💬 Building a Raspberry Pi Gateway
-
@gohan I did, I will post it (but it appears to send normally). But the only things I changed was:
- Rpi configure added: --my-signing=password --my-signing-password=ZZZZZZ
- In the nodes code: #define MY_SIGNING_SIMPLE_PASSWD = "ZZZZZZ"
-
@masmat check that the version you are using (release or beta) match your use of the simple flags, as they differ at the moment.
@anticimex Both Arduino IDE is 2.2 and Rpi is compiled with 2.2 stable.
I'm seeing !TSF:MSG:SIGN FAIL in the serial monitor so something is not compatible... I will try making password >8 characters next (currently 6).I will also add those parameters to see if that makes a difference before reuploading arduino code
-
@anticimex Both Arduino IDE is 2.2 and Rpi is compiled with 2.2 stable.
I'm seeing !TSF:MSG:SIGN FAIL in the serial monitor so something is not compatible... I will try making password >8 characters next (currently 6).I will also add those parameters to see if that makes a difference before reuploading arduino code
-
@anticimex This is what's happening in the gw:
TSF:MSG:READ,36-192-15,s=69,c=0,t=81,pt=1,l=21,sg=0:221
!TSF:MSG:LEN,16!=28
TSF:MSG:READ,75-68-77,s=48,c=1,t=110,pt=1,l=25,sg=1:249
!TSF:MSG:LEN,16!=32The parser didn't really help much: more baffled than before....and I came away from the troubleshooting guide feeling really stupid :)
-
@anticimex This is what's happening in the gw:
TSF:MSG:READ,36-192-15,s=69,c=0,t=81,pt=1,l=21,sg=0:221
!TSF:MSG:LEN,16!=28
TSF:MSG:READ,75-68-77,s=48,c=1,t=110,pt=1,l=25,sg=1:249
!TSF:MSG:LEN,16!=32The parser didn't really help much: more baffled than before....and I came away from the troubleshooting guide feeling really stupid :)
-
@anticimex I think he didn't use all the parameters for the configure, right?
-
@anticimex I think he didn't use all the parameters for the configure, right?
@gohan the simple flags should not need more args, but I don't use a rPi as gw so I honestly am not sure exactly the args to use. The beta documentation has clear instructions for rPi signing, but those are specifically for beta branch and probably don't map exactly to the release yet.
-
@anticimex I think he didn't use all the parameters for the configure, right?
@gohan The whole configure-line:
sudo ./configure --my-transport=nrf24 --my-rf24-irq-pin=15 --my-signing=software --my-signing-request-signatures --my-signing-weak_security --my-signing-debug --my-signing=password --my-signing-password=ZZZZZZ --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-user=XXXX --my-mqtt-password=YYYYY --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-leds-err-pin=12 --my-leds-rx-pin=16 --my-leds-tx-pin=18If anyone can tell what's missing or if there's a typo?
-
@gohan The whole configure-line:
sudo ./configure --my-transport=nrf24 --my-rf24-irq-pin=15 --my-signing=software --my-signing-request-signatures --my-signing-weak_security --my-signing-debug --my-signing=password --my-signing-password=ZZZZZZ --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-user=XXXX --my-mqtt-password=YYYYY --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-leds-err-pin=12 --my-leds-rx-pin=16 --my-leds-tx-pin=18If anyone can tell what's missing or if there's a typo?
-
@gohan The whole configure-line:
sudo ./configure --my-transport=nrf24 --my-rf24-irq-pin=15 --my-signing=software --my-signing-request-signatures --my-signing-weak_security --my-signing-debug --my-signing=password --my-signing-password=ZZZZZZ --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-user=XXXX --my-mqtt-password=YYYYY --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-leds-err-pin=12 --my-leds-rx-pin=16 --my-leds-tx-pin=18If anyone can tell what's missing or if there's a typo?
