KiB received, 230.66 KiB sent
persistent keepalive: every 25 seconds
[12:53:05] INFO: Requesting current status from WireGuard...
interface: wg0
public key: GWp[...]=
private key: (hidden)
listening port: 51820
peer: zHlmTg[...]=
endpoint: 109.43.178.169:30889
allowed ips: 172.27.66.2/32
latest handshake: 1 minute, 13 seconds ago
transfer: 70.47 KiB received, 230.69 KiB sent
persistent keepalive: every 25 seconds
Docker IP Wireguard AddOn: 172.30.33.7
Wireguard VPN Subnet: 172.27.66.0/24
HA Server LAN IP: 192.168.178.2
sensor:
- platform: command_line
name: WireGuard addon internal IP
command: >
ip route replace 172.27.66.0/24 via 172.30.33.7 src 192.168.178.2
To be honest, I did not find any hint in logs if this command completed successful after rebooting the hole HA Host. So no idea if it was successful.
All this done, I’m still unable to add the ESP device using Integrations → ESPHome → Add Device
Any hints to get this working?
Cheers Carsten