Wireguard handshake successful but I can't find it on my local network

I’m trying hard to get an esphome device connected via the new wireguard component. Like the title says, there is handshake and that’s it, not even ping response from expected esphome address while “connected”. My phone connects just fine.

I threw everything at the wall: different subnets (same as local or different) , different masks and peer_allowed_ips, static ip.

This is my Wireguard addon config:

server:
  host: lwp***m841.duckdns.org
  addresses:
    - 192.168.95.1
  dns:
    - 192.168.0.1
    - 1.1.1.1
peers:
  - name: hallowolrdah
    addresses:
      - 192.168.95.2 #phone
      - 192.168.95.3 #esphome device?
    allowed_ips: []
    client_allowed_ips:
      - 192.168.0.0/24

This is the wireguard esphome config I’m trying to setup:

mdns:

time:
  - platform: sntp
    id: sntp_time

web_server:
  port: 80
  local: True
  ota: true

wifi:
  #use_address: 192.168.95.3
  networks:
    - ssid: Hotspot
      password: testing123
      manual_ip:
        static_ip: 192.168.162.137
        gateway: 192.168.162.4
        subnet: 255.255.255.0
        dns1: 192.168.162.4

wireguard:
    address: 192.168.95.3
    private_key: redacted=
    peer_endpoint: lwp***m841.duckdns.org
    peer_public_key: redacted=
    netmask: 255.255.255.0
    peer_port: 51820
    peer_allowed_ips:
                - 192.168.0.0/24
              #- 0.0.0.0/0
    peer_persistent_keepalive: 25s

ESP Serial Log:

[I][wifi:560]: WiFi Connected!
[C][wifi:382]:   Local MAC: [redacted]
[C][wifi:383]:   SSID: [redacted]
[C][wifi:384]:   IP Address: 192.168.162.137
[C][wifi:386]:   BSSID: [redacted]
[C][wifi:387]:   Hostname: 'esp32s3-1'
[C][wifi:389]:   Signal strength: -42 dB ▂▄▆█
[C][wifi:393]:   Channel: 6
[C][wifi:394]:   Subnet: 255.255.255.0
[C][wifi:395]:   Gateway: 192.168.162.4
[C][wifi:396]:   DNS1: 192.168.162.4
[C][wifi:397]:   DNS2: 0.0.0.0
[D][wifi:569]: Disabling AP...
[C][web_server:116]: Setting up web server...
[C][sntp:028]: Setting up SNTP...
[D][wireguard:037]: initializing WireGuard...
[I][wireguard:053]: WireGuard initialized
[C][ota:097]: Over-The-Air Updates:
[C][ota:098]:   Address: 192.168.95.3:3232
[C][ota:101]:   Using Password.
[W][ota:107]: Last Boot was an unhandled reset, will proceed to safe mode in 8 restarts
[C][api:025]: Setting up Home Assistant API server...
[I][app:062]: setup() finished successfully!
[D][wireguard:099]: WireGuard remote peer is offline (latest handshake timestamp not available)
[D][wireguard:203]: WireGuard is waiting for system time to be synchronized
[D][wireguard:203]: WireGuard is waiting for system time to be synchronized
[I][app:102]: ESPHome version 2023.9.3 compiled on Oct 17 2023, 19:31:06
[C][wifi:546]: WiFi:
[C][wifi:382]:   Local MAC: [redacted]
[C][wifi:383]:   SSID: [redacted]
[C][wifi:384]:   IP Address: 192.168.162.137
[C][wifi:386]:   BSSID: [redacted]
[C][wifi:387]:   Hostname: 'esp32s3-1'
[C][wifi:389]:   Signal strength: -46 dB ▂▄▆█
[C][wifi:393]:   Channel: 6
[C][wifi:394]:   Subnet: 255.255.255.0
[C][wifi:395]:   Gateway: 192.168.162.4
[C][wifi:396]:   DNS1: 192.168.162.4
[C][wifi:397]:   DNS2: 0.0.0.0
[C][logger:357]: Logger:
[C][logger:358]:   Level: DEBUG
[C][logger:359]:   Log Baud Rate: 115200
[C][logger:361]:   Hardware UART: UART0
[C][captive_portal:088]: Captive Portal:
[C][web_server:161]: Web Server:
[C][web_server:162]:   Address: 192.168.95.3:80
[C][sntp:053]: SNTP Time:
[C][sntp:054]:   Server 1: '0.pool.ntp.org'
[C][sntp:055]:   Server 2: '1.pool.ntp.org'
[C][sntp:056]:   Server 3: '2.pool.ntp.org'
[C][sntp:057]:   Timezone: 'EET-2EEST,M3.5.0/3,M10.5.0/4'
[C][wireguard:126]: WireGuard:
[C][wireguard:127]:   Address: 192.168.95.3
[C][wireguard:128]:   Netmask: 255.255.255.0
[C][wireguard:129]:   Private Key: [redacted]
[C][wireguard:130]:   Peer Endpoint: [redacted]
[C][wireguard:131]:   Peer Port: [redacted]
[C][wireguard:132]:   Peer Public Key: [redacted]
[C][wireguard:134]:   Peer Pre-shared Key: [redacted]
[C][wireguard:135]:   Peer Allowed IPs:
[C][wireguard:137]:     - 192.168.0.0/255.255.255.0
[C][wireguard:140]:   Peer Persistent Keepalive: 25s
[C][wireguard:142]:   Reboot Timeout: 900s
[C][wireguard:144]:   Require Connection to Proceed: NO
[C][wireguard:145]:   Update Interval: 10.0s
[C][mdns:115]: mDNS:
[C][mdns:116]:   Hostname: esp32s3-1
[C][ota:097]: Over-The-Air Updates:
[C][ota:098]:   Address: 192.168.95.3:3232
[C][ota:101]:   Using Password.
[W][ota:107]: Last Boot was an unhandled reset, will proceed to safe mode in 8 restarts
[C][api:138]: API Server:
[C][api:139]:   Address: 192.168.95.3:6053
[C][api:141]:   Using noise encryption: YES
[D][sntp:078]: Synchronized time: 2023-10-17 19:52:20
[D][wireguard:212]: starting WireGuard connection...
[D][esp-idf:000]: E (28051) esp_wireguard: getaddrinfo: unable to resolve `l[redacted].duckdns.org`
[D][esp-idf:000]: E (28061) esp_wireguard: esp_wireguard_peer_init: ESP_FAIL
[W][wireguard:228]: cannot start WireGuard connection, error code -1
[W][component:204]: Component sntp.time took a long time for an operation (7.04 s).
[W][component:205]: Components should block for at most 20-30ms.
[D][wireguard:099]: WireGuard remote peer is offline (latest handshake timestamp not available)
[D][wireguard:212]: starting WireGuard connection...
[I][wireguard:226]: WireGuard connection started
[D][wireguard:232]: configuring WireGuard allowed IPs list...
[D][wireguard:240]: allowed IPs list configured correctly
[W][component:204]: Component wireguard took a long time for an operation (2.19 s).
[W][component:205]: Components should block for at most 20-30ms.
[I][wireguard:089]: WireGuard remote peer is online (latest handshake 2023-10-17 19:52:29 EEST)

