The use case that comes to mind for me is transparently and securely tunneling back to a central control server/common network with other devices it needs to talk to independent of the local network. So I could make a sensor for my parents and have it automatically tunnel its MQTT traffic back to my home network to monitor without them having to host an MQTT server locally. There are of course other ways to achieve this, but Wireguard is pretty elegant and straightforward to keep secure.
Another thing that comes to mind is if you're building a device that jumps wifi networks a lot. WG makes roaming networks pretty seamless, though I'm kinda struggling to think what an actual use for this might be.
Edit: Thinking about it more, you could use it as the backbone of some kind of cross-network mesh system. A bunch of distributed devices connected to their respective local wifi network but then form a common network over WG and are able to route packets. Maybe you could bridge the endpoints to Bluetooth or some other RF protocol as a mesh with the Internet as the backhaul but not having to think about the local network. This sounds pretty wild but would be fun to play with.
One thing I've wanted to do is put a battery charge monitor on the escooter I leave at work. I'd like it to report the charge back to a computer I have at my house. Running WireGuard on an ESP would let me send battery telemetry back to machine I control, even if the scooter was on public wifi, and without having expose any of my ports to the wider internet (except 51820).
It basically boils down to - you can reach it behind a NAT.
I’m currently planning on installing a second small home-server at my parents place as a backup target. I thought about an easy, energy efficient way to turn it on and off. My current plan was using a raspberry pi but it would have been a bit overkill. So this is perfect. I already have a wireguard setup between my home server, laptop, smartphone and a cheap rented VM that acts a a router. I can just add the ESP to it know and use either the serial Interface of just a digital out connected to the power pin.
I've wanted something like this as a hardware level firewall to ensure that all traffic over an outbound interface is transiting over a wireguard server.
Seems like you could do that with any router hardware that supports OpenWRT? An ESP32, although capable of running the algorithms, is going to have rather poor performance.
Yeah, definitely true. I like the simplicity factor though.
Is there a performant hardware platform which is openwrt compatible and has a single pair of input/output ethernet ports? I seem to remember an Intel device that worked for this, let me see if I can dig up the link
Just get a router with a WAN port and N lan ports. Internally, they're all a switch and a CPU with two independent ports. Sometimes the WAN port goes straight into the CPU, but quite often all the external and internal ports are switched and the WAN port is just VLAN isolated to one of the CPU's internal ports.
I've accumulated half a dozen WRT1200AC and WRT1900AC devices from eBay for about $30 each. They have dual core 1.2Ghz ARM CPUs and something like 256MB of RAM. I use one with wifi disabled as my router (and run wireguard on it for my phone), two for APs in the main house, and another as a wireless WPS bridge to the garage. I can pump 400-500Mbps of TCP traffic over the wireless bridge. The router hardly even registers the wireguard traffic from my phone, but then my ISP link is only 46Mbps.
I just ordered Netgear r8000p router on eBay for $40 to play with, at the recommendation of another HN commenter. It has 6 antennas for beam forming, a dual core 1.8Ghz ARM CPU, and 512MB of RAM.