@masmat you have redundant flags. The password option require no other signing flags. Only if you select software as signing backend you need other options (and none of the simple flags)
And remember that if you use software signing and not password signing, you need to personalize the GW and/or node.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@masmat you have redundant flags. The password option require no other signing flags. Only if you select software as signing backend you need other options (and none of the simple flags)
And remember that if you use software signing and not password signing, you need to personalize the GW and/or node.
@anticimex I thought so too, but I'm grasping at straws to get the signing to work.
To clarify, is the following enough for simple signing: --my-signing-debug --my-signing=password --my-signing-password=ZZZZZZAnd the arduino code #define MY_SIGNING_SIMPLE_PASSWD = "ZZZZZZ"
Any difference where it's placed in the code? Anything else to check for? -
@anticimex I thought so too, but I'm grasping at straws to get the signing to work.
To clarify, is the following enough for simple signing: --my-signing-debug --my-signing=password --my-signing-password=ZZZZZZAnd the arduino code #define MY_SIGNING_SIMPLE_PASSWD = "ZZZZZZ"
Any difference where it's placed in the code? Anything else to check for? -
While on the subject: what would be the flags needed for setting the gateway to only use the simple encryption but not the (simple) signing feature?
I looked in the documentation and the node commands aren't mirrored for the gateway. I was hoping for something like:
--MY_SIGNING_SIMPLE_PASSWD=flowerpot77
--MY_ENCRYPTION_SIMPLE_PASSWD=spiderman41 -
While on the subject: what would be the flags needed for setting the gateway to only use the simple encryption but not the (simple) signing feature?
I looked in the documentation and the node commands aren't mirrored for the gateway. I was hoping for something like:
--MY_SIGNING_SIMPLE_PASSWD=flowerpot77
--MY_ENCRYPTION_SIMPLE_PASSWD=spiderman41@alowhum that feature is still only available for beta and is documented here: https://www.mysensors.org/apidocs-beta/group__SecuritySettingGrpPub.html
EDIT: not yet for rPi
Pull requests are welcome. I don't have time for this at the moment.
-
Right. So is this correct?
NODES (arduino nano)
On all my nodes I will update them to have this code at the top:#define MY_ENCRYPTION_SIMPLE_PASSWD spiderman41 // unfortunately Nano hardware doesn't really have enough memory for signing.
#define MY_RF24_CHANNEL 100 // in EU the default channel 76 overlaps with wifi.
#define MY_RF24_DATARATE RF24_1MBPS // slower datarate makes the network more stable?GATEWAY (Raspberry Pi Zero W)
On my gateway I will use this configure code:--my-security-password=spiderman41
--my-rf24-encryption-enabled
--my-signing-weak_security
--my-rf24-channel=100
--extra-cxxflags="-DMY_RF24_DATARATE=(RF24_1MBPS)" -
Right. So is this correct?
NODES (arduino nano)
On all my nodes I will update them to have this code at the top:#define MY_ENCRYPTION_SIMPLE_PASSWD spiderman41 // unfortunately Nano hardware doesn't really have enough memory for signing.
#define MY_RF24_CHANNEL 100 // in EU the default channel 76 overlaps with wifi.
#define MY_RF24_DATARATE RF24_1MBPS // slower datarate makes the network more stable?GATEWAY (Raspberry Pi Zero W)
On my gateway I will use this configure code:--my-security-password=spiderman41
--my-rf24-encryption-enabled
--my-signing-weak_security
--my-rf24-channel=100
--extra-cxxflags="-DMY_RF24_DATARATE=(RF24_1MBPS)" -
@Anticimex thanks!
as that will enable both signing and encryption with signature requirements from all nodes on the gw
But I don't want signing? Or do you mean that it will remove that requirement?I only need to set that on the gateway, right?
I've also added a slower datarate, thinking that will also create a more stable connection. I am in a busy urban environment with lots of RF noise. Is that smart? -
@Anticimex thanks!
as that will enable both signing and encryption with signature requirements from all nodes on the gw
But I don't want signing? Or do you mean that it will remove that requirement?I only need to set that on the gateway, right?
I've also added a slower datarate, thinking that will also create a more stable connection. I am in a busy urban environment with lots of RF noise. Is that smart?
