ESP32 Sensor connected via Wireguard does not work

skyflyt86 · July 6, 2024, 2:46pm

Thank you @glitch69! Your example got me on the right track. For others looking to get this working, follow these steps:

Use the ‘Advanced SSH & Web Terminal’ add-on and run this command in the terminal:
```
host a0d7b954-wireguard
```
This will give you the Docker IP of your WireGuard instance (mine was 172.30.33.11). Confirm the hostname on the WireGuard add-on info screen.
You will need:
- Docker IP of your WireGuard instance (e.g., 172.30.33.11)
- WireGuard VPN subnet (e.g., 10.42.42.0/24)
- Your Home Assistant server LAN IP (e.g., 192.168.1.242)

Add the following to your configuration.yaml:

- platform: command_line
  name: WireGuard addon internal IP
  command: >
    ip route replace 10.42.42.0/24 via 172.30.33.11 src 192.168.1.242

Restart Home Assistant.
In the integrations, add an ESP device using the WireGuard IP of your ESP device. It may show as offline in the ESPHome add-on, but you should still be able to connect and view logs wirelessly.
Ensure you have the use_address setting under WiFi in your ESP configuration.

I hope this helps someone else. I spent way too long figuring this out.

Brockoli_Cheese · July 10, 2024, 4:51pm

@skyflyt86 When adding this to the config.yml is there a certain area that this needs to be added. I have tried setting this up several times now with no success. I am able to ping to the esp8266 device over the wireguard vpn but cannot add the device in home a assistant through integrations → esphome node → IP/port. I am insure if I am missing something but just wanted to ask. The only way that I can ping the esp device is by running the command listed above ( `host_result=$(host a0d7b954-wireguard); addon_ip=${host_result##*
}; ip route replace 192.168.5.0/24 via $addon_ip src 192.168.x.x. Placing in th proper IPs accordingly.

Thanks, for any help

darrendavid · July 14, 2024, 4:24am

I assume this is with the Wireguard add-on for Home Assistant? I’m having similar issues, but I’m running Wireguard on my Unifi dream machine router. Is there a similar approach I need to use in my situation?

nickrout · July 14, 2024, 4:25am

No, this discussion is about esphome.

darrendavid · July 14, 2024, 4:27am

I’m using ESPhome within HA as well, but I’m not using the Wireguard add-on for HA, I’m running Wireguard on my Unifi firewall.

darrendavid · July 14, 2024, 4:29am

Did you find a solution for your situation? I’m in a similar boat.

skyflyt86 · July 18, 2024, 12:38pm

It needs to be in the “sensor” section of your configuration.yaml if you dont already have that sectionit would look like this:

sensor:
  - platform: command_line
    name: Wireguard addon internal IP
    command: >
      ip route replace 10.42.42.0/24 via 172.30.33.11 src 192.168.1.242

Also its super important that you add the use_address section in your esp config under the wifi config for the device. it should look like this:

wifi:
  networks:
  - ssid: "SSID"
    password: "PWD"
    hidden: True
  - ssid: "backup wifi SSID"
    password: "Password"
  use_address: 10.42.42.7

carslen · October 22, 2024, 11:33am

Tried that solution but I wasn’t successful.

In general I’m able to establish a Wireguard connection from the ESPHome device. ESP logs and Wg logs contains according entries. But I’m unable to add the ESP to HA, I’ll still get the known error about API.

Wireguard AddOn configuration

Server

host: myFQDN
addresses:
  - 172.27.66.1
dns: []

Peers

- name: garage-victron
  addresses:
    - 172.27.66.2
  allowed_ips: []
  client_allowed_ips: []