Wireguard addon log:

[20:23:10] INFO: Requesting current status from WireGuard...
interface: wg0
  public key: (hidden)
  private key: (hidden)
  listening port: 51820
peer: (hidden)
  endpoint: redacted:58947
  allowed ips: 192.168.95.2/32, 192.168.95.3/32
  latest handshake: 48 seconds ago
  transfer: 2.98 KiB received, 7.79 KiB sent
  persistent keepalive: every 25 seconds

I’m getting exactly the same, and this was the first google result for “WireGuard remote peer is online (latest handshake”

wifi:
  ssid: !secret office-wifi
  password: !secret office-pass
  use_address: 192.168.100.100

time:
  - platform: sntp
    id: sntp_time


wireguard:
  peer_endpoint: !secret wg_endpoint
  private_key: !secret wg_privkey
  peer_public_key: !secret wg_pubkey
  address: 192.168.100.100
  netmask: 0.0.0.0

Server Config for WG in HA

host: [redacted]
addresses:
  - 192.168.100.1
dns:
  - 192.168.1.3

peer config in WG on HA

- name: office-esp
  addresses:
    - 192.168.100.100
  allowed_ips: []
  client_allowed_ips: []

I tried to set up WG connection from ESP to WG running on HA (it works with many smartphone and clients). ESP is connected to WiFi hot spot of my smartphone, HA on my home WiFi. Peer endpoint is set to my home WiFi (current) public IP.

