https://github.com/martin-ger/esp32_nat_router

ESP32 NAT Router with WPA2 Enterprise support

This is a firmware to use the ESP32 as WiFi NAT router. It can be used as

Simple range extender for an existing WiFi network
Setting up an additional WiFi network with different SSID/password for guests or IOT devices
Convert a corporate (WPA2-Enterprise) network to a regular network, for simple devices.

It can achieve a bandwidth of more than 15mbps.

The code is based on the Console Component and the esp-idf-nat-example.

Performance

All tests used IPv4 and the TCP protocol.

Board	Tools	Optimization	CPU Frequency	Throughput	Power
ESP32D0WDQ6	iperf3	0g	240MHz	16.0 MBits/s	1.6 W
ESP32D0WDQ6	iperf3	0s	240MHz	10.0 MBits/s	1.8 W
ESP32D0WDQ6	iperf3	0g	160MHz	15.2 MBits/s	1.4 W
ESP32D0WDQ6	iperf3	0s	160MHz	14.1 MBits/s	1.5 W

First Boot

After first boot the ESP32 NAT Router will offer a WiFi network with an open AP and the ssid “ESP32_NAT_Router”. Configuration can either be done via a simple web interface or via the serial console.

Web Config Interface

The web interface allows for the configuration of all parameters. Connect you PC or smartphone to the WiFi SSID “ESP32_NAT_Router” and point your browser to “http://192.168.4.1“. This page should appear:

First enter the appropriate values for the uplink WiFi network, the “STA Settings”. Leave password blank for open networks. Click “Connect”. The ESP32 reboots and will connect to your WiFi router.

Now you can reconnect and reload the page and change the “Soft AP Settings”. Click “Set” and again the ESP32 reboots. Now it is ready for forwarding traffic over the newly configured Soft AP. Be aware that these changes also affect the config interface, i.e. to do further configuration, connect to the ESP32 through one of the newly configured WiFi networks.

If you want to enter a ‘+’ in the web interface you have to use HTTP-style hex encoding like “Mine%2bYours”. This will result in a string “Mine+Yours”. With this hex encoding you can enter any byte value you like, except for 0 (for C-internal reasons).

It you want to disable the web interface (e.g. for security reasons), go to the CLI and enter:


[crayon-6628b8fd7c4be570893549 inline="true" ]nvs_namespace esp32_nat
nvs_set lock str -v 1

[crayon-6628b8fd7c4be570893549 inline="true" ]nvs_namespace esp32_nat

nvs_set lock str -v 1

[/crayon]

After restart, no webserver is started any more. You can only re-enable it with:


[crayon-6628b8fd7c4c7075745564 inline="true" ]nvs_namespace esp32_nat
nvs_set lock str -v 0

[crayon-6628b8fd7c4c7075745564 inline="true" ]nvs_namespace esp32_nat

nvs_set lock str -v 0

[/crayon]

If you made a mistake and have lost all contact with the ESP you can still use the serial console to reconfigure it. All parameter settings are stored in NVS (non volatile storage), which is not erased by simple re-flashing the binaries. If you want to wipe it out, use “esptool.py -p /dev/ttyUSB0 erase_flash”.

Access devices behind the router

If you want to access a device behind the esp32 NAT router? PC -> local router -> esp32NAT -> server

Lets say “server” is exposing a webserver on port 80 and you want to access that from your PC.
For that you need to configure a portmap (e.g. by connecting via the arduino IDE uart monitor through USB)


[crayon-6628b8fd7c4d7440552953 inline="true" ]portmap add TCP 8080 192.168.4.2 80
                                 ↑ port of the webserver
                            ↑ server's ip in esp32NAT network
                  ↑ exposed port in the local router's network

[crayon-6628b8fd7c4d7440552953 inline="true" ]portmap add TCP 8080 192.168.4.2 80

↑ port of the webserver

↑ server's ip in esp32NAT network

↑ exposed port in the local router's network

[/crayon]

Assuming the esp32NAT’s ip address in your local router is 192.168.0.57 you can acces the server by typing 192.168.0.57:8080 into your browser now.

Interpreting the on board LED

If the ESP32 is connected to the upstream AP then the on board LED should be on, otherwise off. If there are devices connected to the ESP32 then the on board LED will keep blinking as many times as the number of devices connected.