The ESPHome YAML looks like this:

substitutions:
  name: garage-victron
  friendly_name: Garage Victron

esphome:
  name: ${name}
  friendly_name: ${friendly_name}

esp8266:
  board: esp01_1m

logger:

api:

ota:
- platform: esphome

wifi:
  ssid: !secret test_ssid # my iPhone Hotspot
  password: !secret test_password
  use_address: !secret victron_wg_address # equals to 172.27.66.2

time:
  - platform: sntp
    servers: 
      - 0.de.pool.ntp.org
      - 1.de.pool.ntp.org
      - 2.de.pool.ntp.org
    timezone: Europe/Berlin

wireguard:
  address: !secret victron_wg_address # equals to 172.27.66.2
  private_key: !secret victron_wg_private_key
  peer_endpoint: !secret wg_peer_endpoint
  peer_public_key: !secret wg_peer_public_key
  netmask: 0.0.0.0
  peer_persistent_keepalive: 25s

binary_sensor:
  - platform: wireguard
    status:
      name: 'WireGuard Status'

sensor:
  - platform: wifi_signal # Reports the WiFi signal strength/RSSI in dB
    name: "WiFi Signal dB"
    id: wifi_signal_db
    update_interval: 60s
    entity_category: "diagnostic"

  - platform: copy # Reports the WiFi signal strength in %
    source_id: wifi_signal_db
    name: "WiFi Signal Percent"
    filters:
      - lambda: return min(max(2 * (x + 100.0), 0.0), 100.0);
    unit_of_measurement: "Signal %"
    entity_category: "diagnostic"
    device_class: ""

  - platform: wireguard
    latest_handshake:
      name: 'WireGuard Latest Handshake'

text_sensor:
  - platform: wifi_info
    ip_address:
      name: ESP IP Address
      address_0:
        name: ESP IP Address 0
      address_1:
        name: ESP IP Address 1
      address_2:
        name: ESP IP Address 2
      address_3:
        name: ESP IP Address 3
      address_4:
        name: ESP IP Address 4
    ssid:
      name: ESP Connected SSID
    bssid:
      name: ESP Connected BSSID
    mac_address:
      name: ESP Mac Wifi Address
    scan_results:
      name: ESP Latest Scan Results
    dns_address:
      name: ESP DNS Address

  - platform: wireguard
    address:
      name: 'WireGuard Address'

Logs from ESP:

