ioBroker + homegear + debmatic für MAX!, HomeMatic(-IP) und ZWave wie konfigurieren?

Hallo zusammen,

ich nutze aktuell ioBroker mit homegear nur für mein MAX! Heizungssystem.
Funktioniert soweit gut.

Nun möchte ich es um HomeMatic(-IP) und ZWave erweitern.
Dazu brauche ich auf jeden Fall debmatic, da Homegear ja mit HomeMatic-IP momentan nicht direkt umgehen kann.
Ansonsten wäre es ganz klar/einfach, Geräte einfach direkt an Homegear anlernen…

Nun frage ich mich, wie ich das am besten konfigurieren soll.
Möglichkeiten:

1. debmatic kommt mit dem homegear-ccu Modul an Homegear und für ioBroker ändert sich nichts, dort kommen die neuen Geräte einfach über die bestehende hm-rpc Instanz dazu.
2. debmatic kommt mit einer weiteren hm-rpc Instanz direkt an ioBroker und läuft unabhängig von homegear

Ich weiß nicht, was vernünftiger ist.
Bei 2. würde ich mir einen Schritt sparen, da ist es ja ioBroker->debmatic direkt.
Bei 1. ist es ioBroker->homegear->debmatic.

Ich weiß aber nicht, ob das wirklich was ausmacht.
Performance? Geschwindigkeit? Fehleranfälligkeit?

Was ich mich zu Möglichkeit 1 frage:
Kann Homegear 2 CCUs (debmatic Instanzen) gleichzeitig anbinden?
Frage daher, weil ich in Zukunft im anderen Gebäude vermutlich auch HomeMatic einsetzen möchte.
Das natürlich über einen weiteren RaspberryPi, da ich mit der Funkreichweite sonst nie rüberkomme.
Das heißt, dort würde eine weitere debmatic laufen müssen.
Wenn ich diese dann nicht in Homegear angebunden bekommen würde, wäre das ein großer Nachteil für Möglichkeit 1.

ZWave hätte ich jetzt über den ioBroker ZWave Adapter gemacht.
Dieser basiert auf OpenZWave, was mir nach einer guten Lösung aussieht.
Habe aber gesehen, Homegear kann wohl auch ZWave.
Nutzt Homegear auch OpenZWave?

Über ein bisschen Beratung/Meinungen würde ich mich freuen!
Danke.

Beste Grüße
Alexander

No, we use our own implementation.

Open ZWave does not implement S2 security yet and it even has some issues with the S0 security (does not implement sequenced frames).

Hi Adrian,

cool.
Sounds like Homegear has the better implementation then.

I want to use the Fibaro Smoke Sensor V2 (FGSD-002) as my first ZWave device.
But I can’t find any information whether it supports S2 or only S0 in the manual.
Does “ZWave Plus” mean it supports the more secure S2 mode?

Is the Fibaro Smoke Sensor supported?
Does Homegear also support grouping?
I think the smoke sensor can be combined into a group where one alters the other or something like that.

Thanks
Alexander

Plus usually means it supports S0. Might support S2 since 500-series chips can support S2, but usually if it’s not specified explicitly, devices do not support it (although I did have a pleasant surprise with a thermostat about that).

Homegear supports a lot of zwave devices in a generic way, that is, it queries them about the supported command classes and exposes those. If a device xml file exists, it can provide additional items that can ease up dealing with the device. For example, instead of setting each time param name and param value, you just have to set the specific device parameter exposed with the help of that xml file.
I think the Fibaro smoke sensor does have an xml file already provided with homegear. Might be for some other version, though. If config items do not show, I think I could provide such an xml file, I would just need some info about what it shows in ‘config print’.

As for grouping, scenes and associations, associations do work from homegear. Grouping and scenes (the zwave ones) should work, too, as those command classes are exposed, too.

Be careful when altering grouping, as homegear adds itself to group 1 (usually called ‘lifeline’ or something) in order to receive some notifications, when the device is paired to the network.

