💬 Building a Raspberry Pi Gateway
-
@gohan The whole configure-line:
sudo ./configure --my-transport=nrf24 --my-rf24-irq-pin=15 --my-signing=software --my-signing-request-signatures --my-signing-weak_security --my-signing-debug --my-signing=password --my-signing-password=ZZZZZZ --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-user=XXXX --my-mqtt-password=YYYYY --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-leds-err-pin=12 --my-leds-rx-pin=16 --my-leds-tx-pin=18If anyone can tell what's missing or if there's a typo?
@masmat you have redundant flags. The password option require no other signing flags. Only if you select software as signing backend you need other options (and none of the simple flags)
And remember that if you use software signing and not password signing, you need to personalize the GW and/or node.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@masmat you have redundant flags. The password option require no other signing flags. Only if you select software as signing backend you need other options (and none of the simple flags)
And remember that if you use software signing and not password signing, you need to personalize the GW and/or node.
@anticimex I thought so too, but I'm grasping at straws to get the signing to work.
To clarify, is the following enough for simple signing: --my-signing-debug --my-signing=password --my-signing-password=ZZZZZZAnd the arduino code #define MY_SIGNING_SIMPLE_PASSWD = "ZZZZZZ"
Any difference where it's placed in the code? Anything else to check for? -
@anticimex I thought so too, but I'm grasping at straws to get the signing to work.
To clarify, is the following enough for simple signing: --my-signing-debug --my-signing=password --my-signing-password=ZZZZZZAnd the arduino code #define MY_SIGNING_SIMPLE_PASSWD = "ZZZZZZ"
Any difference where it's placed in the code? Anything else to check for? -
While on the subject: what would be the flags needed for setting the gateway to only use the simple encryption but not the (simple) signing feature?
I looked in the documentation and the node commands aren't mirrored for the gateway. I was hoping for something like:
--MY_SIGNING_SIMPLE_PASSWD=flowerpot77
--MY_ENCRYPTION_SIMPLE_PASSWD=spiderman41 -
While on the subject: what would be the flags needed for setting the gateway to only use the simple encryption but not the (simple) signing feature?
I looked in the documentation and the node commands aren't mirrored for the gateway. I was hoping for something like:
--MY_SIGNING_SIMPLE_PASSWD=flowerpot77
--MY_ENCRYPTION_SIMPLE_PASSWD=spiderman41@alowhum that feature is still only available for beta and is documented here: https://www.mysensors.org/apidocs-beta/group__SecuritySettingGrpPub.html
EDIT: not yet for rPi
Pull requests are welcome. I don't have time for this at the moment.
-
Right. So is this correct?
NODES (arduino nano)
On all my nodes I will update them to have this code at the top:#define MY_ENCRYPTION_SIMPLE_PASSWD spiderman41 // unfortunately Nano hardware doesn't really have enough memory for signing.
#define MY_RF24_CHANNEL 100 // in EU the default channel 76 overlaps with wifi.
#define MY_RF24_DATARATE RF24_1MBPS // slower datarate makes the network more stable?GATEWAY (Raspberry Pi Zero W)
On my gateway I will use this configure code:--my-security-password=spiderman41
--my-rf24-encryption-enabled
--my-signing-weak_security
--my-rf24-channel=100
--extra-cxxflags="-DMY_RF24_DATARATE=(RF24_1MBPS)" -
Right. So is this correct?
NODES (arduino nano)
On all my nodes I will update them to have this code at the top:#define MY_ENCRYPTION_SIMPLE_PASSWD spiderman41 // unfortunately Nano hardware doesn't really have enough memory for signing.
#define MY_RF24_CHANNEL 100 // in EU the default channel 76 overlaps with wifi.
#define MY_RF24_DATARATE RF24_1MBPS // slower datarate makes the network more stable?GATEWAY (Raspberry Pi Zero W)
On my gateway I will use this configure code:--my-security-password=spiderman41
--my-rf24-encryption-enabled
--my-signing-weak_security
--my-rf24-channel=100
--extra-cxxflags="-DMY_RF24_DATARATE=(RF24_1MBPS)" -
@Anticimex thanks!
as that will enable both signing and encryption with signature requirements from all nodes on the gw
But I don't want signing? Or do you mean that it will remove that requirement?I only need to set that on the gateway, right?