For example:

One device connected to the ESP32, and the ESP32 is connected to upstream:

*****.*****

Two devices are connected to the ESP32, but the ESP32 is not connected to upstream:

....*.*....

Command Line Interface

For configuration you have to use a serial console (Putty or GtkTerm with 115200 bps). Use the “set_sta” and the “set_ap” command to configure the WiFi settings. Changes are stored persistently in NVS and are applied after next restart. Use “show” to display the current config. The NVS namespace for the parameters is “esp32_nat”

Enter the help command get a full list of all available commands:


[crayon-6628b8fd7c500381347627 inline="true" ]help 
  Print the list of registered commands

free 
  Get the current size of free heap memory

heap 
  Get minimum size of free heap memory that was available during program execu
  tion

version 
  Get version of chip and SDK

restart 
  Software reset of the chip

deep_sleep  [-t <t>] [--io=<n>] [--io_level=<0|1>]
  Enter deep sleep mode. Two wakeup modes are supported: timer and GPIO. If no
  wakeup option is specified, will sleep indefinitely.
  -t, --time=<t>  Wake up time, ms
      --io=<n>  If specified, wakeup using GPIO with given number
  --io_level=<0|1>  GPIO level to trigger wakeup

light_sleep  [-t <t>] [--io=<n>]... [--io_level=<0|1>]...
  Enter light sleep mode. Two wakeup modes are supported: timer and GPIO. Mult
  iple GPIO pins can be specified using pairs of 'io' and 'io_level' arguments
  . Will also wake up on UART input.
  -t, --time=<t>  Wake up time, ms
      --io=<n>  If specified, wakeup using GPIO with given number
  --io_level=<0|1>  GPIO level to trigger wakeup

tasks 
  Get information about running tasks

nvs_set  <key> <type> -v <value>
  Set key-value pair in selected namespace.
Examples:
 nvs_set VarName i32 -v 
  123 
 nvs_set VarName str -v YourString 
 nvs_set VarName blob -v 0123456789abcdef 
         <key>  key of the value to be set
        <type>  type can be: i8, u8, i16, u16 i32, u32 i64, u64, str, blob
  -v, --value=<value>  value to be stored

nvs_get  <key> <type>
  Get key-value pair from selected namespace. 
Example: nvs_get VarName i32
         <key>  key of the value to be read
        <type>  type can be: i8, u8, i16, u16 i32, u32 i64, u64, str, blob

nvs_erase  <key>
  Erase key-value pair from current namespace
         <key>  key of the value to be erased

nvs_namespace  <namespace>
  Set current namespace
   <namespace>  namespace of the partition to be selected

nvs_list  <partition> [-n <namespace>] [-t <type>]
  List stored key-value pairs stored in NVS.Namespace and type can be specified
  to print only those key-value pairs.
  
Following command list variables stored inside 'nvs' partition, under namespace 'storage' with type uint32_t
  Example: nvs_list nvs -n storage -t u32 

   <partition>  partition name
  -n, --namespace=<namespace>  namespace name
  -t, --type=<type>  type can be: i8, u8, i16, u16 i32, u32 i64, u64, str, blob

nvs_erase_namespace  <namespace>
  Erases specified namespace
   <namespace>  namespace to be erased

set_sta  <ssid> <passwd>
  Set SSID and password of the STA interface
        <ssid>  SSID
      <passwd>  Password
  --, -u, ----username=<ent_username>  Enterprise username
  --, -a, ----anan=<ent_identity>  Enterprise identity

set_sta_static  <ip> <subnet> <gw>
  Set Static IP for the STA interface
          <ip>  IP
      <subnet>  Subnet Mask
          <gw>  Gateway Address

set_ap  <ssid> <passwd>
  Set SSID and password of the SoftAP
        <ssid>  SSID of AP
      <passwd>  Password of AP

set_ap_ip  <ip>
  Set IP for the AP interface
          <ip>  IP

portmap  [add|del] [TCP|UDP] <ext_portno> <int_ip> <int_portno>
  Add or delete a portmapping to the router
     [add|del]  add or delete portmapping
     [TCP|UDP]  TCP or UDP port
  <ext_portno>  external port number
      <int_ip>  internal IP
  <int_portno>  internal port number

show 
  Get status and config of the router

100

101

102

103

104

105

106

107

108

[crayon-6628b8fd7c500381347627 inline="true" ]help

Print the list of registered commands

free

Get the current size of free heap memory

heap

Get minimum size of free heap memory that was available during program execu

tion

version

Get version of chip and SDK

restart

Software reset of the chip

deep_sleep [-t <t>] [--io=<n>] [--io_level=<0|1>]

Enter deep sleep mode. Two wakeup modes are supported: timer and GPIO. If no

wakeup option is specified, will sleep indefinitely.

