Home > Enterprise >  ESP32 secure connection to VPS
ESP32 secure connection to VPS

Time:09-13

I have an ESP32 running in a private network behind a firewall. Now I would like that the ESP32 is submitting it's sensor readings via MQTT to the VPS running e.g. Node-RED. Running this setup within the private network works, but now I am struggling to conceptualize the secure connection to the VPS through my firewall.

The options I am aware of are:

  • Opening a port/ Port forwarding: Simple, but makes my more network vulnerable
  • Holepunching via UDP: I read about it, but the implementation seems a bit too difficult for my skill/knowledge-level
  • Communication between ESP and VPS via HTTPS: I would like to use MQTT to avoid the overhead, have better battery performance, publish/subscribe, etc.
  • Using TLS/SSL for communication between ESP and VPS
  • Setting up a DMZ, though even in that case proper security measures are needed
  • VPN between your ESP32 and VPS

So my questions are:

  • Would it be a good practice/secure way to open a port and let the ESP32 communicate with the VPS over TLS/SSL? Or does that still open vulnerabilities?
  • Could I set both, VPS and ESP32, to just accept connections from their static IP adresses? In theory that seems to be a quite straightforward approach? Or let my firewall only accept connections from these IP adresses on port 8883?
  • What would be the most beginner-friendly and secure way? (VPN, TLS/SSL, firewall settings, etc.)

I read already quite some threads, but these questions still remained. Some clarification would be really appreaciated, since I am still learning a lot about networking.

CodePudding user response:

I think you have a misunderstanding about how MQTT works.

The MQTT Client (the ESP32) makes a single outbound connection to the MQTT broker (on the VPS) that all messages in both directions (publishes and subscriptions) flow. This means the following:

  • Only the VPS needs a static IP address (so the ESP32 knows where to find it)
  • You can run MQTT over TLS (the VPS will need a certificate)
  • You will need to open the MQTT port on VPS to allow the client to connect

Using TLS will be significantly easier than trying to run a VPN either on the ESP32 or on the router for that network.

Page link:https//www.codepudding.com/Enterprise/542349.html

Prev:How to test React web app on mobie device
Next:How to securely pass credentials in python?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding