Configuration of Meross devices connected to a local MQTT (https://github.com/wsw70/meross-local-mqtt)

WoJWoJ · March 14, 2021, 7:27pm

Meross devices (power plus, strips, etc.) are great but they use the Meross MQTT cloud. The cloud is fine but it has its limitations and it is not under your control.

Some great people managed to configure Meross devices so that they connect to a local MQTT broker. Yay! These heroes are:

@bytespider for the tools to pair a Meross device with a local MQTT broker (https://github.com/bytespider/Meross)
@albertogeniola for his cloud Meross integration with Home Assistant (https://github.com/albertogeniola/meross-homeassistant) @albertogeniola

Once you have your device connected to the local MQTT you end up with some quite cryptic topics and associated messages. This is the reason I wrote https://github.com/wsw70/meross-local-mqtt

The intent is to use pyscript (thanks a lot to @craigbarratt for his wonderful work (https://github.com/custom-components/pyscript)) to configure and manage these devices. It is intended to work as a set&forget - the only thing you need is to add to your configuration.yaml a new device.

Please see the README for the details and let me know if you find it useful, what to improve etc. Thanks!

Makis · March 19, 2021, 9:44am

Hi
I have 8 meross switches for lights. (mss510h and mss520h). Will they work with local mqtt?
Suddenly today all my Meross devices become unavailble (with meross integration) and I don’t know how to fix this

WoJWoJ · March 19, 2021, 10:00am

I do not know but I would just try if I were you (I have only power switches (relays)). There is no reason it does not work, and if it does not @bytepider is absolutely great helping to understand why.

There are no risks: if you cannot connect then you just re-pair it with the Meross utility.

Makis · March 19, 2021, 3:13pm

Hi, I have difficulty to understand where and how I could configure the following. Can you elaborate please?
I already have mqtt installed and working for another integration but although I read the files I still not sure for all the steps I should follow in order to implement this.

Set up the Certificates
Make sure that your CA Root uses a different Common Name to your server and the common name for the server is the server IP address

##Create the Certificate Authority

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
##Create the certificate signing request. It's important when asked for the FQDN in these next step to use the IP or domain name of the machine your MQTT instance is on.

openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
##Create the final certificate

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360

Dizzyikea · March 19, 2021, 3:28pm

Very nice.

I have been using this version

The good thing with this is it also lets me see the power and energy from MSS310’s and so hopefully i can then make another sensor of either of those with a template like i do with my wemo insight, not got it working yet.

* platform: template
sensors:
Meross_Plug_Watts:
friendly_name: "Dehumidifier Power"
icon_template: mdi:air-filter
unit_of_measurement: "w"
value_template: '{% if states.switch.Meross_lanxxxxxxxx %}{{ states.switch.Meross_lanxxxxxxxx.attributes.current_power_w }}{% else %}Off{% endif %}'

WoJWoJ · March 19, 2021, 3:31pm

In order to have your MQTT broker manage encrypted traffic, it needs to have a set of certificates in place. This is very similar to a web server setup.

I use mosquitto and this is my config for the TLS section

listener 8883
socket_domain ipv4
tls_version tlsv1.1
allow_anonymous true
cafile /mosquitto/config/cert/ca/ca.crt
# Path to the PEM encoded server certificate.
certfile /mosquitto/config/cert/broker/broker.crt
# Path to the PEM encoded keyfile.
keyfile /mosquitto/config/cert/broker/broker.key
require_certificate false

You create these files according to the steps you described

WoJWoJ · March 19, 2021, 3:34pm

Ah, this is excellent. I will have a look.

What I wrote is quite artisanal but allowed me to understand the kind of messages the Meross devices send - but if there is something more integrated I will contribute there.

Thanks for pointing it out!

EDIT: this is an excellent implementation! Thanks!

Dizzyikea · March 19, 2021, 3:42pm

I found it very difficult (imposible) with the Hassio addon rather than an standalone MQTT broker. I did provide a work round over here

