WireGuard Problems

Hi everyone,

I’m trying to setup an external connection with an ESP32 running ESPhome, with the WireGuard component. I’m having trouble adding the esphome device using the WireGuard IP.


r/Esphome - Cannot connect to ESP. Please check that your YAML file contains an 'api:' line.

Cannot connect to ESP. Please check that your YAML file contains an ‘api:’ line.

A couple of things to note:

  • I’m running HAOS on Virtual Box, with the host machine running Windows 10.
  • I’m using the WireGuard add-on, from the add-on store in HA.
  • ESP32 is in my office’s wifi.

ESP home yaml:

`wireguard: 
address: 192.168.2.3 
private_key: xxxxxxxxxxxxxxxx 
peer_endpoint: xxxxxxxxxxxx 
peer_public_key: xxxxxxxxxx 
netmask: 0.0.0.0 
peer_allowed_ips: 0.0.0.0`

WireGuard add-on config:


r/Esphome - WireGuard Problems

From the ESP32 and the add-on logs, I can see that it connects to the tunnel:


r/Esphome - WireGuard Problems


r/Esphome - WireGuard Problems

I also know that the tunnel works because I tested with my phone, and I can access HA and my NAS that are on the 192.168.1.x subnet.

I’ve also added a static route (on the host machine) to all IPs on the 192.168.2.x subnet to the IP of the VM running HA.


r/Esphome - WireGuard Problems

And i cant ping the ESP32 from the CLI in HA.


r/Esphome - WireGuard Problems

Can someone lend me a hand on this issue? I’m pulling my hair out already.

HA is going to use it’s default gateway for outbound comms. I’m going to assume the VM is a bridged network with HA pulling DHCP from your router (and having your router set as the gateway). If that’s the case, you need a static route on the router or directly in HA to point to the Wireguard add-on for the Wireguard subnet.

My router is pretty simple, I don’t think it can do static routes. How can I do that in HA?

You don’t seem to have a time source set up.

I have a time source:

time:
  - platform: sntp
    id: sntp_time1

Forgot to add it to the post. The complete YAML is gigantic.

The OP in the post I linked to posted how they did it.

You are right!
The solution is to run this bash script on the CLI (via add-on ssh):
host_result=$(host a0d7b954-wireguard); addon_ip=${host_result##* }; ip route replace 192.168.1.0/24 via $addon_ip; echo $addon_ip

Where 192.168.1.0/24 is the subnet of the WireGuard server.

Thanks for the help, Ryan.