When you do such associations, sometimes you lose some notifications in homegear. For example you can associate a switch with a lightbulb but although having the command sent directly from the switch to the lightbulb can be nice (and useful when the controller cannot be reached - it still works), you might want to have homegear receive the on/off command from the switch and have it send the command to the lightbulb. This way there is more control. Anyway, that’s ultimately up to you and you can do some experimenting and decide what’s the best for your case.

Hi Adrian,

thank you very much.
Sounds good.

Do you maybe know if the ioBroker hm-rpc Adapter can handle this?
When I connect a ZWave device through homegear…
That is the only thing where I am a little unsure whether this will work without problems.

Are the ZWave devices exposed to ioBroker through bin-rpc just like Homematic ones?
With channels and values and so on?
Or is this different?

Thanks & best regards
Alex

There are some details specific to the zwave module, but homegear deals with the peers from different modules in a similar way, so you should expect from the zwave peers similar behavior as from the peers from the other modules.

@Adrian
I received my smoke sensors in the meanwhile and want to install them this weekend.
I will try to add them with S2 security and see if that works, if not S0 will be fine as well.

Can you explain the 3 different types of S2 security?

‘Access Control mode’ corresponds to 3, ‘Authenticated mode’ corresponds to 2, ‘Unauthenticated mode’ corresponds to 1

Which one should I use?
Do I need to try S2-3, then S2-2, then S2-1 and last S0 if I don’t know what the device supports because it could be that the device supports S2 but only in mode 1 or something like that?

And what is this for?

If you want to grant only a single security level, use sec2pairing3e on .

That stuff with all the different security settings is confusing.

Thanks & best regards
Alex

Hi,

I will start in reverse, since it seems easier to explain.

The difference between pairing with ‘e’ and without it is that the one with ‘e’ (from ‘exclusive’) grants only the specified security level. Without that, a certain security level has access to all security levels below it (so a device with level 2 security can ‘talk’, if it wants, with all levels below it - if it requested them at pairing, not all of them request all security levels below its own).

It depends on the device and how strong you need the security be. S2-3 is the strongest.
Here is a quote from a whitepaper:

Source: https://cdn.shopify.com/s/files/1/0066/8149/3559/files/z-wave-security-white-paper.pdf
‘S2 Access control’ is S2-3. ‘S2 Authenticated’ is S2-2, ‘S2 Unauthenticated’ is S2-1 and the S0 ‘compatibility mode’ is S2-0.

The first two security levels also require specifying the first bytes of the DSK (typically found on the back of the device) for ‘authenticating’ the device when pairing.

Here is also a slide on the security: https://www.silabs.com/documents/login/presentations/PMP13827-2.pdf

One thing I forgot to add is that a device can support S2 but not necessarily all security levels. There are plenty that support only the S2 Unauthenticated. When the device is paired, a negotiation takes place that gives the device the max level that’s equal or less with the one specified in the paired command (unless you try to grant only a specific level).

OK, thank you.
That made everything clearer now for me.

I added one Smoke Sensor now.

But I could not find a DSK key on the device. Can this be the case?
So I used s2pon1 as this does not require the DSK.

Seems to work.
It does show a peer now on ls command.
31 │ SED5738A200002 │ SED5738A200002 │ 0013 │ 76292921...

‘config print’ on the device gives the following output.
Does this look fine?