github.com/bytespider/Meross

Failing to authenticate in mqtt server

opened 10:58PM - 11 Oct 20 UTC

closed 08:07AM - 30 Mar 21 UTC

chegancasb

Hi, I'm trying to configure a MSS210 switch to connect to my mosquitto broker… using your tool. I've followed your tool and it correctly configures the swtich connect to my wifi network. I also send the data for the mqtt broker: The command a sent and its response is below (somewhat sensitive data ofuscated). $ ./meross setup --gateway 10.10.10.1 --wifi-ssid <SSID> --wifi-pass <SSID-PASSWORD> --mqtt mqtts://192.168.1.<OCT>:8883 Setting up device with IP 10.10.10.1 Setting MQTT servers [ { host: '192.168.1.<OCT>', port: '8883' } ] sending payload { header: { method: 'SET', namespace: 'Appliance.Config.Key', messageId: 'bea90e4e1bc5f3f921479de4f4ccae45', timestamp: 1602454838, sign: '2274d8d30f46d2d59f2612564065a0eb' }, payload: { key: { gateway: { host: '192.168.1.<OCT>', port: '8883' }, key: '', userId: '' } } } sending payload { header: { method: 'SET', namespace: 'Appliance.Config.Wifi', messageId: '1fe27ef18f573a87344984faa71a692d', timestamp: 1602454838, sign: 'f33a8fe0204aaefdcb3f5540bcd293ad' }, payload: { wifi: { ssid: '<SSID-BASE664>', password: '<SSID-PASSWORD-BASE664>' } } } Got response: { header: { messageId: '1fe27ef18f573a87344984faa71a692d', namespace: 'Appliance.Config.Wifi', method: 'SETACK', payloadVersion: 1, from: '/appliance/<UUID>/publish', timestamp: 230, timestampMs: 85, sign: 'c21cc4813383639bb321519b6c0fe54c' }, payload: {} } $ A few seconds later in the mosquitto logs the following entries appear: (...) 2020-10-11T23:29:47: New connection from 192.168.1.<OCT2> on port 8883. 2020-10-11T23:29:47: Sending __CONNACK__ to 192.168.1.<OCT2 __(0, 5)__ 2020-10-11T23:29:47: Socket error on client <unknown>, disconnecting. (...) The mosquitto has the following configuration for the tls listener: listener 8883 require_certificate false use_identity_as_username false cafile /etc/mosquitto/ca_certificates/RootCA.crt certfile /etc/mosquitto/certs/mqtt.vpnserver.crt keyfile /etc/mosquitto/certs/mqtt.vpnserver.key I've tried several different configuration options such as the `allow_annonymous` without success. I've also tried issuing different certificates to use as the server certificates. To the IP address to the host name, etc but nothing worked. From the log results __CONNACK (...) (0, 5)__ it indicates that the TCP connection was estabilished, that the TLS handshake was successful (and an encrypted TLS channel was estabilished) and also that a MQTT session was requested but failed due to "Connection refused, not authorized" (result code taken from https://www.hivemq.com/blog/mqtt-essentials-part-3-client-broker-connection-establishment/) This leads me to think that some authentication data is not being sent to/retrieved from the switch so that it's connection is accepted. Are you configuring anything related with the client authentication on the switch or on the mqtt broker? Could you please help me? Thanks. Regards, chegancasb

Makis · March 19, 2021, 4:04pm

Thank you all but I am not able to perform all the steps required to make it work. The worst is that my meross devices are not working anymore and I don’t know why.

Dizzyikea · March 19, 2021, 4:12pm

Well that did not take long, it was just the CAPS on the sensor name and attributes string

WoJWoJ · March 19, 2021, 4:19pm

You mean setting up TLS on the MQTT broker? Do you use your own?

WoJWoJ · March 19, 2021, 4:22pm

Is the “washer” element just a switch? Or do you get some feedback from the plug that tells you that it is actually in use?

I am asking because I am considering adding an electrovalve to my washing machine and my dishwasher to

close it when they are not in use
close it when I detect a leak (via Xiaomi Aquara Zigbee devices)

Makis · March 19, 2021, 4:22pm

I have the HA Mqtt addon, but I am not familiar with all the requirements needed to be done. I am reading the papers but most of them make no sense to me.

Dizzyikea · March 19, 2021, 4:26pm

It’s a Meross MSS310 on the plug socket so i do have feedback of sorts i.e. the power usage. Now that template is working you could throw that into a blueprint or nodered

WoJWoJ · March 19, 2021, 4:26pm

I have HA running in a docker, and the MQTT broker (mosquitto) running separately in another docker. This allows me for more control and reuse of the MQTT broker for other stuff (I use it as a bus for some other software I wrote).

Unfortunately I have no idea how hassio works (including its own MQTT broekr), I never used it.

WoJWoJ · March 19, 2021, 4:29pm

I will buy one to test this. Thanks for the follow-up.

I use a lot of automation through pyscript (and AppDaemn before). I could never get into nodered because it is too much GUI and click-based.

Dizzyikea · March 19, 2021, 4:29pm

Yeah i have a second MQTT broker running nativity on another pi and bridging to Hassio’s addon it was the only way i could do it. The link in my previous post explains how i did that.

WoJWoJ · March 19, 2021, 4:33pm

@Dizzyikea Out of curiosity - is there a particular reason why you run hassio as opposed to having a native HA installation on the pi? (or running it in a docker)

Dizzyikea · March 19, 2021, 4:39pm

It used to run on a old rpi b and that seemed to have the least overhead for such a slow device. I could then easily take a snapshot and do dev stuff on a VM on my main PC as Rpi B took about 20 minutes to reboot. It’s on a rpi 4b now so as much as that is not an issue now i just stuck to what i knew.

duceduc · March 19, 2021, 9:35pm

@ Dizzyikea

Where are you adding these text on your second pi’s broker?

allow_anonymous true
require_certificate false

port 1883

listener 8883

cafile /etc/mosquitto/certs/ca.crt
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.crt

customize:
  active: true
  folder: mosquitto

connection bridge-01
address <ip of 2nd broker>:1883 <-----This is the ip of HA??
topic # out 0
topic # in 0

I am assuming the first 2 in the conf.d folder?? The last is /etc/mosquitto/mosquitto.conf file?