Flashing WLED to WT32-ETH01

The WT32-ETH01 is an ESP32 board that includes a 100Mb ethernet port. They usually cost around £15 in the UK and are great for driving pixel LEDs usng WLED and xLights over a LAN. Unlike WiFi, there's no bandwidth or latency issues.

They are relatively easy to flash to run WLED, but you'll need a USB to TTL adapter. I use an FT232 adapter by Moyina from Amazon (approx £10) with a switchable 3.3v/5.5v output.

The flash process is documented on the WLED Discourse group but I've summarised it here too.

https://wled.discourse.group/t/wt32-eth01-lan-wifi-flash-tutorial/2786/8

First, download the the flash tools from Expressif. Unzip the download to a new folder and you should see something like flash_download_tool_x.y.z.exe.

https://www.espressif.com/en/support/download/other-tools

Now download WLED from https://github.com/Aircoookie/WLED/releases.

You'll need the latest release WLED_0.xx.y_ESP32_Ethernet.bin and the bootloader file.

At the time of writing, esp32_bootloader_v4.bin was available as part of the 0.13.1 release.

Now connect up the WT32-ETH01 board to the USB adapter. Set the USB adapter to 5v and connect:

USB->ESP32

VCC -> 5v

GND -> GND

TXD -> RX0

RXD -> TX0

Be careful not to apply power to the LINK pin or reverse 5v/GND as they are close together.

Connect a jumper wire between GND and IO0 (next 2 pins after RX0) to put the ESP32 into programming mode. When plugged into a computer, both devices should power-up.

Now start the ESP32 flashing tool. Choose ESP32 and Develop mode.

In the first two boxes, click "..." and choose the bootloader bin and then repeat for the WLED bin. For the bootloader, put 0x0 after the @. Put 0x10000 after the WLED binary. Make sure both selections are ticked and the filenames appear in green. If they aren't selected, the tool won't flash the files.

Change SPI mode to DOUT.

Select the COM port that matches your USB to TTL adapter - it's a drop down so if nothing is shown make sure the drivers for your adapter are installed.

Click START and it should show the MAC addresses of the WT32-ETH01 board and begin flashing.

After the flash has completed you can remove the power, remove the link to IO0 and re-apply the power. WLED should start an access point that you can join with your mobile phone. At this point you may need to switch to a different 5v supply as some USB adapters can't supply enough power to configure the 100Mb ethernet connection.

WireGuard VPN between MikroTik RouterOS v7 and FRITZ!Box 7530

MikroTik routers are very flexible but are sometime complex to configure. FRITZ!Box routers take a different approach and have a simpler interface with wizards to setup connections.

FRITZ!Box routers use IKEv1 aggressive mode for IPSEC VPNs which can cause some interoperability challenges when connecting to another vendor's device. WireGuard VPNs are relatively easy to setup if you have different brands of devices or if you to deal with dynamic IP addresses.

Although FRITZ!Box routers use configuration files for WireGuard, it's possible to create a connection to a MikroTik device. You will need RouterOS v7 for this, as WireGuard is not available in v6. For the FRITZ!Box use FRITZ!OS 7.50 or later. Both vendors have their own dynamic DNS services which is useful if you don't have static IPs.

In this example, 192.168.7.0/24 is the FRITZ!Box network and 192.168.4.0/24 is the MiktroTik network.

1. Create a new WireGuard interface on the MikroTik. Set the MTU to 1412 (It appears the FRITZ!Box uses this, 40 byte for WireGuard with IPv6 + 8 byte PPPoE).
2. Don't set any IP address on the new WireGuard interface. Instead, add an IP route to the remote FRITZ!Box subnet and set the WireGuard interface as the gateway.
   
3. Add IPv4/IPv6 firewall rules to allow input UDP traffic on the chosen WireGuard port from the WAN along with any appropriate LAN <->VPN access via the new WireGuard interface.
4. Add a mangle rule to limit the MSS to 1352 on traffic to/from the new WireGuard interface.
   
   

   
5. On the FRITZ!Box, add a new WireGuard connection (Internet -> Permit Access -> WireGuard VPN).
   
   
6. Set as a manual connection
   

   
7. Enter the details from the MikroTik. Don't forget to add the port number to the host name, separated by a colon.

   
8. Download the settings to a safe place as you'll need these for the next step.

   
9. Open the downloaded file in a text editor.

   
10. Add a new WireGuard peer using the information from the configuration file.

    

    
    

    If everything is working you'll see the MikroTik show Rx/Tx bytes and a last handshake value. On the FRITZ!Box you'll see a green indicator against the connection.