What is WireGuard? The modern UDP-based VPN running on ESP32 May 4, 2023 #M5JPTour2023 Tokyo Welcome (back) Jimmy-san!! Kohei MATSUSHITA “Max” / @ma2shita Tech. Evangelist at SORACOM, INC. 

Tech. Evangelist at SORACOM, INC. Kohei Matsushita "Max" Evangelizing IoT and SORACOM, with over 500 presentations. SORACOM provides the IoT platform. ➢ Global connectivity for IoT with SIM and Sigfox in 160+ countries and territories. ➢ Including IoT applications and device management. 

Conclusion What is WireGuard? ➢ The modern UDP-based VPN. ➢ Running on many environment, including ESP32. ➢ Lightweight footprint and load than TLS. 

Oh! NOT enough flash memory? Raw MQTT MQTT + TLS A small code that just only MQTT Push (about 140 lines) including TLS. But… Only 402KB remains. Usage is 70%!! AWS IoT Core Modern SaaS/PaaS. 

We DON’T want to use TLS. But we need to encrypt with Internet access. What do we do? 🤔 

はやい、イケてる、安全なVPN https://www.wireguard.com/ ✓ UDP-based. ✓ Running on many. ✓ Lightweight. 

Implementation for lwIP(Lightweight IP stack) https://github.com/smartalock/wireguard-lwip 

I tweeted. Then… https://speakerdeck.com/ciniml/esp32desoracom-arctunaidemita?slide=4 After 5 days, implementation for Arduino core for the ESP32. @ciniml has the hand of GOD!! 

WireGuard in 3 steps! #include static WireGuard wg; char private_key[] = "{[Interface] PrivateKey from server}"; IPAddress local_ip(192, 168, 200, 254); // [Interface] Address from server char public_key[] = "{[Peer] PublicKey} from server"; char endpoint_address[] = "{[Peer] Endpoint from server}"; int endpoint_port = 11010; configTime(9 * 60 * 60, 0, "ntp.jst.mfeed.ad.jp", "ntp.nict.jp", "time.google.com"); delay(3000); // Wait for adjust wg.begin(local_ip, private_key, endpoint_address, public_key, endpoint_port); Connecting in setup() / 3 lines Configure in header / 7 lines Import 1 2 3 Listed in the official repository Don't forget to set the time. Set value retrieved from WireGuard server https://github.com/ciniml/WireGuard-ESP32-Arduino 

Reduce usage in Flash memory than TLS 0 100,000 200,000 300,000 400,000 500,000 600,000 700,000 800,000 900,000 MQTT+TLS MQTT+WireGuard 【参考】MQTTのみ Flash memory usage MQTT+TLS MQTT+WireGuard 【参考】MQTTのみ It’s L3 VPN. So upper layer/protocol is free. ESP32(M5Stack Basic)上でWireGuardを使用したMQTT実装サンプル https://qiita.com/ma2shita/items/0f0dce8ff0e45cf9fbac Different angle: VPN can be added for only +30KB to Raw MQTT implementation -141KB +30KB +L3 VPN 

Excellent portability Prepare: • Connection is Wi-Fi. • WireGuard connection established. Start: • Ping. Next: • Connection is changed to cellular. (Means the IP address changes.) Finally: • Continued ping success. (Packet loss during changing.) IP address independent VPN It’s modern! 

How do we prepare the server? Build with Linux Box ➢ WireGuard merged on Linux kernel 5.6 ➢ Raspberry Pi is easy to set up with pivpn.io ➢ CM4Stack, too!! Full-managed WireGuard server “SORACOM Arc” ➢ Launched in 2021/6. It has free tier. ➢ Available via Wi-Fi access. ➢ Services for IoT on SORACOM are also available, too. ➢ e.g.) Remote access service for SSH, etc. on demand. 

Have any concerns? ➢ Security? Cipher strength? ➢ Throughput? Latency? Load on MCU? ➢ UDP? Let see my blog! Don't worry, I'm writing “日本語”. https://blog.soracom.com/ja-jp/2023/02/16/what-is-wireguard 

Conclusion What is WireGuard? ➢ The modern UDP-based VPN. ➢ Running on many environment, including ESP32. ➢ Lightweight footprint and load than TLS. Let’s embed to your M5/ESP32, NOW!! And I looking for maintainers 

Will WireGuard work with ? I’m not sure, maybe. Welcome challenger!! 

➢ ➢ ➢ Call for Paper 募集中！ M5 でのエントリーをお待ちしております 7/6夜には UG も！ https://soracom.com/ja-jp/news/soracom-discovery-2023-cfp/ 

IoTの「つなぐ」を簡単に You Create. We Connect.