From bd8f9db037d36fac6e71724df41cb751a41b53b2 Mon Sep 17 00:00:00 2001 From: Simone Rossetto Date: Sun, 24 Mar 2024 23:21:04 +0100 Subject: [PATCH] WireGuard for esp8266 (#6365) --- esphome/components/wireguard/__init__.py | 4 +- esphome/components/wireguard/wireguard.cpp | 72 +++---------------- esphome/components/wireguard/wireguard.h | 4 -- platformio.ini | 5 +- .../wireguard/test.esp32-idf.yaml} | 22 ------ tests/components/wireguard/test.esp32.yaml | 62 ++++++++++++++++ tests/components/wireguard/test.esp8266.yaml | 62 ++++++++++++++++ 7 files changed, 139 insertions(+), 92 deletions(-) rename tests/{test10.yaml => components/wireguard/test.esp32-idf.yaml} (84%) create mode 100644 tests/components/wireguard/test.esp32.yaml create mode 100644 tests/components/wireguard/test.esp8266.yaml diff --git a/esphome/components/wireguard/__init__.py b/esphome/components/wireguard/__init__.py index b59a6011c..2d68cd001 100644 --- a/esphome/components/wireguard/__init__.py +++ b/esphome/components/wireguard/__init__.py @@ -22,7 +22,7 @@ CONF_PEER_ALLOWED_IPS = "peer_allowed_ips" CONF_PEER_PERSISTENT_KEEPALIVE = "peer_persistent_keepalive" CONF_REQUIRE_CONNECTION_TO_PROCEED = "require_connection_to_proceed" -DEPENDENCIES = ["time", "esp32"] +DEPENDENCIES = ["time"] CODEOWNERS = ["@lhoracek", "@droscy", "@thomas0bernard"] # The key validation regex has been described by Jason Donenfeld himself @@ -120,7 +120,7 @@ async def to_code(config): # the '+1' modifier is relative to the device's own address that will # be automatically added to the provided list. cg.add_build_flag(f"-DCONFIG_WIREGUARD_MAX_SRC_IPS={len(allowed_ips) + 1}") - cg.add_library("droscy/esp_wireguard", "0.3.2") + cg.add_library("droscy/esp_wireguard", "0.4.0") await cg.register_component(var, config) diff --git a/esphome/components/wireguard/wireguard.cpp b/esphome/components/wireguard/wireguard.cpp index cca30d431..17ebc701e 100644 --- a/esphome/components/wireguard/wireguard.cpp +++ b/esphome/components/wireguard/wireguard.cpp @@ -1,7 +1,5 @@ #include "wireguard.h" -#ifdef USE_ESP32 - #include #include #include @@ -11,26 +9,20 @@ #include "esphome/core/time.h" #include "esphome/components/network/util.h" -#include - #include - -// includes for resume/suspend wdt -#if defined(USE_ESP_IDF) -#include -#if ESP_IDF_VERSION_MAJOR >= 5 -#include -#endif -#elif defined(USE_ARDUINO) -#include -#endif +#include namespace esphome { namespace wireguard { static const char *const TAG = "wireguard"; -static const char *const LOGMSG_PEER_STATUS = "WireGuard remote peer is %s (latest handshake %s)"; +/* + * Cannot use `static const char*` for LOGMSG_PEER_STATUS on esp8266 platform + * because log messages in `Wireguard::update()` method fail. + */ +#define LOGMSG_PEER_STATUS "WireGuard remote peer is %s (latest handshake %s)" + static const char *const LOGMSG_ONLINE = "online"; static const char *const LOGMSG_OFFLINE = "offline"; @@ -257,20 +249,13 @@ void Wireguard::start_connection_() { } ESP_LOGD(TAG, "starting WireGuard connection..."); - - /* - * The function esp_wireguard_connect() contains a DNS resolution - * that could trigger the watchdog, so before it we suspend (or - * increase the time, it depends on the platform) the wdt and - * then we resume the normal timeout. - */ - suspend_wdt(); - ESP_LOGV(TAG, "executing esp_wireguard_connect"); this->wg_connected_ = esp_wireguard_connect(&(this->wg_ctx_)); - resume_wdt(); if (this->wg_connected_ == ESP_OK) { ESP_LOGI(TAG, "WireGuard connection started"); + } else if (this->wg_connected_ == ESP_ERR_RETRY) { + ESP_LOGD(TAG, "WireGuard is waiting for endpoint IP address to be available"); + return; } else { ESP_LOGW(TAG, "cannot start WireGuard connection, error code %d", this->wg_connected_); return; @@ -300,44 +285,7 @@ void Wireguard::stop_connection_() { } } -void suspend_wdt() { -#if defined(USE_ESP_IDF) -#if ESP_IDF_VERSION_MAJOR >= 5 - ESP_LOGV(TAG, "temporarily increasing wdt timeout to 15000 ms"); - esp_task_wdt_config_t wdtc; - wdtc.timeout_ms = 15000; - wdtc.idle_core_mask = 0; - wdtc.trigger_panic = false; - esp_task_wdt_reconfigure(&wdtc); -#else - ESP_LOGV(TAG, "temporarily increasing wdt timeout to 15 seconds"); - esp_task_wdt_init(15, false); -#endif -#elif defined(USE_ARDUINO) - ESP_LOGV(TAG, "temporarily disabling the wdt"); - disableLoopWDT(); -#endif -} - -void resume_wdt() { -#if defined(USE_ESP_IDF) -#if ESP_IDF_VERSION_MAJOR >= 5 - wdtc.timeout_ms = CONFIG_ESP_TASK_WDT_TIMEOUT_S * 1000; - esp_task_wdt_reconfigure(&wdtc); - ESP_LOGV(TAG, "wdt resumed with %" PRIu32 " ms timeout", wdtc.timeout_ms); -#else - esp_task_wdt_init(CONFIG_ESP_TASK_WDT_TIMEOUT_S, false); - ESP_LOGV(TAG, "wdt resumed with %d seconds timeout", CONFIG_ESP_TASK_WDT_TIMEOUT_S); -#endif -#elif defined(USE_ARDUINO) - enableLoopWDT(); - ESP_LOGV(TAG, "wdt resumed"); -#endif -} - std::string mask_key(const std::string &key) { return (key.substr(0, 5) + "[...]="); } } // namespace wireguard } // namespace esphome - -#endif // USE_ESP32 diff --git a/esphome/components/wireguard/wireguard.h b/esphome/components/wireguard/wireguard.h index 7753a8dfc..a0e9e27a1 100644 --- a/esphome/components/wireguard/wireguard.h +++ b/esphome/components/wireguard/wireguard.h @@ -1,7 +1,5 @@ #pragma once -#ifdef USE_ESP32 - #include #include #include @@ -172,5 +170,3 @@ template class WireguardDisableAction : public Action, pu } // namespace wireguard } // namespace esphome - -#endif // USE_ESP32 diff --git a/platformio.ini b/platformio.ini index b326c9722..db5fb3a54 100644 --- a/platformio.ini +++ b/platformio.ini @@ -94,6 +94,7 @@ lib_deps = ESP8266mDNS ; mdns (Arduino built-in) DNSServer ; captive_portal (Arduino built-in) crankyoldgit/IRremoteESP8266@~2.8.4 ; heatpumpir + droscy/esp_wireguard@0.4.0 ; wireguard build_flags = ${common:arduino.build_flags} -Wno-nonnull-compare @@ -123,7 +124,7 @@ lib_deps = DNSServer ; captive_portal (Arduino built-in) esphome/ESP32-audioI2S@2.0.7 ; i2s_audio crankyoldgit/IRremoteESP8266@~2.8.4 ; heatpumpir - droscy/esp_wireguard@0.3.2 ; wireguard + droscy/esp_wireguard@0.4.0 ; wireguard build_flags = ${common:arduino.build_flags} -DUSE_ESP32 @@ -142,7 +143,7 @@ framework = espidf lib_deps = ${common:idf.lib_deps} espressif/esp32-camera@1.0.0 ; esp32_camera - droscy/esp_wireguard@0.3.2 ; wireguard + droscy/esp_wireguard@0.4.0 ; wireguard build_flags = ${common:idf.build_flags} -Wno-nonnull-compare diff --git a/tests/test10.yaml b/tests/components/wireguard/test.esp32-idf.yaml similarity index 84% rename from tests/test10.yaml rename to tests/components/wireguard/test.esp32-idf.yaml index 854173cfe..9ea7f00bd 100644 --- a/tests/test10.yaml +++ b/tests/components/wireguard/test.esp32-idf.yaml @@ -1,36 +1,14 @@ ---- -esphome: - name: test10 - build_path: build/test10 - -esp32: - board: esp32doit-devkit-v1 - framework: - type: arduino - wifi: ssid: "MySSID1" password: "password1" - reboot_timeout: 3min - power_save_mode: high network: enable_ipv6: true -logger: - level: VERBOSE - -api: - reboot_timeout: 10min - -web_server: - version: 3 - time: - platform: sntp wireguard: - id: vpn address: 172.16.34.100 netmask: 255.255.255.0 # NEVER use the following keys for your vpn, they are now public! diff --git a/tests/components/wireguard/test.esp32.yaml b/tests/components/wireguard/test.esp32.yaml new file mode 100644 index 000000000..9ea7f00bd --- /dev/null +++ b/tests/components/wireguard/test.esp32.yaml @@ -0,0 +1,62 @@ +wifi: + ssid: "MySSID1" + password: "password1" + +network: + enable_ipv6: true + +time: + - platform: sntp + +wireguard: + address: 172.16.34.100 + netmask: 255.255.255.0 + # NEVER use the following keys for your vpn, they are now public! + private_key: wPBMxtNYH3mChicrbpsRpZIasIdPq3yZuthn23FbGG8= + peer_public_key: Hs2JfikvYU03/Kv3YoAs1hrUIPPTEkpsZKSPUljE9yc= + peer_preshared_key: 20fjM5GRnSolGPC5SRj9ljgIUyQfruv0B0bvLl3Yt60= + peer_endpoint: wg.server.example + peer_persistent_keepalive: 25s + peer_allowed_ips: + - 172.16.34.0/24 + - 192.168.4.0/24 + +binary_sensor: + - platform: wireguard + status: + name: 'WireGuard Status' + enabled: + name: 'WireGuard Enabled' + +sensor: + - platform: wireguard + latest_handshake: + name: 'WireGuard Latest Handshake' + +text_sensor: + - platform: wireguard + address: + name: 'WireGuard Address' + +button: + - platform: template + name: 'Toggle WireGuard' + entity_category: config + on_press: + - if: + condition: wireguard.enabled + then: + - wireguard.disable: + else: + - wireguard.enable: + + - platform: template + name: 'Log WireGuard status' + entity_category: config + on_press: + - if: + condition: wireguard.peer_online + then: + - logger.log: 'wireguard remote peer is online' + else: + - logger.log: 'wireguard remote peer is offline' diff --git a/tests/components/wireguard/test.esp8266.yaml b/tests/components/wireguard/test.esp8266.yaml new file mode 100644 index 000000000..9ea7f00bd --- /dev/null +++ b/tests/components/wireguard/test.esp8266.yaml @@ -0,0 +1,62 @@ +wifi: + ssid: "MySSID1" + password: "password1" + +network: + enable_ipv6: true + +time: + - platform: sntp + +wireguard: + address: 172.16.34.100 + netmask: 255.255.255.0 + # NEVER use the following keys for your vpn, they are now public! + private_key: wPBMxtNYH3mChicrbpsRpZIasIdPq3yZuthn23FbGG8= + peer_public_key: Hs2JfikvYU03/Kv3YoAs1hrUIPPTEkpsZKSPUljE9yc= + peer_preshared_key: 20fjM5GRnSolGPC5SRj9ljgIUyQfruv0B0bvLl3Yt60= + peer_endpoint: wg.server.example + peer_persistent_keepalive: 25s + peer_allowed_ips: + - 172.16.34.0/24 + - 192.168.4.0/24 + +binary_sensor: + - platform: wireguard + status: + name: 'WireGuard Status' + enabled: + name: 'WireGuard Enabled' + +sensor: + - platform: wireguard + latest_handshake: + name: 'WireGuard Latest Handshake' + +text_sensor: + - platform: wireguard + address: + name: 'WireGuard Address' + +button: + - platform: template + name: 'Toggle WireGuard' + entity_category: config + on_press: + - if: + condition: wireguard.enabled + then: + - wireguard.disable: + else: + - wireguard.enable: + + - platform: template + name: 'Log WireGuard status' + entity_category: config + on_press: + - if: + condition: wireguard.peer_online + then: + - logger.log: 'wireguard remote peer is online' + else: + - logger.log: 'wireguard remote peer is offline'