MASTER
{
        Channel: 12
        {
                [MULTI_CHANNEL_ASSOCIATION_REMOVE.VG]: 00 
                [MULTI_CHANNEL_ASSOCIATION_REMOVE.NODE_ID]: 00 
                [MULTI_CHANNEL_ASSOCIATION_REMOVE.GROUPING_IDENTIFIER]: 01 
                [MULTI_CHANNEL_ASSOCIATION.GROUPING_IDENTIFIER]: 01 
                [MULTI_CHANNEL_ASSOCIATION.NODE_ID]: 00 
                [MULTI_CHANNEL_ASSOCIATION.REPORTS_TO_FOLLOW]: 00 
                [MULTI_CHANNEL_ASSOCIATION.MAX_NODES_SUPPORTED]: 00 
                [MULTI_CHANNEL_ASSOCIATION.VG]: 00 
                [MULTI_CHANNEL_ASSOCIATION_GROUPINGS.SUPPORTED_GROUPINGS]: 00 
        }
        Channel: 10
        {
                [CONFIGURATION.PARAMETER_NUMBER]: 01 
                [CONFIGURATION.LEVEL__SIZE]: 00 
                [CONFIGURATION.LEVEL__DEFAULT]: 00 
                [CONFIGURATION.CONFIGURATION_VALUE]: 00 
                [CONFIGURATION.LEVEL]: 00 
        }
        Channel: 7
        {
                [WAKE_UP_INTERVAL_CAPABILITIES.MINIMUM_WAKE_UP_INTERVAL_SECONDS]: 00 
                [WAKE_UP_INTERVAL_CAPABILITIES.MAXIMUM_WAKE_UP_INTERVAL_SECONDS]: 00 
                [WAKE_UP_INTERVAL_CAPABILITIES.WAKE_UP_INTERVAL_STEP_SECONDS]: 00 
                [WAKE_UP_INTERVAL.NODE_ID]: 01 
                [WAKE_UP_INTERVAL_CAPABILITIES.DEFAULT_WAKE_UP_INTERVAL_SECONDS]: 00 
                [WAKE_UP_INTERVAL.SECONDS]: 00 
        }
        Channel: 6
        {
                [POWERLEVEL_TEST_NODE.TEST_NODEID]: 00 
                [POWERLEVEL_TEST_NODE.TEST_FRAME_COUNT]: 00 
                [POWERLEVEL_TEST_NODE.STATUS_OF_OPERATION]: 00 
                [POWERLEVEL_TEST_NODE.POWER_LEVEL]: 00 
                [POWERLEVEL.POWER_LEVEL]: 00 
                [POWERLEVEL.TIMEOUT]: 00 
        }
        Channel: 5
        {
                [ASSOCIATION_SPECIFIC_GROUP.GROUP]: 00 
                [ASSOCIATION.GROUPING_IDENTIFIER]: 01 
                [ASSOCIATION_REMOVE.NODE_ID]: 00 
                [ASSOCIATION.MAX_NODES_SUPPORTED]: 00 
                [ASSOCIATION.NODE_ID]: 00 
                [ASSOCIATION.REPORTS_TO_FOLLOW]: 00 
                [ASSOCIATION_GROUPINGS.SUPPORTED_GROUPINGS]: 00 
                [ASSOCIATION_REMOVE.GROUPING_IDENTIFIER]: 01 
        }
        Channel: 4
        {
                [ASSOCIATION_GROUP_INFO.GROUPING_IDENTIFIER]: 01 
                [ASSOCIATION_GROUP_COMMAND_LIST.GROUPING_IDENTIFIER]: 01 
                [ASSOCIATION_GROUP_COMMAND_LIST.PROPERTIES1]: 00 
                [ASSOCIATION_GROUP_INFO.PROPERTIES1GET__LIST_MODE]: 00 
                [ASSOCIATION_GROUP_COMMAND_LIST.PROPERTIES1__ALLOW_CACHE]: 00 
