You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* add support for KNX IP Secure, new options SECURETUNNEL and SECUREROUTER
* add config options for keyring file and password, and credentials for
secure connections
* add passive (listening only) access for KNX data secure frames, #8872
* add tests for security functions
* add useCEMI option for newer serial devices like KNX RF sticks,
kBerry, etc., inspired by #10407
* update user documentation
* handle exceptions during initial read, fixes#7239
* reduce number of warnings
Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
| type | Yes | The IP connection type for connecting to the KNX bus (`TUNNEL`or `ROUTER`) | - |
32
+
| type | Yes | The IP connection type for connecting to the KNX bus (`TUNNEL`, `ROUTER`, `SECURETUNNEL`or `SECUREROUTER`) | - |
33
33
| ipAddress | for `TUNNEL`| Network address of the KNX/IP gateway. If type `ROUTER` is set, the IPv4 Multicast Address can be set. | for `TUNNEL`: \<nothing\>, for `ROUTER`: 224.0.23.12 |
34
34
| portNumber | for `TUNNEL`| Port number of the KNX/IP gateway | 3671 |
35
35
| localIp | No | Network address of the local host to be used to set up the connection to the KNX/IP gateway | the system-wide configured primary interface address |
@@ -52,6 +52,7 @@ The *serial* bridge accepts the following configuration parameters:
52
52
| responseTimeout | N | Timeout in seconds to wait for a response from the KNX bus | 10 |
53
53
| readRetriesLimit | N | Limits the read retries while initialization from the KNX bus | 3 |
54
54
| autoReconnectPeriod | N | Seconds between connect retries when KNX link has been lost, 0 means never retry | 0 |
55
+
| useCemi | N | Use newer CEMI message format, could be useful for newer devices like KNX RF sticks, kBerry, etc. | false |
55
56
56
57
## Things
57
58
@@ -199,6 +200,36 @@ Each configuration parameter has a `mainGA` where commands are written to and op
199
200
The `dpt` element is optional. If ommitted, the corresponding default value will be used (see the channel descriptions above).
200
201
201
202
203
+
## KNX Secure
204
+
205
+
> Note: Support for KNX Secure is partly implemented for openHAB and should be considered as experimental.
206
+
207
+
### KNX IP Secure
208
+
209
+
KNX IP Secure protects the traffic between openHAB and your KNX installation. It requires either a KNX Secure Router or a Secure IP Interface with security features enabled in ETS tool.
210
+
211
+
For *Secure routing* mode, the so called `backbone key` needs to be configured in openHAB. It is created by the ETS tool and cannot be changed via the ETS user interface. There are two possible ways to provide the key to openHAB:
212
+
213
+
- The backbone key can be extracted Security report (ETS, Reports, Security, look for a 32-digit key) and specified in parameter `backboneKey`.
214
+
- The backbone key is included in ETS keyring export (ETS, project settings, export keyring). Keyring file is configured using `keyringFile` (put it in `config\misc` folder of the openHAB installation) and also requires `keyringPasswort`.
215
+
216
+
For *Secure tunneling* with a Secure IP Interface (or a router in tunneling mode), more parameters are required. A unique device authentication key, and a specific tunnel identifier and password need to be available. It can be provided to openHAB in two different ways:
217
+
218
+
- All information can be looked up in ETS and provided separately: `tunnelDevAuth`, `tunnelPasswort`. `tunnelUser` is a number which is not directly visible in ETS, but can be looked up in keyring export or deduced (typically 2 for the first tunnel of a device, 3 for the second one, ...)
219
+
- All necessary information is included in ETS keyring export (ETS, project settings, export keyring). Keyring file is configured using `keyringFile` (put it in `config\misc` folder of the openHAB installation) and `keyringPasswort`. In addition, `tunnelSourceAddr` needs to be set to uniquely identify the tunnel in use.
220
+
221
+
222
+
### KNX Data Secure
223
+
224
+
Data secure protects the content of messages on the KNX bus. In a KNX installation, both classic and secure group addresses can coexist.
225
+
226
+
openHAB typically ignores messages with secure group addresses, unless data secure is configured.
227
+
228
+
> NOTE: openHAB currently does fully support passive (listening) access to secure group addresses. Write access to secured GAs is done via the "GO diagnostics" feature described in KNX AN170 and is currently limited. Expect a timeout if a data value is written too often. Initial/periodic read will fail, avoid automatic read (< in thing definition).
229
+
230
+
All necessary information to decode secure group addresses is included in ETS keyring export (ETS, project settings, export keyring). Keyring file is configured using `keyringFile` (put it in `config\misc` folder of the openHAB installation) and also requires `keyringPasswort`.
231
+
232
+
202
233
## Examples
203
234
204
235
The following two templates are sufficient for almost all purposes.
Copy file name to clipboardExpand all lines: bundles/org.openhab.binding.knx/src/main/java/org/openhab/binding/knx/internal/channel/ListenSpecImpl.java
Copy file name to clipboardExpand all lines: bundles/org.openhab.binding.knx/src/main/java/org/openhab/binding/knx/internal/channel/TypeRollershutter.java
Copy file name to clipboardExpand all lines: bundles/org.openhab.binding.knx/src/main/java/org/openhab/binding/knx/internal/client/AbstractKNXClient.java
Copy file name to clipboardExpand all lines: bundles/org.openhab.binding.knx/src/main/java/org/openhab/binding/knx/internal/client/CustomKNXNetworkLinkIP.java
0 commit comments