[12:41:09][I][app:100]: ESPHome version 2024.10.1 compiled on Oct 22 2024, 12:34:30
[12:41:09][C][wifi:600]: WiFi:
[12:41:09][C][wifi:428]:   Local MAC: C8:C9:A3:3B:18:F5
[12:41:09][C][wifi:433]:   SSID: [redacted]
[12:41:09][C][wifi:436]:   IP Address: 172.20.10.2
[12:41:09][C][wifi:439]:   BSSID: [redacted]
[12:41:09][C][wifi:441]:   Hostname: 'garage-victron'
[12:41:09][C][wifi:443]:   Signal strength: -50 dB ▂▄▆█
[12:41:09][C][wifi:447]:   Channel: 6
[12:41:09][C][wifi:448]:   Subnet: 255.255.255.240
[12:41:09][C][wifi:449]:   Gateway: 172.20.10.1
[12:41:09][C][wifi:450]:   DNS1: 172.20.10.1
[12:41:09][C][wifi:451]:   DNS2: 0.0.0.0
[12:41:09][C][logger:185]: Logger:
[12:41:09][C][logger:186]:   Level: DEBUG
[12:41:09][C][logger:188]:   Log Baud Rate: 115200
[12:41:09][C][logger:189]:   Hardware UART: UART0
[12:41:09][C][copy.sensor:015]: Copy Sensor 'WiFi Signal Percent'
[12:41:09][C][copy.sensor:015]:   State Class: 'measurement'
[12:41:09][C][copy.sensor:015]:   Unit of Measurement: 'Signal %'
[12:41:09][C][copy.sensor:015]:   Accuracy Decimals: 0
[12:41:09][C][wifi_info:014]: WifiInfo Mac Address 'ESP Mac Wifi Address'
[12:41:09][C][sntp:048]: SNTP Time:
[12:41:09][C][sntp:049]:   Server 1: '0.de.pool.ntp.org'
[12:41:09][C][sntp:050]:   Server 2: '1.de.pool.ntp.org'
[12:41:09][C][sntp:051]:   Server 3: '2.de.pool.ntp.org'
[12:41:09][C][sntp:052]:   Timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
[12:41:09][C][wireguard:132]: WireGuard:
[12:41:09][C][wireguard:133]:   Address: 172.27.66.2
[12:41:09][C][wireguard:134]:   Netmask: 0.0.0.0
[12:41:09][C][wireguard:135]:   Private Key: [redacted]
[12:41:09][C][wireguard:136]:   Peer Endpoint: [redacted]
[12:41:09][C][wireguard:137]:   Peer Port: [redacted]
[12:41:09][C][wireguard:138]:   Peer Public Key: [redacted]
[12:41:09][C][wireguard:139]:   Peer Pre-shared Key: [redacted]
[12:41:09][C][wireguard:141]:   Peer Allowed IPs:
[12:41:09][C][wireguard:143]:     - 0.0.0.0/0.0.0.0
[12:41:09][C][wireguard:145]:   Peer Persistent Keepalive: 25s
[12:41:09][C][wireguard:147]:   Reboot Timeout: 900s
[12:41:09][C][wireguard:150]:   Require Connection to Proceed: NO
[12:41:09][C][wireguard:151]:   Update Interval: 10.0s
[12:41:09][D][sntp:072]: Synchronized time: 2024-10-22 12:41:09
[12:41:09][D][wireguard:251]: starting WireGuard connection...
[12:41:09][I][wireguard:255]: WireGuard connection started
[12:41:09][D][wireguard:264]: configuring WireGuard allowed IPs list...
[12:41:09][D][wireguard:272]: allowed IPs list configured correctly
[12:41:09][W][component:237]: Component sntp.time took a long time for an operation (413 ms).
[12:41:09][W][component:238]: Components should block for at most 30 ms.
[12:41:09][C][mdns:116]: mDNS:
[12:41:09][C][mdns:117]:   Hostname: garage-victron
[12:41:09][C][esphome.ota:073]: Over-The-Air updates:
[12:41:09][C][esphome.ota:074]:   Address: 172.27.66.2:8266
[12:41:09][C][esphome.ota:075]:   Version: 2
[12:41:09][D][text_sensor:064]: 'ESP IP Address': Sending state '172.27.66.2'
[12:41:09][D][text_sensor:064]: 'ESP IP Address 0': Sending state '172.27.66.2'
[12:41:09][D][text_sensor:064]: 'ESP IP Address 1': Sending state '172.20.10.2'
[12:41:17][I][wireguard:095]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:17][D][binary_sensor:036]: 'WireGuard Status': Sending state ON
[12:41:17][D][sensor:093]: 'WireGuard Latest Handshake': Sending state 1729593728.00000  with 0 decimals of accuracy
[12:41:27][D][wireguard:098]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:37][D][wireguard:098]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:47][D][wireguard:098]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:54][D][sensor:093]: 'WiFi Signal dB': Sending state -49.00000 dBm with 0 decimals of accuracy
[12:41:54][D][sensor:093]: 'WiFi Signal Percent': Sending state 100.00000 Signal % with 0 decimals of accuracy
[12:41:57][D][wireguard:098]: WireGuard remote peer is online (latest handshake 2024-10-22 12:41:10 CEST)
[12:41:59][I][safe_mode:041]: Boot seems successful; resetting boot loop counter

Wireguard logs:

peer: zHlmTg[...]=
  endpoint: 109.43.178.169:30889
  allowed ips: 172.27.66.2/32
  latest handshake: 42 seconds ago
  transfer: 70.44 KiB received, 230.66 KiB sent
  persistent keepalive: every 25 seconds
[12:53:05] INFO: Requesting current status from WireGuard...
interface: wg0
  public key: GWp[...]=
  private key: (hidden)
  listening port: 51820

peer: zHlmTg[...]=
  endpoint: 109.43.178.169:30889
  allowed ips: 172.27.66.2/32
  latest handshake: 1 minute, 13 seconds ago
  transfer: 70.47 KiB received, 230.69 KiB sent
  persistent keepalive: every 25 seconds

Docker IP Wireguard AddOn: 172.30.33.7
Wireguard VPN Subnet: 172.27.66.0/24
HA Server LAN IP: 192.168.178.2

sensor:
  - platform: command_line
    name: WireGuard addon internal IP
    command: >
      ip route replace 172.27.66.0/24 via 172.30.33.7 src 192.168.178.2

To be honest, I did not find any hint in logs if this command completed successful after rebooting the hole HA Host. So no idea if it was successful.

All this done, I’m still unable to add the ESP device using Integrations → ESPHome → Add Device

Any hints to get this working?

Cheers Carsten