-t, --time=<t> Wake up time, ms

--io=<n> If specified, wakeup using GPIO with given number

--io_level=<0|1> GPIO level to trigger wakeup

light_sleep [-t <t>] [--io=<n>]... [--io_level=<0|1>]...

Enter light sleep mode. Two wakeup modes are supported: timer and GPIO. Mult

iple GPIO pins can be specified using pairs of 'io' and 'io_level' arguments

. Will also wake up on UART input.

-t, --time=<t> Wake up time, ms

--io=<n> If specified, wakeup using GPIO with given number

--io_level=<0|1> GPIO level to trigger wakeup

tasks

Get information about running tasks

nvs_set <key> <type> -v <value>

Set key-value pair in selected namespace.

Examples:

nvs_set VarName i32 -v

123

nvs_set VarName str -v YourString

nvs_set VarName blob -v 0123456789abcdef

<key> key of the value to be set

<type> type can be: i8, u8, i16, u16 i32, u32 i64, u64, str, blob

-v, --value=<value> value to be stored

nvs_get <key> <type>

Get key-value pair from selected namespace.

Example: nvs_get VarName i32

<key> key of the value to be read

<type> type can be: i8, u8, i16, u16 i32, u32 i64, u64, str, blob

nvs_erase <key>

Erase key-value pair from current namespace

<key> key of the value to be erased

nvs_namespace <namespace>

Set current namespace

<namespace> namespace of the partition to be selected

nvs_list <partition> [-n <namespace>] [-t <type>]

List stored key-value pairs stored in NVS.Namespace and type can be specified

to print only those key-value pairs.

Following command list variables stored inside 'nvs' partition, under namespace 'storage' with type uint32_t

Example: nvs_list nvs -n storage -t u32

<partition> partition name

-n, --namespace=<namespace> namespace name

-t, --type=<type> type can be: i8, u8, i16, u16 i32, u32 i64, u64, str, blob

nvs_erase_namespace <namespace>

Erases specified namespace

<namespace> namespace to be erased

set_sta <ssid> <passwd>

Set SSID and password of the STA interface

<ssid> SSID

<passwd> Password

--, -u, ----username=<ent_username> Enterprise username

--, -a, ----anan=<ent_identity> Enterprise identity

set_sta_static <ip> <subnet> <gw>

Set Static IP for the STA interface

<ip> IP

<subnet> Subnet Mask

<gw> Gateway Address

set_ap <ssid> <passwd>

Set SSID and password of the SoftAP

<ssid> SSID of AP

<passwd> Password of AP

set_ap_ip <ip>

Set IP for the AP interface

<ip> IP

portmap [add|del] [TCP|UDP] <ext_portno> <int_ip> <int_portno>

Add or delete a portmapping to the router

[add|del] add or delete portmapping

[TCP|UDP] TCP or UDP port

<ext_portno> external port number

<int_ip> internal IP

<int_portno> internal port number

show

Get status and config of the router

[/crayon]

If you want to enter non-ASCII or special characters (incl. ‘ ‘) you can use HTTP-style hex encoding (e.g. “My%20AccessPoint” results in a string “My AccessPoint”).

Flashing the prebuild Binaries

Get and install esptool:


[crayon-6628b8fd7c511708632800 inline="true" ]cd ~
python3 -m pip install pyserial
git clone https://github.com/espressif/esptool
cd esptool
python3 setup.py install

[crayon-6628b8fd7c511708632800 inline="true" ]cd ~

python3 -m pip install pyserial

git clone https://github.com/espressif/esptool

cd esptool

python3 setup.py install

[/crayon]

Go to esp32_nat_router project directory and build for any kind of esp32 target.

For esp32:

esptool.py --chip esp32 \
--before default_reset --after hard_reset write_flash \
-z --flash_mode dio --flash_freq 40m --flash_size detect \
0x1000 build/esp32/bootloader.bin \
0x8000 build/esp32/partitions.bin \
0x10000 build/esp32/firmware.bin

				
					
				1
2
3
4
5
6
7
8

						 
esptool.py --chip esp32 \
--before default_reset --after hard_reset write_flash \
-z --flash_mode dio --flash_freq 40m --flash_size detect \
0x1000 build/esp32/bootloader.bin \
0x8000 build/esp32/partitions.bin \
0x10000 build/esp32/firmware.bin
 

					

			

For esp32c3:

esptool.py --chip esp32c3 \
--before default_reset --after hard_reset write_flash \
-z --flash_size detect \
0x0 build/esp32c3/bootloader.bin \
0x8000 build/esp32c3/partitions.bin \
0x10000 build/esp32c3/firmware.bin

				
					
				1
2
3
4
5
6
7
8

						 
esptool.py --chip esp32c3 \
--before default_reset --after hard_reset write_flash \
-z --flash_size detect \
0x0 build/esp32c3/bootloader.bin \
0x8000 build/esp32c3/partitions.bin \
0x10000 build/esp32c3/firmware.bin
 

					

			

As an alternative you might use Espressif’s Flash Download Tools with the parameters given in the figure below (thanks to mahesh2000), update the filenames accordingly:

Note that the prebuilt binaries do not include WPA2 Enterprise support.

Building the Binaries (Method 1 – ESPIDF)

The following are the steps required to compile this project:

Download and setup the ESP-IDF.
In the project directory run make menuconfig (or idf.py menuconfig for cmake).
1. *Component config -> LWIP > [x] Enable copy between Layer2 and Layer3 packets.
2. *Component config -> LWIP > [x] Enable IP forwarding.
3. *Component config -> LWIP > [x] Enable NAT (new/experimental).
Build the project and flash it to the ESP32.

A detailed instruction on how to build, configure and flash a ESP-IDF project can also be found the official ESP-IDF guide.

Building the Binaries (Method 2 – Platformio)

The following are the steps required to compile this project:

Download Visual Studio Code, and the Platform IO extension.
In Platformio, install the ESP-IDF framework.
Build the project and flash it to the ESP32.

DNS

As soon as the ESP32 STA has learned a DNS IP from its upstream DNS server on first connect, it passes that to newly connected clients. Before that by default the DNS-Server which is offerd to clients connecting to the ESP32 AP is set to 8.8.8.8. Replace the value of the MY_DNS_IP_ADDR with your desired DNS-Server IP address (in hex) if you want to use a different one.

Troubleshooting

Line Endings

The line endings in the Console Example are configured to match particular serial monitors. Therefore, if the following log output appears, consider using a different serial monitor (e.g. Putty for Windows or GtkTerm on Linux) or modify the example’s UART configuration.


[crayon-6628b8fd7c533075075993 inline="true" ]This is an example of ESP-IDF console component.
Type 'help' to get the list of commands.
Use UP/DOWN arrows to navigate through command history.
Press TAB when typing command name to auto-complete.
Your terminal application does not support escape sequences.
Line editing and history features are disabled.
On Windows, try using Putty instead.
esp32>

[crayon-6628b8fd7c533075075993 inline="true" ]This is an example of ESP-IDF console component.

Type 'help' to get the list of commands.

Use UP/DOWN arrows to navigate through command history.

Press TAB when typing command name to auto-complete.

Your terminal application does not support escape sequences.

Line editing and history features are disabled.

On Windows, try using Putty instead.

esp32>

[/crayon]

esp32_nat_router-master

WT32_ETH01_V2.schematic

ESP32 NAT Router with WPA2 Enterprise support

Performance

First Boot

Web Config Interface

Access devices behind the router

Interpreting the on board LED

Command Line Interface

Flashing the prebuild Binaries

Building the Binaries (Method 1 – ESPIDF)

Building the Binaries (Method 2 – Platformio)

DNS

Troubleshooting

Line Endings

You Might Also Like

Micropython + ESP32 + MAX31865 + RTD PT100

RS232 isolation

digital isolater