                [ASSOCIATION_GROUP_COMMAND_LIST.LIST_LENGTH]: 08 
                [ASSOCIATION_GROUP_INFO.PROPERTIES1REPORT__DYNAMIC_INFO]: 00 
                [ASSOCIATION_GROUP_INFO.PROPERTIES1GET]: 00 
                [ASSOCIATION_GROUP_INFO.PROPERTIES1GET__REFRESH_CACHE]: 00 
                [ASSOCIATION_GROUP_INFO.VG1]: 01 00 00 01 00 00 00 
                [ASSOCIATION_GROUP_INFO.PROPERTIES1REPORT]: 01 
                [ASSOCIATION_GROUP_INFO.PROPERTIES1REPORT__GROUP_COUNT]: 01 
                [ASSOCIATION_GROUP_NAME.NAME]: Lifeline
                [ASSOCIATION_GROUP_INFO.PROPERTIES1REPORT__LIST_MODE]: 00 
                [ASSOCIATION_GROUP_NAME.GROUPING_IDENTIFIER]: 01 
                [ASSOCIATION_GROUP_COMMAND_LIST.COMMAND]: 5a 01 71 05 80 03 31 05 
                [ASSOCIATION_GROUP_NAME.LENGTH_OF_NAME]: 09 
        }
        Channel: 1
        {
                [ZWAVEPLUS_INFO.Z-WAVE+_VERSION]: 01 
                [ZWAVEPLUS_INFO.USER_ICON_TYPE]: 0c 01 
                [ZWAVEPLUS_INFO.ROLE_TYPE]: 06 
                [ZWAVEPLUS_INFO.INSTALLER_ICON_TYPE]: 0c 01 
                [ZWAVEPLUS_INFO.NODE_TYPE]: 00 
        }
        Channel: 0
        {
                [SPECIFIC_DEVICE_TYPE]: 01 
                [SPECIFIC_DEVICE_NAME]: SPECIFIC_TYPE_NOTIFICATION_SENSOR
                [SERVICE_HOSTNAME]: SED5738A200002
                [SECURE2]: 00 
                [SPECIFIC_DEVICE_DESC]: Notification Sensor
                [SERVICE_NAME]: SED5738A200002
                [SECURE]: 00 
                [PROTOCOL_VERSION]: 04 
                [PROTOCOL_SUBVERSION]: 18 
                [SUPPORTSECURITY2]: 00 
                [PRODUCT_ID]: 10 03 
                [NODE_PORT]: 00 
                [NODE_ID]: 02 
                [CHANNELS]: 00 
                [HARDWARE_VERSION]: 02 
                [BASIC_DEVICE_NAME]: BASIC_TYPE_ROUTING_SLAVE
                [BASIC_DEVICE_TYPE]: 04 
                [PRODUCT_TYPE]: 0c 02 
                [BASIC_DEVICE_DESC]: Routing Slave
                [APPLICATION_SUBVERSION]: 03 
                [APPLICATION_VERSION]: 03 
                [GENERIC_DEVICE_TYPE]: 07 
                [ENDPOINT_ID]: 00 
                [PEER_ID]: 1f 
                [GENERIC_DEVICE_DESC]: Sensor Notification
                [SECURE2LEVEL]: 00 
                [GENERIC_DEVICE_NAME]: GENERIC_TYPE_SENSOR_NOTIFICATION
                [MANUFACTURER_ID]: 01 0f 
                [LIBRARY_TYPE]: 03 
                [IP_ADDRESS]: 02 
                [LISTENING]: 00 
                [MULTI_CHANNEL]: 00 
        }
}

