SmartESP.netbeta
SmartESP
EnRu

Easy start for automatization with ESP8266

Network structure

The SmartESP service can control your project only if it has an address. On the Internet, an address is an IP code and a port, for example:

IP – 124.217.51.102, port – 2345, together: 124.217.51.102:2345.

Access to your ESP board can be in two ways: direct access via the public IP address and access via a VPN (Virtual Private Network) connection. Direct access requires you to have a permanent IP address that will be available for all users on the Internet. So, you will have to ensure that your router is protected from possible hacker attacks. With a VPN connection, your router connects to our server and also receives an IP address, but not a public one, but a private one, which will be hidden from others. We recommend the VPN connection option as it is simpler and more secure.


Ideal network structure

As you can see in the scheme, the ideal network assumes that multiple routers will be used. One Main Router, which is a gateway to the Internet, has a powerful processor and a WiFi net to connect home users with high traffic, plus it can establish a VPN connection. Additional Secondary Routers, cheaper and with more modest parameters, are also connected to Main Router, their task is to provide a low-load, but the stable connection with ESP boards. Of course, such a scheme is optional, and you can connect absolutely all devices and home users, and ESP boards to one Main Router.

Usually, the VPN connection is placed on the primary router. Most often it is chosen because the ISP cannot provide you with a public IP address. We will use a VPN connection using the popular and simple PPTP protocol. First, you need to log in to your account, and then go to the "VPN service" tab. Press the button "New VPN-service" and put any name. You can have multiple VPNs if you want to combine all your smart devices into one smart network. Moreover, the devices may be located in different places. After adding, a line will appear in the table, at the beginning of which there will be a plus symbol. Clicking on it will display the VPN service settings, which should be kept private.

You can go to the router settings. First, you need to check if your router supports the VPN client. Then, based on the router model, search the Internet, for example, by request "TP-LINK XXX router VPN setup". Next, we give instructions using the Mikrotik router as an example (using the WinBox program). Configuration begins with the "Interfaces" section, where a list of all connections is displayed:

Click the plus symbol in the upper left corner and select the "PPTP Client" option from the list. The settings window will open, where in the "Dial Out" tab you should specify:

  • Connect To: smartesp.net
  • User: login which you got in SmartESP, in this example is smart337665vpn7
  • Password: password which you got in SmartESP
Then you need to click on the "Apply" button and go to the "Status" tab, if everything was done correctly, then the connection information will be displayed.

 

Now we need to make sure that our server can communicate with many smart devices through one connection. The list of all devices on your local network can be viewed by going to the "IP -> DHCP Server" section, and then to the "Leases" tab.

By default, your router, issues dynamic (temporary) IP addresses to devices on the local network. That is, today your ESP has the address 192.168.88.100, and if you turn it off and on again, the router can give it a different IP address, for example 192.168.88.105. This is not good, we need a connection with a specific IP address, so we need the device will have a static IP address. To do this, you need to perform the operation of translating a dynamic IP address into a static one. This is done simply: right-click on the current address and select the "Make Static" action in the list. Now this address will be assigned only to this device (binding by the MAC address). 

After all your ESP has received static addresses, you need to set access ports. When accessing this port, the router will redirect the request to a specific ESP. We recommend selecting port numbers starting from 1000. Usually, the port number contains part of the device's IP address.

You need to open the "IP -> Firewall" window and go to the "NAT" tab:

Click on the plus symbol in the upper left corner, go to the "General" tab and set three parameters:

  • Chain: dstnat
  • Protocol: tcp
  • Dst.Port: port number of your choice, for example, for ESP with IP 192.168.88.135 you can choose 1135

Next, go to the "Action" tab and set the following parameters:

  • Action: netmap
  • To Addresses: 192.168.88.135 (The controller's IP address in the local network)
  • To Ports: 80
 

Ready! This must be done with other ESP boards that want to work with the SmartESP service. Now let's go back to the Account and open the project settings. You should specify access to the board IP address (you can get it on the "VPN service" tab) and port. For our example, this would be:

Now you can check the availability of the ESP, for this the easiest way is to open the board service window:

It is important that this access method is possible only when you have a static or public IP address. To check this, contact your ISP and request a IP address. You can check and find out your current IP-address here: https://portchecker.co

After you have found your IP address, you need to do the "port forwarding" procedure on your local network router. The easiest way is to find the model of your router and search it on the Internet, for example, by requesting "TP-LINK XXX port forwarding". Or, you can read our instructions below on the example for a Mikrotik router.

Your local network will have internal addresses like 192.168.0.1-255, or for Mikrotik: 192.168.88.1-255. Routers from different manufacturers prefer to use different addresses space, but the router itself is the first on this list. For example, for our local network, the address of the router will be 192.168.88.1, which must be opened in the browser http://192.168.88.1 or opened in the "WinBox" program. After doing this, we get to the administrative panel of the router, where we need to set the settings.

You need to open the "IP -> Firewall" window and go to the "NAT" tab:

Most likely, there is already at least one "masquerade" rule for the "WAN" interface, which provides transition of local network requests to the global Internet. Our task will be to provide access from the Internet to one of your boards. The list of all devices on your local network can be viewed by going to the "IP -> DHCP Server" section, and then to the "Leases" tab.

Let's your board has a local IP address 192.168.88.100, and your static IP address given from ISP is 159.214.25.5. Then, for each board, we need to allocate a specific port, when requesting which, the router will redirect all data to a specific device. That is, for example, if you request the address and port 159.214.25.5:3306, then the request will be redirected to the device 192.168.88.100:80 (80 is the standard web port for HTTP). You can set almost any port number on the external IP address, but it is better not to use some basic 80, 443, etc. We recommend selecting port numbers starting from 1000.

Your router, by default, assigns dynamic (temporary) IP addresses to devices on the local network. That is, today your controller has the address 192.168.88.100, and if you turn it off and on again, the router can give it a different IP address, for example 192.168.88.105. This does not good, because we will be creating a tunnel with a specific IP address, so we need to be certain that the device will have a static local IP address. To do this, you need to change a dynamic IP address into a static one. This is done simply: right-click on the current address and select "Make Static". Now, this address will be assigned only to this device (binding by the MAC address). In the list, these static IP addresses can be easily defined by the missing "D" in front of them.

Now let's create a rule for linking external and internal IP addresses. Let's go back to "Firewall" and click on the "plus":

Go to the "General" tab and set three parameters:

  • Chain: dstnat
  • Protocol: tcp
  • Dst.Port: 3306 (of your choice)
Next, go to the "Action" tab and set the parameters:

  • Action: netmap
  • To Addresses: 192.168.88.100 (Board's IP address in the local network)
  • To Ports: 80

 

Ready! Now, to test the device's operation, you can type http://159.214.25.5:3306 in the browser and see the board's response, as if you had typed http://192.168.88.100.

Important! You cannot access your external IP address from the inside, so use a different internet connection for the test, such as a smartphone and mobile network.