- Sat Feb 16, 2019 1:50 am
#80579
rudy wrote:Do you mean that MQTT is used to acquire the IP of the devices, and then the devices can communicate with each other via IP and not through the MQTT broker?
It is more or less the other way round:
All devices and some backend controllers can reach a known common MQTT broker (of course via TCP). This is the usual case in an MQTT-based IoT application. However often distributed devices are hidden in various IP subnets behind NAT routers and you cannot reach them directly from the outside and the devices cannot communicate with each other.
With this VPN driver IP packets are send as payload of MQTT packets. All connected devices will have an additional IP address in a separate IP subnet and can directly reach each other via tunneled plain IP. It acts like an additional LAN between all these devices.
Possible use cases are:
- you can reach an HTTP server on the device anywehre in the world
- distributed devices can have arbitrary IP traffic with each other
- you can login into some kind of device managment
This can be done via MQTT over TLS (not yet enabled for the ESP). And in the near future MQTT login wil be used and the IP packets as payload can be additionally authenticated and encrypted using symmetrical crypto (probably libsodium). This means that you really have a secured VPN between your devices.
Of course you can implement the same flow of information directly via exchanging some kind of MQTT topics, but this VPN solutions enables a re-use of all existing IP protocols, especially HTTP to the devices.