Home

Awesome

ESP8266MQTTMesh

Self-assembling mesh network built around the MQTT protocol for the ESP8266 with OTA support

NOTE 2020-04

I no longer have resources to work on this, and there are several issues that need to be addressed. If you have the desire and skill to contribute to this project, please comment on https://github.com/PhracturedBlue/ESP8266MQTTMesh/issues/75 and I will consider your offer of help

Overview

This code provides a library that can build a mesh network between ESP8266 devices that will allow all nodes to communicate with an MQTT broker. At least one node must be able to see a wiFi router, and there must be a host on the WiFi network running the MQTT broker. Nodes cannot (generally) communicate between themselves, but instead forward all messages through the broker. Each node will expose a hidden AP which can be connected to from any other node on the network. Note: hiding the AP does not provide any additional security, but does minimize the clutter of other WiFi clients in the area.

Additionally the library provides an OTA mechanism using the MQTT pathway which can update any/all nodes on the mesh.

This code was developed primarily for the Sonoff line of relays, but should work with any ESP8266 board with sufficient flash memory

Further information about the mesh topology can be found here

Note for version >= 1.0

As of version 1.0 the nodes no longer need to connect to the broker once before use. Nodes can self-identify other nodes automatically and do not store any needed state on the broker. Nodes use the MAC address to identify other nodes, and the ESP8266MQTTMesh code will change the node's MAC address to match the required pattern. The MAC addresses are based on both the node's chipID as well as the mesh password, ensuring that each node will have a unique MAC address as well as that multiple meshes can run in the same area independently.

Also, he ESP8266MQTTMesh code no longer uses the SPIFFS file-system. If you need it, you'll need to initialize it yourself. If the mesh is configured to use SSL between nodes, the SSL certs need to be provided during initalization

OTA

While all nodes must run the same version of the ESP8622MQTTMesh library, each node may run a unique firmware with independent purposes. The main purpose behind this library was to provide a backbone on which several home-automation sensors could be built. As such each node may need different code to achieve its purpose. Because firmwares are large, and memory is limited on the ESP8266 platform, there is only a single memory area to hold the incoming firmware. To ensure that a given firmware is only consumed by the proper nodes, The firmware defines a unique identifier that distinguishes itself from other code. A given firmware is broadcast from the MQTT broker to all nodes, but only nodes with a matching ID will update.

Using the Library

Prerequisites

This library has been converted to use Asynchronous communication for imroved reliability. It requires the following libraries to be installed

PlatformIO is strongly recommended, and installation instructions can be found here).

NOTE: Enabling SSL will add ~70kB to the firmware size, and may make it impossible to use OTA updates depending on firmware and flash size.

If OTA support is desired, the esp8266 module must have at least 1M of Flash (configured as >=784k ROM). The OTA image is stored between the end of the firmware image and the beginning of the filesystem (i.e. not in the filesystem itself) or the end of flash if no filesystem is present. Thus, ithe maximum firmware size is ~ 1/2 the available Flash.

Library initialization

The ESP8266MQTTMesh only requires 2 parameters to initialize, but there are many additional optional parameters:

ESP8266MQTTMesh mesh = ESP8266MQTTMesh::Builder(networks, mqtt_server, mqtt_port).build();

Additional Parameters can be enabled via the Builder for example:

ESP8266MQTTMesh mesh = ESP8266MQTTMesh::Builder(networks, mqtt_server, mqtt_port)
                       .setVersion(firmware_ver, firmware_id)
                       .setMeshPassword(password)
                       .build();

These additional parameters are specified before calling build(), and as few or as many can be used as neeeded.

setVersion(firmware_ver, firmware_id)
setMqttAuth(username, password)
setMeshPassword(password)
setMeshSSID(ssid)
setMeshPort(port)
setTopic(in_topic, out_topic)

If SSL support is enabled, the following optional parameters are available:

setMqttSSL(enable, fingerprint)
setMeshSSL(cert, cert_len, key, key_len, fingerprint)

Interacting with the mesh

Besides the constructor, the code must call the begin() method during setup.

If messages need to be received by the node, execute the callback() function during setup with a function pointer (prototype: void callback(const char *topic, const char *payload))

To send messages to the MQTT broker, use one of the publish methods:

publish(topic, payload, msgCmd)
publish_node(topic, payload, msgCmd)

The publish function sends messages with the out_topic prefix, and will not be relayed to any nodes. The publish_nodes function will send messages with the in_topic prefix and will be relayed back to all nodes

SSL support

SSL support is enabled by defining ASYNC_TCP_SSL_ENABLED=1. This must be done globally during build.

Once enabled, SSL can be optionally enabled between the node and the MQTT broker or between mesh nodes (or both).

Using SSL with the MQTT Broker

WARNING: Make sure you do not use SHA512 certificate signatures on your MQTT broker. They are not suppoorted by ESP8266 properly Using an optional fingerprint ensures that the MQTT Broker is the one you expect. Specifying a fingerprint is useful to prevent man-in-the-middle attacks. The fingerprint can be generated by running:

utils/get_mqtt_fingerprint.py --host <MQTT host> --post <MQTT port>

This will also check the signature to make sure it is compatible with ESP8266

Using SSL between mesh nodes

NOTE: Enabling SSL between mesh nodes should not provide additional security, since the mesh connections are already secured via WPA, so enabling this is not recommended

Generate the certificate, key and fingerprint:

utils/gen_server_cert.sh

Add the resulting ssl_cert.h to your project. then add to the Builder setMeshSSL(ssl_cert, ssl_cert_len, ssl_key, ssl_key_len, ssl_fingerprint)