💬 Building a Raspberry Pi Gateway

Anticimex

@masmat it needs to be defined prior to the inclusion of mysensors.h. That should be it. (on the arduino node that is).

alowhum

While on the subject: what would be the flags needed for setting the gateway to only use the simple encryption but not the (simple) signing feature?

I looked in the documentation and the node commands aren't mirrored for the gateway. I was hoping for something like:

--MY_SIGNING_SIMPLE_PASSWD=flowerpot77
--MY_ENCRYPTION_SIMPLE_PASSWD=spiderman41

gohan

It's actually not needed since you can still set signing as optional on gateway

Anticimex

@alowhum that feature is still only available for beta and is documented here: https://www.mysensors.org/apidocs-beta/group__SecuritySettingGrpPub.html

EDIT: not yet for rPi

Pull requests are welcome. I don't have time for this at the moment.

alowhum

Right. So is this correct?

NODES (arduino nano)
On all my nodes I will update them to have this code at the top:

#define MY_ENCRYPTION_SIMPLE_PASSWD spiderman41 // unfortunately Nano hardware doesn't really have enough memory for signing.
#define MY_RF24_CHANNEL 100 // in EU the default channel 76 overlaps with wifi.
#define MY_RF24_DATARATE RF24_1MBPS // slower datarate makes the network more stable?

GATEWAY (Raspberry Pi Zero W)
On my gateway I will use this configure code:

--my-security-password=spiderman41
--my-rf24-encryption-enabled
--my-signing-weak_security
--my-rf24-channel=100
--extra-cxxflags="-DMY_RF24_DATARATE=(RF24_1MBPS)"

Anticimex

@alowhum you will need to enable weak security as well as that will enable both signing and encryption with signature requirements from all nodes on the gw

alowhum

@Anticimex thanks!

as that will enable both signing and encryption with signature requirements from all nodes on the gw
But I don't want signing? Or do you mean that it will remove that requirement?

I only need to set that on the gateway, right?
I've also added a slower datarate, thinking that will also create a more stable connection. I am in a busy urban environment with lots of RF noise. Is that smart?

Anticimex

@alowhum I thought you did not want signing: "but not the (simple) signing feature?"

alowhum

Yes, I don't want signing. But what you wrote said that it wil ENABLE signing. Check your sentence. Probably a typo, but I wanted to make sure :-)

Anticimex

@alowhum the simple security flag enables signing yes.

alowhum

@alowhum said in 💬 Building a Raspberry Pi Gateway:

--my-signing-weak_security

But does the "--my-signing-weak_security" enable signing?

I want to disable signing completely. What flags do I need to use when building a gateway that only uses encryption?

Anticimex

@alowhum just don't use any flags mentioning signing, personalize the gw according to the documentation and pick the appropriate encryption flag.

MasMat

@anticimex I've built a new node, DHT11 that sends temp&hum data. I reconfigured Rpi with this:

sudo ./configure --my-transport=nrf24 --my-rf24-irq-pin=15 --my-signing-debug --my-signing=password --my-signing-password=XXXXXX --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-user=YYYY --my-mqtt-password=ZZZZZ --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-leds-err-pin=12 --my-leds-rx-pin=16 --my-leds-tx-pin=18

This is what I get in gw syslog:

