WireGuard remote peer is offline (latest handshake timestamp not available)

ESPHome
1

Hi
I am looking to have a remote ESP32 on a remote house with 4G internet connection that connects to my home HA server via wireguard.

I managed to:

  • set up the wireguard module on my HA server at home.
  • I can connect with the wireguard app from my iphone, from my laptop connected to the same 4G router. I can access my local network too.
  • I can run this ESP32 locally without wireguard, it connects well to HA.

But remotely I can not do it for the ESP32 in ESPhome, wireguard does not seem to connect

I have the messages:
15:56:13 [D] [wireguard:105]WireGuard remote peer is offline (latest handshake timestamp not available)

15:56:13 [D] [wireguard:251]starting WireGuard connection…

15:56:13 [D] [wireguard:257]WireGuard is waiting for endpoint IP address to be available

Like the address wasn’t reachable. I can not ping since the ping is blocked ,but on the same 4G router I can connect with iphone wireguard app and laptop to my HA server at home.

I even tried to exchange the keys and settings ip between iphone and esphome.

Did anyone do this with wireguard?

Is something missing in the ESPhome YAML ? a routing?

It is on wifi with DHCP, well connected because I can access the webserver on port 80.

Thanks

esphome:
  name: esp32testvpn1
  friendly_name: esp32testVPN1
  on_boot:
    priority: 600
    then: 
      - wireguard.disable:

esp32:
  board: esp32dev
  framework:
    type: arduino

# Enable logging
logger:
  level: DEBUG

     
# Enable Home Assistant API
api:
  encryption:
    key: "XXXXXXXXX="

ota:
  password: "XXXXXXXXX"

wifi:
  ssid: FelicitaRV
  password: XXXXXXXXX;


time:
  - platform: sntp
    id: sntp_time
    servers:
      - 0.pool.ntp.org
      - 1.pool.ntp.org
      - 2.pool.ntp.org
    update_interval: 60s

interval:
  - interval: 10s
    then:
      - lambda: |-
          auto time = id(sntp_time).now();
          ESP_LOGI("time", "Current time: %02d:%02d:%02d", time.hour, time.minute, time.second);


wireguard:
  id: wireguard1
  address: 192.168.50.11
  private_key: XXXXXXXXX=
  peer_endpoint: XXX.XXX.XXX.XXX:51820  # My public IP adress
  peer_public_key: XXXXXXXXX=


button:
  - platform: template
    name: "Wireguard Enable"
    on_press: 
      then:
        - wireguard.enable:
  - platform: template
    name: "Wireguard Disable"
    on_press: 
      then:
        - wireguard.disable:


web_server:
  port: 80

logwireguard
logwireguard1920×1249 222 KB

2

Not sure what you mean by “4G router”, but you’ll have to forward port 51820 from WAN to HA on your LAN on that router.

Did you do so?

3

Yes At my home, i forward port 51820 from WAN UDP to HA and this work well because from outside the house wireguard work fine with my iphone( wireguard app) or laptop on windows wireguard.
But ESP home won’t connect.

By 4G router, i mean i use a separate router on 4G internet connection to remotly connect to my home, currently it is at same place but i plan to install in 2nd house.
This 4G router and 4G internet connection work fine because only wireguard from esphome client won’t connect.

thanks for your reply

4

Hold on. According to the doc, this is for hostname only. The port goes to peer_port

image

5

Hi,

Thanks a lot, it was this, i just removed the port

and that’s it.

But i have still problem to communicate with HA.

I get

WireGuard remote peer is online

On the logs of wireguard

[20:13:13] INFO: Requesting current status from WireGuard...
interface: wg0
  public key: =
  private key: (hidden)
  listening port: 51820

peer: xjSMjEQS0YTVG8ezbybXA1rC3EaXD4Aw7sPCucK6Mn8=
  endpoint: X.X.X.X:56801
  allowed ips: 192.168.50.11/32
  latest handshake: 23 seconds ago
  transfer: 82.97 KiB received, 243.10 KiB sent
  persistent keepalive: every 25 seconds