💬 Building a Raspberry Pi Gateway

alowhum

Right. So is this correct?

NODES (arduino nano)
On all my nodes I will update them to have this code at the top:

#define MY_ENCRYPTION_SIMPLE_PASSWD spiderman41 // unfortunately Nano hardware doesn't really have enough memory for signing.
#define MY_RF24_CHANNEL 100 // in EU the default channel 76 overlaps with wifi.
#define MY_RF24_DATARATE RF24_1MBPS // slower datarate makes the network more stable?

GATEWAY (Raspberry Pi Zero W)
On my gateway I will use this configure code:

--my-security-password=spiderman41
--my-rf24-encryption-enabled
--my-signing-weak_security
--my-rf24-channel=100
--extra-cxxflags="-DMY_RF24_DATARATE=(RF24_1MBPS)"

Anticimex

@alowhum you will need to enable weak security as well as that will enable both signing and encryption with signature requirements from all nodes on the gw

alowhum

@Anticimex thanks!

as that will enable both signing and encryption with signature requirements from all nodes on the gw
But I don't want signing? Or do you mean that it will remove that requirement?

I only need to set that on the gateway, right?
I've also added a slower datarate, thinking that will also create a more stable connection. I am in a busy urban environment with lots of RF noise. Is that smart?

Anticimex

@alowhum I thought you did not want signing: "but not the (simple) signing feature?"

alowhum

Yes, I don't want signing. But what you wrote said that it wil ENABLE signing. Check your sentence. Probably a typo, but I wanted to make sure :-)

Anticimex

@alowhum the simple security flag enables signing yes.

alowhum

@alowhum said in 💬 Building a Raspberry Pi Gateway:

--my-signing-weak_security

But does the "--my-signing-weak_security" enable signing?

I want to disable signing completely. What flags do I need to use when building a gateway that only uses encryption?

Anticimex

@alowhum just don't use any flags mentioning signing, personalize the gw according to the documentation and pick the appropriate encryption flag.

MasMat

@anticimex I've built a new node, DHT11 that sends temp&hum data. I reconfigured Rpi with this:

sudo ./configure --my-transport=nrf24 --my-rf24-irq-pin=15 --my-signing-debug --my-signing=password --my-signing-password=XXXXXX --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-user=YYYY --my-mqtt-password=ZZZZZ --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-leds-err-pin=12 --my-leds-rx-pin=16 --my-leds-tx-pin=18

This is what I get in gw syslog:

Apr  2 22:53:11 DietPi mysgw: Starting gateway...
Apr  2 22:53:11 DietPi mysgw: Protocol version - 2.2.0
Apr  2 22:53:11 DietPi mysgw: MCO:BGN:INIT GW,CP=RNNGLSQX,VER=2.2.0
Apr  2 22:53:11 DietPi mysgw: !SGN:BND:PWD<8
Apr  2 22:53:11 DietPi mysgw: !SGN:INI:BND FAIL
Apr  2 22:53:11 DietPi mysgw: TSF:LRT:OK
Apr  2 22:53:11 DietPi mysgw: TSM:INIT
Apr  2 22:53:11 DietPi mysgw: TSF:WUR:MS=0
Apr  2 22:53:11 DietPi mysgw: TSM:INIT:TSP OK
Apr  2 22:53:11 DietPi mysgw: TSM:INIT:GW MODE
Apr  2 22:53:11 DietPi mysgw: TSM:READY:ID=0,PAR=0,DIS=0
Apr  2 22:53:11 DietPi mysgw: MCO:REG:NOT NEEDED
Apr  2 22:53:11 DietPi mysgw: MCO:BGN:STP
Apr  2 22:53:11 DietPi mysgw: MCO:BGN:INIT OK,TSP=1
Apr  2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT RECONNECT
Apr  2 22:53:11 DietPi mysgw: connected to 127.0.0.1
Apr  2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT CONNECTED
Apr  2 22:53:11 DietPi mysgw: GWT:TPS:TOPIC=mysensors-out/0/255/0/0/18,MSG SENT
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:READ,99-99-255,s=255,c=3,t=7,pt=0,l=0,sg=0:
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:BC
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:FPAR REQ,ID=99
Apr  2 22:53:23 DietPi mysgw: TSF:PNG:SEND,TO=0
Apr  2 22:53:23 DietPi mysgw: TSF:CKU:OK
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:GWL OK
Apr  2 22:53:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=8
Apr  2 22:53:23 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0
Apr  2 22:53:25 DietPi mysgw: TSF:MSG:READ,99-99-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1
Apr  2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=24
Apr  2 22:53:25 DietPi mysgw: TSF:MSG:PINGED,ID=99,HP=1
Apr  2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=25
Apr  2 22:53:25 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1
Apr  2 22:54:18 DietPi mysgw: TSF:MSG:READ,99-99-0,s=1,c=3,t=16,pt=0,l=0,sg=0:
Apr  2 22:54:18 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16
Apr  2 22:54:18 DietPi mysgw: !SGN:NCE:GEN
Apr  2 22:54:23 DietPi mysgw: TSF:MSG:READ,99-99-0,s=0,c=3,t=16,pt=0,l=0,sg=0:
Apr  2 22:54:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16
Apr  2 22:54:23 DietPi mysgw: !SGN:NCE:GEN

