[Ovmsdev] Request For Comments - Wireguard VPN
Ludovic LANGE
ll-ovmsdev at lange.nom.fr
Mon Apr 24 17:35:02 HKT 2023
Dear list,
A few months ago I created
https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/752
to explore WireGuard VPN support ; which leaded me to add ESP-IDFv5
support to OVMS.
Now that this ESP-IDFv5 support is added (in my branch, and it is in the
progress of getting included in master - with the help and the testing
of everybody here), I've resumed my exploration of adding support for
WireGuard VPN to OVMS.
It's now ready for comments, you can now check:
* a new branch here
https://github.com/llange/Open-Vehicle-Monitoring-System-3/tree/752-wireguard
* a DRAFT PR here
https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/pull/882
if you want to explore and test this VPN support for OVMS.
My own use case for this feature is :
* Security : I would like my module to be unreachable from the public
Internet. This is a first step.
* Practicality : I can reach my module with a single IP address / name
that is part of my private network. SSH, Web, SCP, ... all work as
if my module is local to my servers
* Roaming : The idea is to have a single point of contact even if the
module changes network, changes IP address, etc...
Part of this feature set is already available with a combination of the
OVMS Server (v2, v3) and the Hologram.io services, but I wanted to be
independent of the mobile connexion provider, and also file transfer is
important for my use case (SCP or other), as I'm often wanting to sync
the content of the SD card over the network.
If you can have a look and give feedback (either here, or on the PR),
especially on:
* The documentation : is it enough ? properly organized ? should it be
split ? etc...
* The command set
* The configuration items : what's missing ? is the naming OK ?
* Other features (should I introduced events ? metrics ?)
Also if you have any feature request, please share.
Limitations:
* Currently limited to 1 tunnel, but should work with multiple - it's
just a question of arranging the configuration to support multiple
instances
* Roaming not tested yet (will report)
* Compatibility with mobile network not tested yet (will need help on
this)
* I'm not really happy with the way I set the configuration items. I'd
like to "hide" (write-only) the important bits (private key, shared
key), but fear that it would clutter the config namespace -
especially if I introduce multiple tunnels.
Maybe one solution would be to have a rich configuration per tunnel
(like a JSON / YAML), which would be a nightmare to edit by hand and
would need support in the web interface.
* Tunnel always active as soon as the configuration is correct. May be
will need to add an enabled/disabled flag to the configuration,
and/or an auto-start flag.
Current status:
* Builds on GitHub actions (if you can to test, pre-compiled firmwares
are available here for example:
https://github.com/llange/Open-Vehicle-Monitoring-System-3/actions/runs/4784405668
- just download a Zip file (v5.0 or v5.0.1), and flash with a
command-line like esptool.py --chip esp32 --port /dev/xxxx --baud
921600 write_flash --compress --flash_mode "dio" --flash_freq "40m"
--flash_size detect 0x10000 ovms3.bin )
* Works on My Machine (tunnel is UP, SSH is working OK, HTTP is
working OK, performances look OK. Ping time (ICMP) is comparable
with or without tunnel)
Thanks for your comments.
Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20230424/0f710854/attachment.htm>
More information about the OvmsDev
mailing list