I've also added a slower datarate, thinking that will also create a more stable connection. I am in a busy urban environment with lots of RF noise. Is that smart? -
@Anticimex thanks!
as that will enable both signing and encryption with signature requirements from all nodes on the gw
But I don't want signing? Or do you mean that it will remove that requirement?I only need to set that on the gateway, right?
I've also added a slower datarate, thinking that will also create a more stable connection. I am in a busy urban environment with lots of RF noise. Is that smart? -
Yes, I don't want signing. But what you wrote said that it wil ENABLE signing. Check your sentence. Probably a typo, but I wanted to make sure :-)
-
@alowhum said in 💬 Building a Raspberry Pi Gateway:
--my-signing-weak_security
But does the "--my-signing-weak_security" enable signing?
I want to disable signing completely. What flags do I need to use when building a gateway that only uses encryption?
-
@alowhum said in 💬 Building a Raspberry Pi Gateway:
--my-signing-weak_security
But does the "--my-signing-weak_security" enable signing?
I want to disable signing completely. What flags do I need to use when building a gateway that only uses encryption?
-
@masmat it needs to be defined prior to the inclusion of mysensors.h. That should be it. (on the arduino node that is).
@anticimex I've built a new node, DHT11 that sends temp&hum data. I reconfigured Rpi with this:
sudo ./configure --my-transport=nrf24 --my-rf24-irq-pin=15 --my-signing-debug --my-signing=password --my-signing-password=XXXXXX --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-user=YYYY --my-mqtt-password=ZZZZZ --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-leds-err-pin=12 --my-leds-rx-pin=16 --my-leds-tx-pin=18This is what I get in gw syslog:
Apr 2 22:53:11 DietPi mysgw: Starting gateway... Apr 2 22:53:11 DietPi mysgw: Protocol version - 2.2.0 Apr 2 22:53:11 DietPi mysgw: MCO:BGN:INIT GW,CP=RNNGLSQX,VER=2.2.0 Apr 2 22:53:11 DietPi mysgw: !SGN:BND:PWD<8 Apr 2 22:53:11 DietPi mysgw: !SGN:INI:BND FAIL Apr 2 22:53:11 DietPi mysgw: TSF:LRT:OK Apr 2 22:53:11 DietPi mysgw: TSM:INIT Apr 2 22:53:11 DietPi mysgw: TSF:WUR:MS=0 Apr 2 22:53:11 DietPi mysgw: TSM:INIT:TSP OK Apr 2 22:53:11 DietPi mysgw: TSM:INIT:GW MODE Apr 2 22:53:11 DietPi mysgw: TSM:READY:ID=0,PAR=0,DIS=0 Apr 2 22:53:11 DietPi mysgw: MCO:REG:NOT NEEDED Apr 2 22:53:11 DietPi mysgw: MCO:BGN:STP Apr 2 22:53:11 DietPi mysgw: MCO:BGN:INIT OK,TSP=1 Apr 2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT RECONNECT Apr 2 22:53:11 DietPi mysgw: connected to 127.0.0.1 Apr 2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT CONNECTED Apr 2 22:53:11 DietPi mysgw: GWT:TPS:TOPIC=mysensors-out/0/255/0/0/18,MSG SENT Apr 2 22:53:23 DietPi mysgw: TSF:MSG:READ,99-99-255,s=255,c=3,t=7,pt=0,l=0,sg=0: Apr 2 22:53:23 DietPi mysgw: TSF:MSG:BC Apr 2 22:53:23 DietPi mysgw: TSF:MSG:FPAR REQ,ID=99 Apr 2 22:53:23 DietPi mysgw: TSF:PNG:SEND,TO=0 Apr 2 22:53:23 DietPi mysgw: TSF:CKU:OK Apr 2 22:53:23 DietPi mysgw: TSF:MSG:GWL OK Apr 2 22:53:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=8 Apr 2 22:53:23 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0 Apr 2 22:53:25 DietPi mysgw: TSF:MSG:READ,99-99-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1 Apr 2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=24 Apr 2 22:53:25 DietPi mysgw: TSF:MSG:PINGED,ID=99,HP=1 Apr 2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=25 Apr 2 22:53:25 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1 Apr 2 22:54:18 DietPi mysgw: TSF:MSG:READ,99-99-0,s=1,c=3,t=16,pt=0,l=0,sg=0: Apr 2 22:54:18 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16 Apr 2 22:54:18 DietPi mysgw: !SGN:NCE:GEN Apr 2 22:54:23 DietPi mysgw: TSF:MSG:READ,99-99-0,s=0,c=3,t=16,pt=0,l=0,sg=0: Apr 2 22:54:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16 Apr 2 22:54:23 DietPi mysgw: !SGN:NCE:GENThis is kicking my butt... I cant understand that last part about the nonce :(
I will add the code from the node as soon as possible. -
@anticimex I've built a new node, DHT11 that sends temp&hum data. I reconfigured Rpi with this:
sudo ./configure --my-transport=nrf24 --my-rf24-irq-pin=15 --my-signing-debug --my-signing=password --my-signing-password=XXXXXX --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-user=YYYY --my-mqtt-password=ZZZZZ --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-leds-err-pin=12 --my-leds-rx-pin=16 --my-leds-tx-pin=18This is what I get in gw syslog:
Apr 2 22:53:11 DietPi mysgw: Starting gateway... Apr 2 22:53:11 DietPi mysgw: Protocol version - 2.2.0 Apr 2 22:53:11 DietPi mysgw: MCO:BGN:INIT GW,CP=RNNGLSQX,VER=2.2.0 Apr 2 22:53:11 DietPi mysgw: !SGN:BND:PWD<8 Apr 2 22:53:11 DietPi mysgw: !SGN:INI:BND FAIL Apr 2 22:53:11 DietPi mysgw: TSF:LRT:OK Apr 2 22:53:11 DietPi mysgw: TSM:INIT Apr 2 22:53:11 DietPi mysgw: TSF:WUR:MS=0 Apr 2 22:53:11 DietPi mysgw: TSM:INIT:TSP OK Apr 2 22:53:11 DietPi mysgw: TSM:INIT:GW MODE Apr 2 22:53:11 DietPi mysgw: TSM:READY:ID=0,PAR=0,DIS=0 Apr 2 22:53:11 DietPi mysgw: MCO:REG:NOT NEEDED Apr 2 22:53:11 DietPi mysgw: MCO:BGN:STP Apr 2 22:53:11 DietPi mysgw: MCO:BGN:INIT OK,TSP=1 Apr 2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT RECONNECT Apr 2 22:53:11 DietPi mysgw: connected to 127.0.0.1 Apr 2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT CONNECTED Apr 2 22:53:11 DietPi mysgw: GWT:TPS:TOPIC=mysensors-out/0/255/0/0/18,MSG SENT Apr 2 22:53:23 DietPi mysgw: TSF:MSG:READ,99-99-255,s=255,c=3,t=7,pt=0,l=0,sg=0: Apr 2 22:53:23 DietPi mysgw: TSF:MSG:BC Apr 2 22:53:23 DietPi mysgw: TSF:MSG:FPAR REQ,ID=99 Apr 2 22:53:23 DietPi mysgw: TSF:PNG:SEND,TO=0 Apr 2 22:53:23 DietPi mysgw: TSF:CKU:OK Apr 2 22:53:23 DietPi mysgw: TSF:MSG:GWL OK Apr 2 22:53:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=8 Apr 2 22:53:23 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0 Apr 2 22:53:25 DietPi mysgw: TSF:MSG:READ,99-99-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1 Apr 2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=24 Apr 2 22:53:25 DietPi mysgw: TSF:MSG:PINGED,ID=99,HP=1 Apr 2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=25 Apr 2 22:53:25 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1 Apr 2 22:54:18 DietPi mysgw: TSF:MSG:READ,99-99-0,s=1,c=3,t=16,pt=0,l=0,sg=0: Apr 2 22:54:18 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16 Apr 2 22:54:18 DietPi mysgw: !SGN:NCE:GEN Apr 2 22:54:23 DietPi mysgw: TSF:MSG:READ,99-99-0,s=0,c=3,t=16,pt=0,l=0,sg=0: Apr 2 22:54:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16 Apr 2 22:54:23 DietPi mysgw: !SGN:NCE:GENThis is kicking my butt... I cant understand that last part about the nonce :(
I will add the code from the node as soon as possible. -
@anticimex I've built a new node, DHT11 that sends temp&hum data. I reconfigured Rpi with this:
sudo ./configure --my-transport=nrf24 --my-rf24-irq-pin=15 --my-signing-debug --my-signing=password --my-signing-password=XXXXXX --my-gateway=mqtt --my-controller-ip-address=127.0.0.1 --my-mqtt-user=YYYY --my-mqtt-password=ZZZZZ --my-mqtt-publish-topic-prefix=mysensors-out --my-mqtt-subscribe-topic-prefix=mysensors-in --my-mqtt-client-id=mygateway1 --my-leds-err-pin=12 --my-leds-rx-pin=16 --my-leds-tx-pin=18This is what I get in gw syslog:
Apr 2 22:53:11 DietPi mysgw: Starting gateway... Apr 2 22:53:11 DietPi mysgw: Protocol version - 2.2.0 Apr 2 22:53:11 DietPi mysgw: MCO:BGN:INIT GW,CP=RNNGLSQX,VER=2.2.0 Apr 2 22:53:11 DietPi mysgw: !SGN:BND:PWD<8 Apr 2 22:53:11 DietPi mysgw: !SGN:INI:BND FAIL Apr 2 22:53:11 DietPi mysgw: TSF:LRT:OK Apr 2 22:53:11 DietPi mysgw: TSM:INIT Apr 2 22:53:11 DietPi mysgw: TSF:WUR:MS=0 Apr 2 22:53:11 DietPi mysgw: TSM:INIT:TSP OK Apr 2 22:53:11 DietPi mysgw: TSM:INIT:GW MODE Apr 2 22:53:11 DietPi mysgw: TSM:READY:ID=0,PAR=0,DIS=0 Apr 2 22:53:11 DietPi mysgw: MCO:REG:NOT NEEDED Apr 2 22:53:11 DietPi mysgw: MCO:BGN:STP Apr 2 22:53:11 DietPi mysgw: MCO:BGN:INIT OK,TSP=1 Apr 2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT RECONNECT Apr 2 22:53:11 DietPi mysgw: connected to 127.0.0.1 Apr 2 22:53:11 DietPi mysgw: GWT:RMQ:MQTT CONNECTED Apr 2 22:53:11 DietPi mysgw: GWT:TPS:TOPIC=mysensors-out/0/255/0/0/18,MSG SENT Apr 2 22:53:23 DietPi mysgw: TSF:MSG:READ,99-99-255,s=255,c=3,t=7,pt=0,l=0,sg=0: Apr 2 22:53:23 DietPi mysgw: TSF:MSG:BC Apr 2 22:53:23 DietPi mysgw: TSF:MSG:FPAR REQ,ID=99 Apr 2 22:53:23 DietPi mysgw: TSF:PNG:SEND,TO=0 Apr 2 22:53:23 DietPi mysgw: TSF:CKU:OK Apr 2 22:53:23 DietPi mysgw: TSF:MSG:GWL OK Apr 2 22:53:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=8 Apr 2 22:53:23 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=8,pt=1,l=1,sg=0,ft=0,st=OK:0 Apr 2 22:53:25 DietPi mysgw: TSF:MSG:READ,99-99-0,s=255,c=3,t=24,pt=1,l=1,sg=0:1 Apr 2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=24 Apr 2 22:53:25 DietPi mysgw: TSF:MSG:PINGED,ID=99,HP=1 Apr 2 22:53:25 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=25 Apr 2 22:53:25 DietPi mysgw: TSF:MSG:SEND,0-0-99-99,s=255,c=3,t=25,pt=1,l=1,sg=0,ft=0,st=OK:1 Apr 2 22:54:18 DietPi mysgw: TSF:MSG:READ,99-99-0,s=1,c=3,t=16,pt=0,l=0,sg=0: Apr 2 22:54:18 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16 Apr 2 22:54:18 DietPi mysgw: !SGN:NCE:GEN Apr 2 22:54:23 DietPi mysgw: TSF:MSG:READ,99-99-0,s=0,c=3,t=16,pt=0,l=0,sg=0: Apr 2 22:54:23 DietPi mysgw: SGN:SKP:MSG CMD=3,TYPE=16 Apr 2 22:54:23 DietPi mysgw: !SGN:NCE:GENThis is kicking my butt... I cant understand that last part about the nonce :(
I will add the code from the node as soon as possible. -
-
@mfalkvidd Made the password 10 characters. From looks of the logs, it's working now.
I cant believe I skipped the step of making the password longer... Just got too fixated on the password I came up with. -
I just discovered these USB-to-NRF24 devices. Would it be possible to use that instead of connecting to the GPIO pins?