VALUES
{
        Channel: 14
        {
                [SENSOR_ALARM_SUPPORTED.BIT_MASK]: 00 
                [SENSOR_ALARM_SUPPORTED.NUMBER_OF_BIT_MASKS]: 00 
                [SENSOR_ALARM.SOURCE_NODE_ID]: 01 
                [SENSOR_ALARM.SENSOR_TYPE]: 00 
                [SENSOR_ALARM.SECONDS]: 00 
                [SENSOR_ALARM.SENSOR_STATE]: 00 
        }
        Channel: 13
        {
                [APPLICATION_BUSY.STATUS]: 00 
                [APPLICATION_REJECTED_REQUEST.STATUS]: 00 
                [APPLICATION_BUSY.WAIT_TIME]: 00 
        }
        Channel: 11
        {
                [SENSOR_MULTILEVEL_SUPPORTED_SCALE_GET.SENSOR_TYPE]: 01 
                [SENSOR_MULTILEVEL_SUPPORTED_SCALE.SENSOR_TYPE]: 01 
                [SENSOR_MULTILEVEL_SUPPORTED_SENSOR.BIT_MASK]: 01 ca 00 
                [SENSOR_MULTILEVEL_SUPPORTED_SCALE.PROPERTIES1__SCALE_BIT_MASK]: 00 
                [SENSOR_MULTILEVEL.SENSOR_VALUE]: 00 ed 
                [SENSOR_MULTILEVEL.SENSOR_TYPE]: 01 
                [SENSOR_MULTILEVEL.LEVEL__PRECISION]: 01 
                [SENSOR_MULTILEVEL.LEVEL]: 22 
                [SENSOR_MULTILEVEL.PROPERTIES1]: 00 
                [SENSOR_MULTILEVEL_SUPPORTED_SCALE.PROPERTIES1]: 00 
                [SENSOR_MULTILEVEL.LEVEL__SCALE]: 00 
                [SENSOR_MULTILEVEL.PROPERTIES1__SCALE]: 00 
                [SENSOR_MULTILEVEL.LEVEL__SIZE]: 02 
        }
        Channel: 9
        {
                [NOTIFICATION_SUPPORTED.PROPERTIES1__NUMBER_OF_BIT_MASKS]: 00 
                [NOTIFICATION_SUPPORTED.PROPERTIES1]: 00 
                [NOTIFICATION.EVENT_PARAMETER]: 00 
                [EVENT_SUPPORTED.PROPERTIES1]: 00 
                [EVENT_SUPPORTED.BIT_MASK]: 00 
                [NOTIFICATION.NOTIFICATION_STATUS]: 00 
                [NOTIFICATION.EVENT]: 00 
                [NOTIFICATION.V1_ALARM_TYPE]: 00 
                [EVENT_SUPPORTED.PROPERTIES1__NUMBER_OF_BIT_MASKS]: 00 
                [EVENT_SUPPORTED.NOTIFICATION_TYPE]: ff 
                [NOTIFICATION.V1_ALARM_LEVEL]: 00 
                [NOTIFICATION.NOTIFICATION_TYPE]: ff 
                [NOTIFICATION.PROPERTIES1]: 00 
                [NOTIFICATION_SUPPORTED.PROPERTIES1__V1_ALARM]: 00 
                [NOTIFICATION.PROPERTIES1__SEQUENCE]: 00 
                [NOTIFICATION.RESERVED]: 00 
                [NOTIFICATION.SEQUENCE_NUMBER]: 00 
                [NOTIFICATION.PROPERTIES1__EVENT_PARAMETERS_LENGTH]: 00 
                [NOTIFICATION_SUPPORTED.BIT_MASK]: 00 
        }
        Channel: 8
        {
                [BATTERY.BATTERY_LEVEL]: 64 
        }
        Channel: 7
        {
                [WAKE_UP_NO_MORE_INFORMATION.ACTION]: 00 
                [WAKE_UP_NOTIFICATION.ACTION]: 00 
        }
        Channel: 3
        {
                [DEVICE_RESET_LOCALLY_NOTIFICATION.ACTION]: 00 
        }
        Channel: 2
        {
                [BASIC.VALUE]: ff 
        }
        Channel: 0
        {
                [UNREACH]: 00 
                [LOWBAT]: 00 
                [STICKY_UNREACH]: 00 
                [CONFIG_PENDING]: 00 
                [LAST_PACKET_RECEIVED]: 5e d3 d8 95 
        }
}

Thanks & best regards
Alex

Hi,

It looks like it was added non securely:

[SECURE2]: 00 
[SECURE]: 00 

You may try removing it and attempt to add it again with S0 (spon). That device should support S0 at least.

Hi,

thanks.
I will try this now.

But I have the following in my logs:
06/01/20 16:14:08.553 Module ZWave: Z-Wave serial module "Serial1": Function not handled: 01090141539C010407017A; Direction: Response; Function: ZW_GET_NODE_PROTOCOL_INFO

This appeared after trying to add it with s2pon1.

Thanks & best regards
Alex

You might have an old version of a ‘stick’.

Is it by any chance some raspberry hat? There is an old version that appears to work but security does not work with it. If I recall correctly, that one also lost the network after a while.

Thanks for quick support

No, i have the ZMEEUZB1 USB stick.
This one: https://z-wave.me/products/uzb/

spon (S0 pairing) also results in

[SECURE2]: 00
[SECURE]: 00

And the same error is stated in homegear.err

Hi,

I just looked over the code, it seems that the message is harmless. The function is handled, but in some other place (and in another way) than the function that’s emitting the message. Probably I should filter it out.

As for the secure pairing, I don’t think I can tell a lot more without seeing a log of what’s happening.

Do you have the password properly set in the config file?

There should be a line like this:

but of course with your own password.

For S2 three different passwords should be additionally set in the config file, passwordS21, passwordS22 and passwordS23.

Could you please provide a link to some documentation of the device, or at least the device model? I want to see if I can figure out what kind of security it supports. S0 should be supported from what I see…

LE: I think I found it already. I’m not sure it’s exactly the same device, though.

Hi,

this is what I have in terms of documentation:
https://manuals.fibaro.com/smoke-sensor/
The site itself contains information and you can also download a PDF with additional information there.

The following can be found under the item “Features”

* Compatible with any Z-Wave or Z-Wave+ Controller
* Supports protected mode (Z-Wave network security mode) with AES-128 encryption

So I think this means S0 right?

This is my config:

[General]

#######################################
############ Serial  ############
#######################################

[Serial]

id = Serial1
deviceType = serial

# 16 bytes hex 'password'. Please change it to a random one.
password = ...

passwordS21 = ...
passwordS22 = ...
passwordS23 = ...

# The usb serial device, whatever that is on the system
device = /dev/serial/by-id/usb-0658_0200-if00
#device = /dev/ttyACM0

################################################
############ Gateway ###########################
################################################

#[Gateway]

#id = gateway
#deviceType = homegeargateway

# 16 bytes hex 'password'. Please change it to a random one.
#password = 16CFA1797F981EC8651DDD45F8BF0FC6

#host = gateway
#port = 2017

#cafile = /etc/homegear/ca/cacert.pem
#certfile = /etc/homegear/ca/certs/gateway.crt
#keyfile = /etc/homegear/ca/private/gateway.key

The 3 passwords are all 32 chars of 0-9 and A-F.
So should be fine, not?

Thanks & best regards
Alex

Yes, that means it supports (at least) S0.
Probably only S0, usually they tell if it’s S2 (although I found a device that did not specify).

It might be the case that something didn’t go well during security negotiation phase. Please try to remove it and pair it again with spon.

I already did that (a couple of times).
I also tried to reset the device to factory defaults before pairing again.

It appears that without seeing the log file for the pairing process I cannot tell more about what’s happening
Please turn security level up to 7 and send me the log file.

Or at least verity that those messages appear in the log when pairing:

At some moment this set of messages might stop and have some other message instead for security.

If any of those appear in the log, something went wrong. Please let me know if you see any of them.

Thanks.
Took me some time to find it as the log gets very very long in debug mode 7 .

I found this:

06/01/20 17:46:08.222 Module ZWave: Security0: Security Key Set: Got reply, checking...
06/01/20 17:46:08.222 Module ZWave: Security0: Security Key Set: It's a security encapsulation, trying to authenticate and decrypt
06/01/20 17:46:08.222 Module ZWave: Security0: Security Key Set: Key Verify Encrypted packet with invalid nonce