How this block appears in a Simulink model?
What can be configured?
Configuration Parameter |
Selectable Option/Value |
Description |
Enable parameters from inputs |
Check--Uncheck |
Enable parameters from input ports. Default - unchecked. |
Enable parameters from a .conf file (PC) |
Check--Uncheck |
Enable parameters from a .conf file located on the PC. Default - checked. |
Conf file path (PC) |
|
File path of .conf file located on the PC. |
Enable parameters from a .conf file (SD) |
Check--Uncheck |
Enable parameters from a .conf file located in the SD card. Default - unchecked. SD Card setup block is required to enable this. |
Conf file path (SD) |
|
File path of .conf file located in the SD card. |
Private Key |
|
The private key of the client (ESP32). Required. It's a crucial piece of information used for authentication and encryption. The actual key is represented as a base64-encoded string in the configuration. |
Address |
|
The IP address assigned to the client (ESP32) within the VPN network. |
MTU |
|
Specifies the Maximum Transmission Unit (MTU) for the WireGuard interface. It sets the maximum packet size that can be transmitted through the network without fragmentation. |
Public Key |
|
The public key of the WireGuard server. Required. The actual key is represented as a base64-encoded string in the configuration. |
Pre-shared Key |
|
This key (32 bytes) can be used as an additional layer of security for the connection with the specified peer. Optional. Leave this blank if not to be used. |
Persistent keep-alive |
|
This parameter defines an interval in seconds, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. Set zero to disable the feature. |
Endpoint Address |
|
Specifies the public IP address or domain name of the WireGuard VPN server. |
Port |
|
This is the port number of remote endpoint. This matches the port on which the WireGuard server is configured to listen. |
When to use this block?
This block can be used to setup a WireGuard VPN client. It should be noted that the WiFi setup block with STA mode is required to begin the WireGuard VPN.
WireGuard is a modern and efficient VPN (Virtual Private Network) protocol that is designed to be easy to configure and use. Using WireGuard VPN on an ESP32 can be beneficial in certain scenarios where secure communication between devices over the internet is required. Here are some situations where we might consider using WireGuard VPN on ESP32:
1.Secure Communication between IoT Devices:
If we have multiple ESP32-based IoT devices that need to communicate securely over the internet, WireGuard can provide a lightweight and efficient VPN solution.
2.Remote Access to IoT Devices:
When we need remote access to your ESP32 devices for monitoring, control, or updates, setting up a WireGuard VPN allows you to establish a secure connection over the internet.
3.Secure Data Transfer:
If an application involves sensitive data transfer between ESP32 devices, such as sensor readings or control commands, using WireGuard can help ensure the confidentiality and integrity of the data.
4.Improved Security over Traditional VPNs:
WireGuard is known for its simplicity and high performance compared to some traditional VPN protocols. If we’re looking for a modern and efficient VPN solution for the ESP32 devices, WireGuard may be a good choice.
5.Reduced Overhead:
WireGuard is designed to be lightweight, and its minimal codebase makes it well-suited for resource-constrained devices like the ESP32. If memory and processing power are crucial considerations for the IoT project, WireGuard might be preferable over other VPN protocols.
How does this block work?
This block is used to configure a WireGuard Client on an ESP32 and establish communication between the ESP32 and a WireGuard server. This allows the ESP32 device to connect securely to a remote network or server over the internet using the WireGuard VPN protocol.
Setting up a WireGuard server involves several steps, including installing the WireGuard software, configuring the server, generating keys, and managing network settings. Below is a step-by-step guide on how to set up a basic WireGuard server:
PDF: Setup WireGuard VPN in Google Cloud Platform
Demo 1
Demo file: esp32_wireguard_vpn_demo1.slx
Description
This demo shows how to use WireGuard VPN block with HTTP server setup block, HTTP get handler block and HTTP post handler block by using the custom html web pages. Addition to this blocks, the WiFi block is used to initialize the WIFI in STA mode to access the http server and SPIFFS block is used to initialize the SPIFFS to serve the files (.html, css and .png).
Note: First download the Simple_GET_POST.rar and extract the files to the PC and select the file location in SPIFFS block.
What should be happening?
•Please insert valid SSID and Password to the WiFi setup block.
•IP: The IP address assigned to the client (ESP32). E.g. 10.0.0.6.
•Please use a WireGuard VPN enabled device (Same sever) to access the client (ESP32).
Once the IP address is accessed using the web browser, the web page is as below.
•Action: On page load
The client will send GET/POST requests according to the button.
•Load image button: Show an image from the SPIFFS using GET method.
•Send POST Request button: Send POST request to to server and shows the response data in the text area.
•Next page button: Redirect to another html page using GET method.
Source files: Simple_GET_POST.rar
Demo 2
Demo file: esp32_wireguard_vpn_demo2.slx
The full model.
The GET request subsystem.
The POST request subsystem.
Description
This example will demonstrate how to use the WireGuard VPN block with WiFi block to initialize the WiFi in station mode with VPN and send the GET and POST requests to the web servers using HTTP client block via the internet. This uses an echo server to test the HTTP Client Block.
Therefore, a HTTP client block can send a message to the server and the server can receive the message and send, or echo, it back to the HTTP client block.
Note:
•Please insert valid SSID and Password to the WiFi setup block.
•The serial monitor used for this application is the Putty software which is open-source application.
•Baud Rate: 115200
What should be happening?
Use a serial communication monitor software to test this demo. Select the correct COM port in the software to monitor the data. The GET and POST response data will be shown in the host PC as below. You can see the IP address of the esp32 has been changed.