//WG configuration in ESPhome
wireguard:
address: 172.27.66.12
private_key: KIo1Cza71I1pBswTpPsa/B536Fj2RHasomething=
peer_endpoint: 93.144.20.XXX
peer_public_key: vBqjwKiG5HeCbeR1haMhyX/ZkiZbsomethingelse=
require_connection_to_proceed: true
netmask : 0.0.0.0
peer_persistent_keepalive: 20s

This is WG config server side:

• name: esphomewgtest
  addresses:
  • 172.27.66.12
    allowed_ips: []
    client_allowed_ips: []

This is the LOG from serial:

‘’’
[I][wifi:277]: WiFi Connecting to ‘HUAWEIP30Pro’… [I]
[wifi:560]: WiFi Connected! [C][wifi:382]: Local MAC: E0:5A:1B:A0:D9:40 [C]
[wifi:383]: SSID: ‘HUAWEIP30Pro’[redacted] [C]
[wifi:384]: IP Address: 192.168.AA.BB [C]
[wifi:386]: BSSID: 92:F2:AB:27:B3:72[redacted] [C]
[wifi:387]: Hostname: ‘collettamultiwg’ [C]
[wifi:389]: Signal strength: -27 dB ▂▄▆█ [C]
[wifi:393]: Channel: 1 [C][wifi:394]: Subnet: 255.255.255.0 [C]
[wifi:395]: Gateway: 192.168.AA.1 [C]
[wifi:396]: DNS1: 192.168.AA.1 [C]
[wifi:397]: DNS2: 0.0.0.0 [D][wifi:569]: Disabling AP… [C]
[sntp:028]: Setting up SNTP… [D]
[wireguard:037]: initializing WireGuard… [I]
[wireguard:053]: WireGuard initialized [D]
[wireguard:099]: WireGuard remote peer is offline (latest handshake timestamp not available) [D]
[wireguard:203]: WireGuard is waiting for system time to be synchronized [D]
[binary_sensor:036]: ‘ESP32 WireGuard Status’: Sending state OFF [D]
[wireguard:203]: WireGuard is waiting for system time to be synchronized [D][sntp:078]: Synchronized time: 2023-10-30 20:57:23 [D]
[wireguard:212]: starting WireGuard connection… [I]
[wireguard:226]: WireGuard connection started [D]
[wireguard:232]: configuring WireGuard allowed IPs list… [D]
[wireguard:240]: allowed IPs list configured correctly [D]
[wireguard:099]: WireGuard remote peer is offline (latest handshake timestamp not available) [D][wireguard:099]: WireGuard remote peer is offline (latest handshake timestamp not available) [D][wireguard:099]: WireGuard remote peer is offline (latest handshake timestamp not available) [D][wireguard:099]: WireGuard remote peer is offline (latest handshake timestamp not available)
‘’’

and this is the WG registry:

peer: KRYJ3+9ljL1aItaCC+blMe+aGjwsomethingU=
allowed ips: 172.27.66.12/32
persistent keepalive: every 25 seconds
[21:04:36] INFO: Requesting current status from WireGuard…
interface: wg0
public key: vBqjwKiG5HeCbeR1haMhyX/somethingelse=
private key: (hidden)
listening port: 51820

I did a number of attempt but couldn’t get to the problem root. Any suggestion would be sincerely appreciated.
THANKS

Same here I am not using the WG in HA, but I run it in my router instead. The WG in router works just fine for my laptop, and phone, but the ESPHome keep saying “WireGuard remote peer is offline”

i fixed it with enabling under integration in ESPHOME setting this option (Use ping for status)

image1626×691 44.9 KB

This is the addon config. Tried it, didn’t fix anything for me, i"m still looking for a solution.

Same problem here. Using my fritzbox router as the server. Android Client works without problems, but the esp32:
WireGuard remote peer is offline (latest handshake timestamp not available)

well, i have the same issue as well, and cant find any relevant article/post on the net, to move forward… My phone, laptop work fine, so WG server as add-on in HA works well. — any news, improvement?

It is solved in my case - I opened the win wg client, and initiated a new connection. It generated automatic the private and public keys. I have copied, and used in esphome wireguard config - now esp connect to my home network via vpn. Great - the difficulty - mqtt works, but HA api does not… a small step achived…

what does your config look like? (appropriate redactions, of course). Because mine still won’t connect with various errors, yet other devices are able to connect to the same peer.

It has been some time since I managed to somehow make it work. Everytime you make a new client in you WG server, you need to specify its adress and add /32 !! If you use /24 it is going to work for one device, sometimes with two, but it is not intended to work like this.
My Mikrotik setup:

At the device side, you need a time component. They are saying not to use the homeassistent one, but that works for me fine. I am now using this succesfully with 10+ devices.

ESPHome setup: