domoticz auto add device (mysensors) even if disable "Accept new Hardware Devices"
-
Signing will not solve your domoticz issue in any way. It is between node and gateway. Domoticz is a controller so it will only see what a gateway sends to it. The same goes for encryption. It is also only between node and gateway. Neither signing nor encryption is in use between controller and gateway.
And using encryption is just as easy or hard as using signing. Nodes and gateways have to be personalized no matter if you use signing, encryption or both. For version 2.
-
Encryption is easier to use with RFM69 as it is done in hardware. And for me the aspect of privacy is really important (and solved with encryption), which can't be solved with signing.
Encryption with NRF24L01 (MY_SIGNING_SOFT) is not implemented to be secure (->IV) and therefore for me useless.
-
@FotoFieber it is no difference. The key has to be stored somewhere and even if the engine is in hw the key storage is not. So you still need to personalize the device and that procedure is identical no matter what radio you use. But yes, the sw variant is useless. But all in all, encryption is useless in a mysensors context as message contents can be easily be determined. Authenticity is more important than obscurity. We do not transmit video or audio streams with mysensors.
-
so , what am i do ? means that signing dont help me for my problem ?!
in other forum (http://www.domoticz.com/forum/viewtopic.php?p=97403#p97403) told to me for gateway i must use a include button set !i have 2 problem and i dont know this problem is related to controller or gateway !
first problem :
you consider a vera controller or fibaro...
in this controllers , there is a inclusion mode . just when controller is inclusion mode , can add devices ! also after add a device , until that device dont remove form controller ( controller in exclusion mode) , device can not add to other controller !
In this way , device just work with their controller .
i want use domoticz and mysensors gateway and device for a Two story house(Separate) , but despite this issue , i can not ....second problem is related to lost my gateway after unplug and plug in again raspberry power supply !! if power house have problem (each reason for example use solar panel and battery in cloudy day) after incoming power controller dont work unless disconnect usb cable and connect again (handy)
sorry my friends for weak in english, i like society of mysensors convert to a great society . i am not a professional programmer . but i like very very internet of things .
in the end i hope solve this issue (easy and understandable for me ) and thank you very thank you my friends
@Anticimex @FotoFieber @sundberg84 @tbowmo @mfalkvidd @hek @TheoL
and other dear friends .
-
what is :
MY_INCLUSION_BUTTON_FEATURE
MY_INCLUSION_MODE_BUTTON_PIN
MY_INCLUSION_MODE_DURATION
MY_INCLUSION_BUTTON_EXTERNAL_PULLUP
???
can i use this for my serial gateway?????
where i found explain about this functions?
for example , if i want just when , i press and hold a button for inclusion , devices added . when release button so any device can not add to gateway .
what am i do for this ?
-
Are they not self explanatory?
The first enables the feature, the second decides what IO to use for the button, the third the duration of the mode and the last if you use a external pull up on the signal.
Inclusion mode for a gw is to have the gw accept reporting new nodes to a controller. It can be used for any type of gw.
-
@Anticimex
so can i use MY_INCLUSION_MODE_BUTTON_PIN for add my device? add a button to pin3 and just when press this devices add to my gatway.otherwise dont add any devices(auto add in domoticz)
-
@Reza please read replies carefully. You need to make sure you enable the feature. That is the first define. Most if not all defines have a default value. Just search the code.
Press the button (assuming it is connected properly) and the gateway will accept new nodes for the duration specified by the third define. I am no specialist on how this works so someone else can probably give better details on how node-gw-controller handle additions of new nodes. But my Vera won't add devices unless I put my GW in inclusion mode and boot up nodes so they send their presentation data to the gw. But if it is the gw or the controller that decides if the device should be added or not based onthe gw inclusion mode I don't know, but it would seem to me pretty obvious that it would be the gw that decides that.
In other words, inclusion mode is used to add new devices. And as far as I know it is the only way (once you enable that feature). I don't know if that is the solution to your problem as I don't fully understand what your problem really is, but it will not prevent any others from listening in on your sensors.
Enabling encryption will obfuscate the data you transmit from eavesdroppers, but any reasonably intelligent attacker will anyway be able to guess what data you transmit.
-
@Anticimex said:
please read replies carefully. You need to make sure you enable the feature. That is the first define. Most if not all defines have a default value. Just search the code.
Press the button (assuming it is connected properly) and the gateway will accept new nodes for the duration specified by the third define. I am no specialist on how this works so someone else can probably give better details on how node-gw-controller handle additions of new nodes. But my Vera won't add devices unless I put my GW in inclusion mode and boot up nodes so they send their presentation data to the gw. But if it is the gw or the controller that decides if the device should be added or not based onthe gw inclusion mode I don't know, but it would seem to me pretty obvious that it would be the gw that decides that.
In other words, inclusion mode is used to add new devices. And as far as I know it is the only way (once you enable that feature). I don't know if that is the solution to your problem as I don't fully understand what your problem really is, but it will not prevent any others from listening in on your sensors.
Enabling encryption will obfuscate the data you transmit from eavesdroppers, but any reasonably intelligent attacker will anyway be able to guess what data you transmit.thank you my friend . i test serial gateway with vera . exactly. in vera there is inclusion button and dont add auto device... but in domoticz is not...
so thank you for help. if you found any solution please help me.
-
@Reza This is the MySensors forum, not the Domoticz forum. If you have issues with Domoticz, I suggest you post your questions there. MySensors provide a set of features. It is up to the controllers to make use of them.
-
@Anticimex
in domoticz forum told me this issue is related to mysensors gateway and here told me this issue is related to domoticz
-
@Reza Well, you said it yourself. It works with Vera. So it is obviously not a MySensors issue.
-
@Anticimex
but in vera , there is a device(gateway) with inclusion button but in domoticz my gateway dont have a inclusion button , so this is related to domoticz?
-
@Reza Well, of course it is! MySensors cannot control what Domoticz UI shows.
-
@Anticimex said:
Well, of course it is! MySensors cannot control what Domoticz UI shows.
right so i must change my controller ? i want a open surce controller and a good controller
-
@Reza Or you get the Domoticz people to fix their shit.
-
@Anticimex said:
Or you get the Domoticz people to fix their shit.
but they told me this problem is related to mysensors gateway !
one more question. can i use static id between my device and gateway? and i disable feature inclusion mode ? so my gateway dont auto add other devices...
-
@Reza So convenient for them. But we at MySensors cannot change how domoticz works so I if they don't want to fix it, well, that is just too bad.
-
@Anticimex
yes , also i explain to them that this problem is related to domoticz because mysensors gateway is working well with vera controller and there is a inclusion button in vera dashboard , but in domoticz...
-
Another solution, could be to change the default rf channel, and have the two houses on different frequencies.
-
this is good . how do this ?
-
Look in myconfig.h, if I remember right.. There should be some hints
-
@Reza The community cannot focus all energy on supporting your case. Many if not all of your questions are answered in the howtos & forum - why don't you take advantage of the search function, enter "rf channel" and read some of the posts?
-
-
@tekka
this is a general issue . not just my problem ! if this issue resolved so can help to many people in future ! the reason of that i question this issue in this forum is after resolved , can help to many. so if you sad from this , ok i will silence in this forum.
thank you
-
@Reza
sad from this, is not needed
the thing is : this is not a big bug!! generally the big bug is elsewhere Here you have two issues.You are using radios which are on the same frequency. Not a bug. That makes sense that a fresh node for your network can talk with others. If you don't want them on same freq, just change the freq/band using the right define (i don't remember).
It also has been suggested encryption or signing. And that can help you too. Encryption can't help you for this. It just hides crypt the text if you want. It does not authenticate anything. Signing is authentication. But you would need this for all your nodes.
Finally, the inclusion mode. That's mostly the feature you need, because it could help you to block new nodes. I think this is a feature that the controller has to implement. I don't use inclusion mode in mysensors (not tried yet),
but in the controller I'm using (jeedom), it works well. There is one inclusion button (I don't advice you to use jeedom, it's french! and not 2.0 full compliant). As you can see this is possible to have a working inclusion button in controllerOn my side, I actually miss time to do tests or doc on this...but i'm pretty sure all is in main doc, or with the right keyword in the forum...i understand this is not an "out of the box" solution, but temporarily, and maybe with luck and spare time there might be a dedicated doc for inclusion even if it's quite simple..
-
@scalz said:
@Reza
Finally, the inclusion mode. That's mostly the feature you need, because it could help you to block new nodes. I think this is a feature that the controller has to implement. I don't use inclusion mode in mysensors (not tried yet),
but in the controller I'm using (jeedom), it works well. There is one inclusion button (I don't advice you to use jeedom, it's french! and not 2.0 full compliant). As you can see this is possible to have a working inclusion button in controllerYou have to use whitelisting to block nodes. 'Signing' in GateWay does not work as it accepts non signed nodes. Signing primarily is used for nodes receiving info.
-
@scalz
thank you my friend
-
@Nicklas-Starkel
are you sure about whitelisting? this problem resolved with whitelisting???
-
@Reza
From what I understand the GateWay will add all nodes even if you do not want them to. But not to the controller if you have "inclusion option" on the GateWay.
There is a possibility that if you use the "inclusion option" maybe it will pick up all sensors not already added (ie your neighbour) if they are sending while inclusion is looking for new sensors.
If you want to stop this you will have to use whitelisting on MAC adress. But this requires you to reprogram GateWay everytime you want to add new sensor (or maybe it is possibility to have same MAC for all?).
And of course you will have to program a MAC adress for all sensors/per sensor the first time as well.
I thought this problem would be solved with only using Signing, but because of backwards compability the creators did not enable this in the GateWay.
If you only would want signing, you could make all nodes connect via a repeater node.
Because between repeater nodes and regular nodes signing is enabled and no other nodes is accepted which aren't signed with correct signing
And if you use Whitelisting only between GateWay and repeater node, you are set.Note: I could be wrong
-
@Nicklas-Starkel repeater nodes will just forward signed messages. It will only verify messages addressed directly to it like all nodes. Signing is end to end.
-
@Anticimex yes. But since his neighbours nodes aren't signed (or with wrong signation), the repeater will not forward them to his gateway.
Or am I totally wrong?
-
@Nicklas-Starkel repeater forwards what is sent to it. But if your gw is set to require signatures and your node has presented itself as a node that require signatures, gw will not accept unsigned messages from that node. If the message passes through a repeater or not does not matter.
-
This post is deleted!
-
can i use a specific range "node_id" for my gateway? for example my gateway just add device that range of node id is between 5000 until 5500 ? and out of range dont detect and add ?!
-
The Gateways doesn't care at all by nodeId's. It only acts as a Gatteway, and retransmits the signal received on air, to the controller on the computer.
There is no pairing mode, or inclusion mode, implemented in the gateway.
The INCLUSION_FEATURE will send a command to the controller and instruct it to turn on inclusion mode (if implemented correct)
That is, all inclusion mode specifics are made on the controller side (Vera, Domoticz, OpenHab etc). All the gateway are doing is sending the data from nodes, to the controller, and from the controller, to the nodes.
The Gateway can not reserve a number of node ID's (and specially not id 5000, because mysensors only supports up to 255 nodes on the network, all with 255 child sensors attached). As the reservation is done on the controller level.
-
@tbowmo
so this issue is related to domoticz Fully ! ok very thank you and i am sorry for this topic
-
@tbowmo
one more question
if we want , the node after add to one controller , node lock ! and dont add to other controller. this is related to controller or our sketch ?
so my neighbor can not add my device
-
If your neighbor knows your network frequency / network address, he can potentially add your nodes to his network. That is why signing is there for sensitive nodes, like locks etc.
-
@tbowmo said:
If your neighbor knows your network frequency / network address, he can potentially add your nodes to his network. That is why signing is there for sensitive nodes, like locks etc.
1.so with signing this problem can resolved? i use a signing for my WSN and i told to my neighbor that use a signing for his WSN . Will solve it?
2.also suppose a thief come near my home door , and he has a domoticz with a mysensors gateway ! so if i use a mysensors relay (signing) for electric door lock , he can add my relay to his controller and open my home door ?please first told me about 1 , and about 2
-
@Reza Read the documentation please. https://www.mysensors.org/about/signing
-
@Anticimex
thank you and just one question i'm sorry.
how to change frequency for my gateway and my sensors and devices?
-
@Reza I don't know. Signing does not care about frequencies. But a good guess would be to check in MyConfig.h as has already been suggested in this thread. Or search the codebase for "frequency" perhaps.
We are not a living dictionary, you have to expect to do some searching yourself when you work with a project that is "DIY". The slogan for the entire site/community says it all: "IOT+DIY=MySensors".
-
@Anticimex
in domoticz forum told me to "You should separate these two networks by using different frequency" so i want test this for Separation my WSN with neighbor WSNthank you my friend for help
-
If I'm reading the domoticz codebase correctly there is two problems:
- It will add the node in MySensors node/child listing even if the "Accept new hardware device" flag is disabled. But it wont create domoticz core/ui/..-devices from those.
- I_INCLUSION_MODE message is not supported by domoticz.
@Reza can you update title of this topic also
For reference: https://www.domoticz.com/forum/viewtopic.php?f=6&t=13481&start=20#p97600
Please correct if I've provided misleading information.
-
@pjr
my friend you are presence in all of forum
i change also this title topic for you
about domoticz forum i dont understand you mean (The last line )
but generally , i have a network with Rpi (serial gateway) and my neighbor build also a network with Rpi (serial gateway) recently. but after the time , i noticed his devices added in my controller in devices panel ! so for check this issue i setup domoticz with windows (with a serial gateway) so i see devices added auto . . .
you told me device are just in "setup->hardware->mysensors setup" but this is not true . after some refresh web and some push button "learn light/switch" without push reset button on devices !! ( please note without push reset button on sensors) devices are added in "setup->devices" !!!now i use 2 frequency for gateway (my Rpi and windows) and this is work true and thank you for this i change my all device frequency and i think solved problem between i and my neighbor . this is easy more for me (beginner) . i can not change codes of domoticz . but now i am trying to learn signing (this is hard for me also )
but i think signing is not useful ! until that domoticz have this bug , the theif just need my frequency for add and control my device ! so i must dont use my sensors(relay) for door lock and security!!in the end very thank you for help "using different frequency"
-
@Reza if your lock node require signing, nobody but you can use it. That is the whole point with signing. It does not matter if anyone else tries to send data to it. If it is not properly signed the node will ignore it. I suggest you read the docs on signing carefully (yes read ALL of it). It gives all you need to get going with signing.
-
thank you very very much my dear @Anticimex for help me .
signing is a complicated issue for me but i am trying for learn this. . .
thank you again
-
@Reza said:
but i think signing is not useful ! until that domoticz have this bug , the theif just need my frequency for add and control my device ! so i must dont use my sensors(relay) for door lock and security!!
No the "domoticz bug" is not a problem since it dont affect your sensor network or the way theif can use your mysensors network.
Domoticz doesnt have anything to do with signing or encrypting. Its just listening and sending readable serial messages to your gateway.With signing you make thief not able to use(send messages to) your doorlock.
With encryption you make it almost impossible for the thief read RF messages your nodes/gw are transmitting.There is good reading for you:
https://www.mysensors.org/about/signing
https://forum.mysensors.org/topic/1021/security-introducing-signing-support-to-mysensors
-
@pjr
thank you, i am trying to learn signing for use