This is kicking my butt... I cant understand that last part about the nonce :(
I will add the code from the node as soon as possible.

mfalkvidd

@masmat according to the log parser

mysgw: !SGN:BND:PWD<8

means the password is too short.

Anticimex

@masmat and this

!SGN:INI:BND FAIL

Means the signing backend failed to initialize. So you need to make the password longer.

MasMat

@mfalkvidd Made the password 10 characters. From looks of the logs, it's working now.
I cant believe I skipped the step of making the password longer... Just got too fixated on the password I came up with.

Anticimex

@masmat the nonce failures is because the backend never initialized so basically any call to the backend that can fail will fail.

alowhum

I just discovered these USB-to-NRF24 devices. Would it be possible to use that instead of connecting to the GPIO pins?

https://www.aliexpress.com/item/USB-wireless-serial-module-serial-to-nRF24L01-digital-communication-remote-control-acquisition-module-nRF2401/32722937957.html

mfalkvidd

@alowhum not with the existing code. Is there a datasheet that describes how these modules work?

One of the reviews says "have no idea wath software to use with this" so documentation might be hard to come by.

sineverba

Background: I use signing software on some nodes + whitelisting on a node (of course only PI serial is on the whitelist).

With current --development branch (I think 2.3.0alpha) I cannot anymore set my previous personalized flags on gateway RPI3.

In detail, with current master (2.2.0) I can do:

sudo mysgw --set-soft-hmac-key=F618D4[...]848992B
sudo mysgw --set-soft-serial-key=26[...]9
sudo mysgw --set-aes-key=EC7[...]CEB4

WIth development I did see only the --get[...] flags and cannot set anymore. Can you confirm?

How can I set my previous values for signing?

Anticimex

@sineverba I believe this change alters how rPi port handles signing related personalisation: https://github.com/mysensors/MySensors/commit/3c0b2727a56907277d4d04c985fd72b14e4a483c

And, as usual, the documentation is a good place to start ;) https://www.mysensors.org/apidocs-beta/group__MySigninggrpPub.html#MySigninggrphowuse

joaoabs

I'm currently compiling the code for connecting the NRF24l01+ directly to the Raspberry PI. Since I'm running the controller (on this case OpenHab) on the same Raspberry PI, would it be recommended the Ethernet or the serial flavor of it?
In the case of ethernet, can I place the own machine IP (127.0.0.1)? This way, if I need to change the IP address of the PI it wouldn't affect the communication between the controller and the MySensors code, right?
--my-gateway=ethernet --my-controller-url-address=127.0.0.1

And by the way, for the signing configuration, it is mentioned in the documentation "Update the gateway config file with the generated keys/valeus", what file is that (name, path)?

I should be able to re-use the keys I have defined before, right? So I just go to step 2 (no need to generate new keys).
I'm refering to this link.

Thanks,

gohan

--my-controller-url-address=127.0.0.1 is not needed for ethernet

joaoabs

I found that the configuration file is /etc/mysensors.conf but " The first time you start the gateway the configuration file will be created if it does not already exist.", so that's why I wasn't finding it.

Anyway, the file states that:
"Note: The gateway must have been built with signing support to use the options below."

What flags should I include to have signing support?

OK, found it: just run ./configure -h and there is a list of options. Leaving it here just for future reference