What is WireGuard? The modern UDP-based VPN running on ESP32 May 4, 2023 #M5JPTour2023 Tokyo Welcome (back) Jimmy-san!! Kohei MATSUSHITA “Max” / @ma2shita Tech. Evangelist at SORACOM, INC.
Tech. Evangelist at SORACOM, INC. Kohei Matsushita "Max" Evangelizing IoT and SORACOM, with over 500 presentations. SORACOM provides the IoT platform. ➢ Global connectivity for IoT with SIM and Sigfox in 160+ countries and territories. ➢ Including IoT applications and device management.
Oh! NOT enough flash memory? Raw MQTT MQTT + TLS A small code that just only MQTT Push (about 140 lines) including TLS. But… Only 402KB remains. Usage is 70%!! AWS IoT Core Modern SaaS/PaaS.
I tweeted. Then… https://speakerdeck.com/ciniml/esp32desoracom-arctunaidemita?slide=4 After 5 days, implementation for Arduino core for the ESP32. @ciniml has the hand of GOD!!
WireGuard in 3 steps! #include static WireGuard wg; char private_key[] = "{[Interface] PrivateKey from server}"; IPAddress local_ip(192, 168, 200, 254); // [Interface] Address from server char public_key[] = "{[Peer] PublicKey} from server"; char endpoint_address[] = "{[Peer] Endpoint from server}"; int endpoint_port = 11010; configTime(9 * 60 * 60, 0, "ntp.jst.mfeed.ad.jp", "ntp.nict.jp", "time.google.com"); delay(3000); // Wait for adjust wg.begin(local_ip, private_key, endpoint_address, public_key, endpoint_port); Connecting in setup() / 3 lines Configure in header / 7 lines Import 1 2 3 Listed in the official repository Don't forget to set the time. Set value retrieved from WireGuard server https://github.com/ciniml/WireGuard-ESP32-Arduino
Reduce usage in Flash memory than TLS 0 100,000 200,000 300,000 400,000 500,000 600,000 700,000 800,000 900,000 MQTT+TLS MQTT+WireGuard 【参考】MQTTのみ Flash memory usage MQTT+TLS MQTT+WireGuard 【参考】MQTTのみ It’s L3 VPN. So upper layer/protocol is free. ESP32(M5Stack Basic)上でWireGuardを使用したMQTT実装サンプル https://qiita.com/ma2shita/items/0f0dce8ff0e45cf9fbac Different angle: VPN can be added for only +30KB to Raw MQTT implementation -141KB +30KB +L3 VPN
Excellent portability Prepare: • Connection is Wi-Fi. • WireGuard connection established. Start: • Ping. Next: • Connection is changed to cellular. (Means the IP address changes.) Finally: • Continued ping success. (Packet loss during changing.) IP address independent VPN It’s modern!
How do we prepare the server? Build with Linux Box ➢ WireGuard merged on Linux kernel 5.6 ➢ Raspberry Pi is easy to set up with pivpn.io ➢ CM4Stack, too!! Full-managed WireGuard server “SORACOM Arc” ➢ Launched in 2021/6. It has free tier. ➢ Available via Wi-Fi access. ➢ Services for IoT on SORACOM are also available, too. ➢ e.g.) Remote access service for SSH, etc. on demand.
Have any concerns? ➢ Security? Cipher strength? ➢ Throughput? Latency? Load on MCU? ➢ UDP? Let see my blog! Don't worry, I'm writing “日本語”. https://blog.soracom.com/ja-jp/2023/02/16/what-is-wireguard
Conclusion What is WireGuard? ➢ The modern UDP-based VPN. ➢ Running on many environment, including ESP32. ➢ Lightweight footprint and load than TLS. Let’s embed to your M5/ESP32, NOW!! And I looking for maintainers
soracom
yoyakoba
asei
gotok365
alexanderbyndyu
miyake
hiboma
hankehly
takashi1029
kthrtty
hayaosuzuki
nozomiito
oracle4engineer
addyosmani
holman
schacon
bkeepers
dougneiner
brettharned
shpigford
jlugia
skipperchong
aleyda
maggiecrowley
destraynor