Apr  2 22:53:11 DietPi mysgw: Starting gateway...
Apr  2 22:53:11 DietPi mysgw: Protocol version - 2.2.0
Apr  2 22:53:11 DietPi mysgw: MCO:BGN:INIT GW,CP=RNNGLSQX,VER=2.2.0
Apr  2 22:53:11 DietPi mysgw: !SGN:BND:PWD<8
Apr  2 22:53:11 DietPi mysgw: !SGN:INI:BND FAIL
Apr  2 22:53:11 DietPi mysgw: TSF:LRT:OK
Apr  2 22:53:11 DietPi mysgw: TSM:INIT
Apr  2 22:53:11 DietPi mysgw: TSF:WUR:MS=0
Apr  2 22:53:11 DietPi mysgw: TSM:INIT:TSP OK
Apr  2 22:53:11 DietPi mysgw: TSM:INIT:GW MODE
Apr  2 22:53:11 DietPi mysgw: TSM:READY:ID=0,PAR=0,DIS=0
Apr  2 22:53:11 DietPi mysgw: MCO:REG:NOT NEEDED
Apr  2 22:53:11 DietPi mysgw: MCO:BGN:STP
Apr  2 22:53:11 DietPi mysgw: MCO:BGN:INIT OK,TSP=1
Apr  2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT RECONNECT
Apr  2 22:53:11 DietPi mysgw: connected to 127.0.0.1
Apr  2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT CONNECTED
Apr  2 22:53:11 DietPi mysgw: GWT:TPS:TOPIC=mysensors-out/0/255/0/0/18,MSG SENT
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:READ,99-99-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:BC
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:FPAR REQ,ID=99
Apr  2 22:53:23 DietPi mysgw: TSF:PNG:SEND,TO=0
Apr  2 22:53:23 DietPi mysgw: TSF:CKU:OK
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:GWL OK
Apr  2 22:53:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=8
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
Apr  2 22:53:25 DietPi mysgw: TSF:MSG:READ,99-99-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
Apr  2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=24
Apr  2 22:53:25 DietPi mysgw: TSF:MSG:PINGED,ID=99,HP=1
Apr  2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=25
Apr  2 22:53:25 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1
Apr  2 22:54:18 DietPi mysgw: TSF:MSG:READ,99-99-0,s=1,c=3,t=16,pt=0,l=0,sg=0:
Apr  2 22:54:18 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16
Apr  2 22:54:18 DietPi mysgw: !SGN:NCE:GEN
Apr  2 22:54:23 DietPi mysgw: TSF:MSG:READ,99-99-0,s=0,c=3,t=16,pt=0,l=0,sg=0:
Apr  2 22:54:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16
Apr  2 22:54:23 DietPi mysgw: !SGN:NCE:GEN

This is kicking my butt... I cant understand that last part about the nonce :(
I will add the code from the node as soon as possible.

mfalkvidd

@masmat according to the log parser

mysgw: !SGN:BND:PWD<8

means the password is too short.

Anticimex

@masmat and this

!SGN:INI:BND FAIL

Means the signing backend failed to initialize. So you need to make the password longer.

MasMat

@mfalkvidd Made the password 10 characters. From looks of the logs, it's working now.
I cant believe I skipped the step of making the password longer... Just got too fixated on the password I came up with.

Anticimex

@masmat the nonce failures is because the backend never initialized so basically any call to the backend that can fail will fail.

alowhum

I just discovered these USB-to-NRF24 devices. Would it be possible to use that instead of connecting to the GPIO pins?

https://www.aliexpress.com/item/USB-wireless-serial-module-serial-to-nRF24L01-digital-communication-remote-control-acquisition-module-nRF2401/32722937957.html

mfalkvidd

@alowhum not with the existing code. Is there a datasheet that describes how these modules work?

One of the reviews says "have no idea wath software to use with this" so documentation might be hard to come by.

sineverba

Background: I use signing software on some nodes + whitelisting on a node (of course only PI serial is on the whitelist).

With current --development branch (I think 2.3.0alpha) I cannot anymore set my previous personalized flags on gateway RPI3.

In detail, with current master (2.2.0) I can do:

sudo mysgw --set-soft-hmac-key=F618D4[...]848992B
sudo mysgw --set-soft-serial-key=26[...]9
sudo mysgw --set-aes-key=EC7[...]CEB4

WIth development I did see only the --get[...] flags and cannot set anymore. Can you confirm?

How can I set my previous values for signing?

💬 Building a Raspberry Pi Gateway

16

11.7k

11.2k

113.1k