-
Notifications
You must be signed in to change notification settings - Fork 414
Home
Martin Gergeleit edited this page Mar 6, 2026
·
6 revisions
This is a firmware to use the ESP32 as WiFi NAT router. It routes between the network of the AP interface and the STA or ETH interface as uplink network. It can also work as a VPN router using WireGuard as uplink.
Use cases:
- Simple range extender for an existing WiFi network
- An additional WiFi network with different SSID/password and restricted access for guests or IOT devices
- VPN-Router using WireGuard
- Converter from a corporate (WPA2-Enterprise) network to a regular (WPA-PSK) network for simple devices
- Classic WiFi router with Ethernet uplink
- MCP-server to control your network using agentic AI
- Debugging and monitoring of WiFi devices
- NAT Routing: Full WiFi NAT router with IP forwarding (15+ Mbps throughput)
- WireGuard VPN: Optional VPN tunnel for upstream traffic with automatic MSS clamping and Path MTU
- DHCP Reservations: Assign fixed IPs to specific MAC addresses
- Port Forwarding: Map external ports to internal devices
- Firewall: Define ACL to restrict or monitor traffic
- PCAP Capture: Live packet capture can be streamed to Wireshark or other network tools
- WPA2-Enterprise Support: Connect to corporate networks (PEAP, TTLS, TLS) and convert them to WPA2-PSK
- Ethernet Support: Use a W32-ET01 board with LAN8720 PHY to get Ethernet uplink
- Web Interface: Web UI with password protection for easy configuration
- Serial Console: Full CLI for advanced configuration
- Remote Console: Network-accessible CLI via TCP (password protected, per-interface binding)
- LED Status Indicator: Visual feedback for connection and traffic status
- OLED Display: Status display on 72x40 I2C SSD1306 OLEDs (as found on some ESP32-C3 mini boards)
- MCP Bridge (AI-Ready): BETA - Control the router from AI assistants (Claude, etc.) via the Model Context Protocol
- Home-Assistant Integration: Status of the router and its known clients available via MQTT
- Portability: Runs on all WiFi-enabled ESP32 types (not ESP8266 - look here instead: esp_wifi_repeater)
The maximum number of simultaneously connected WiFi clients is 8 (5 on the ESP32c3) due to RAM limitations.
After first boot the ESP32 NAT Router will offer a WiFi network with an open AP and the ssid "ESP32_NAT_Router". Configuration can either be done via a web interface or via the serial console.
- Connect to the "ESP32_NAT_Router" WiFi network
- Open
http://192.168.4.1in your browser - Configure your upstream WiFi and AP settings
- Save and reboot
- Web Interface — Web UI pages, security, backup/restore
- WiFi and Network — DHCP reservations, port forwarding, WPA2-Enterprise, TTL, DNS
- Firewall — ACL packet filtering rules and configuration
- Packet Capture — PCAP streaming to Wireshark
- WireGuard VPN — VPN tunnel configuration and server setup
- Remote Console — Network-accessible CLI via TCP
- MCP Bridge — AI assistant integration via Model Context Protocol
- MQTT-Home-Assistant — Integration via MQTT
- CLI Reference — Full command listing for the serial/remote console
- Hardware — LED status, OLED display, antenna switch, factory reset
- WT32-ETH01 — Ethernet uplink variant (LAN8720 PHY)
- Installation — Flashing pre-built binaries
- Building — Compiling from source with ESP-IDF or PlatformIO