RSS

Running a VPN Gateway on an ESP32

kristianpaul1 pts0 comments

Running A VPN Gateway On An ESP32 | Hackaday

Skip to content

If you need a VPN gateway to access your home network, the fastest and most cost-effective way is probably by using a Raspberry Pi Zero. But in [Samir Makwana]’s view, an ESP32-S3 is just as capable for moderate use, and in some respects even superior.

This was possible thanks to the MicroLink project, which is a full implementation of a Tailscale client for the ESP32 family. In some ways the ESP32 worked better than a Raspberry Pi: it boots in two seconds rather than thirty, draws 0.5 Watts rather than 1.5, and there’s no chance of it failing due to a corrupted SD card. Compared to a Raspberry Pi, however, which can be set up as a Tailscale client in a few minutes, this took several hours to get running. The biggest issue was making sure that there was enough memory available for TLS handshakes, which was solved by enabling the ESP32’s PSRAM.

Once the VPN client is running, the ESP32 can be used as an SSH jump machine to access other devices on the home network, without needing to expose those machines to the open Internet. The ESP32 also hosts an HTTP server which can send a wake-on-LAN magic packet to another device on the local network, letting unused devices sleep without impairing their availability.

The ESP32 doesn’t provide much bandwidth — streaming video would cause issues — but it works well enough for lightweight applications. If you’re wanting to stream video from an ESP32, though, it is technically possible.

23 thoughts on “Running A VPN Gateway On An ESP32”

If you trust the Chinese code running on it, of course. All my Espressif devices live in a DMZ — I don’t want to hand the Cylons unfettered access to my internal network.

Report comment

Reply

You mean the "chinese" code, developed by "Malone Technologies" (USA) with sourcecode fully available on github to vet, presented through an article by "Samir Makwana" (India)?

Insert derogatory sentence about your comment here.

Report comment

Reply

I think the reference is to Espressif’s binary blobs for WiFI (Bluetooth, etc). It is unclear at best and disingenuous at worst.

Report comment

Reply

Alright, thats fair I guess.

Report comment

Reply

you mean the binary blobs that send packets over wifi that many people (including me) have gone over at length and not seen any packets we haven’t sent ourself?

Are you expecting a secret incoming call to turn it on? I suppose that’s possible, but then again it would have to be on the open internet (and not behind a firewall that didn’t allow incoming calls to get to it..)

If you are really worried about wifi blobs in embedded hardware chips – as distinct from finished products like wifi cameras..) you probably can’t be on the internet at all, with any device..

Report comment

Reply

We should fix that. I wonder if we could build an AI agent and just throw tokens at it? Maybe donating tokens could be the new crowdfunding?

Report comment

Reply

Sure, it’s much better to trust the Magaist companies ending in com. It’s not like there is a law in their country forcing them to capture and share any data if the government asks for.

Report comment

Reply

Jup it’s all a matter of what totalitarian regime you prefer.

Report comment

Reply

Sheesh! Where do you even begin with a comment like this?

Time to take off the tin foil hat.

tds again…

Report comment

Reply

Where do you begin?

You read the first sentence, then you go look up ‘FISA Court’ and the laws that enable it.

Then you go look up the obvious abuses that it has caused… If you can wade through the redactions, because everything involving the court is heavily classified or otherwise gagged. The court is officially acknowledged though. And there have been several instances of people breaking gag orders if you want to research what goes on there.

Report comment

Reply

There is active work to RE the wifi blobs and replace them. Already it’s possible to stop using them entirely after the initial calibration of the radio, and from that point on run only open source code.

Report comment

Reply

Only ppl who doesn’t know better use such code. You code your own ok?

Report comment

Reply

With the sheer amount of scrutiny these chips are under by everyone from hobbyists to security specialists and even Intelligence agencies. If those binary blobs had any backdoors or a tendency to phone home i would honestly assume we have long heard by now. There was that issue last year. But that wasn’t so much a case of it having a door in that it could open them for you…

That said. I do employ caution when it comes to the version. For if for whatever reason a compromised blob enters rotation it could spread and cause damage before its nefarious nature gets caught. So i try to avoid brand new blobs most of the time.

Report comment

Reply

Not sure if this is an SSH tunnel or a VPN or a Tailscale setup.

All his devices sit in his home network why setup Tailscale for...

comment report reply esp32 running blobs

Related Articles

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.