KNX IP Interface can't be found in HA, but in XKNX

Configuration
1

Hi all, new member here, trying to configure my KNX IP Bridge.

My Config:

  • raspi 4
  • HA installed via Docker
  • network: 192.168.178.x (internet gateway and KNX IP Interface) ↔ 192.168.0.x (NAT enabled Wlan router, Raspi, My PC)
  • MDT IP bridge (exact model tbd if required)

The IP bridge unfortunately is in a different subnet because of the its physical location - it’s in the basement near by the internet router. For safety reasons I created another subnet for my apartment only - using another (wifi) router, which is the DHCP server, too.

I can connect to the IP Bridge from “My PC” using ETS6, but I have to enable NAT mode, otherwise the device can be pinged but not connected to.

I can also connect to the bridge using XKNX using this python snipped:

import asyncio
from xknx import XKNX
from xknx.io import ConnectionConfig, ConnectionType

MY_IP = "192.168.178.3"
async def main() -> None:
    connection_config = ConnectionConfig(
        connection_type=ConnectionType.ROUTING,
        gateway_ip=MY_IP,
        route_back=True
    )
    xknx = XKNX(connection_config=connection_config)

    await xknx.start()
    print("Tunnel connected")
    await asyncio.sleep(1)
    print("end")
    await xknx.stop()

asyncio.run(main())

It runs on “My PC” and from “raspi” (even inside Docker, i.e., it’s not a Docker config error). It says “Tunnel connected”. It does not work when using ConnectionType.TUNNELING or ConnectionType.TUNNELING_TCP, due to xknx.exceptions.exception.CommunicationError: Tunnel connection could not be established.

So it looks like XKNX (which is the knx backend for HA) works despite my weird network config - I just need to configure HA similarly.

I followed the instructions to add the KNX integration, chose “tunneling” and tried all tunneling types with no success (“Could not find a KNX tunneling server on your network”). I also tried “routing”, but can only add broadcast addresses which seem not to work.

Question: How do I (manually?) create the same config in HA that I’m using in XKNX? How do the configuration.yml keys map to the python lib?

PS: where are the integration settings stored? They do not appear in the configuration.yml and companion files anymore.

Thanks for your support!

2

Hi :wave:!

doesn’t really make a “connection”, but only opens a multicast socket. In Docker / on different subnets this is most likely ending up in the void.

So your “Tunnel connected” print is a lie :cake:
It would need to work with ConnectionType.TUNNELING or ConnectionType.TUNNELING_TCP (latter if you have a newer model - for MDT these are the *.03 models.)

My recommendation would be to use HA OS on your raspberry. This should have proper network defaults.

3

Thanks for your answer :slight_smile:

I see…

The interface is a MDT SCN-IP000.03, so it should support TUNNELING_TCP?

Well the problem is not (yet !) in Docker, I can’t use TUNNELING_TCP from my PC, too - no Docker involved.

I will likely not be able to change the subnets, but I can change the configuration, forward ports, or adjust the routing tables.

Any recommendations to do that? My hope is, since ETS6 does work (with NAT mode enabled), that there’s a solution for XKNX/HA, too.

I just tried out via ETS6 to enable/disable some lights at 1/0/7 which worked well.

4

Yes.

With TCP tunneling, you don’t need to set route_back - it’s used anyway there.
With UDP tunnelling, set route_back=True.

In HA you just configure manual tunnelling and turn on the “NAT mode” switch.

But yes, when ETS can make a connection, xknx should be able to too from the same machine… unless windows firewall or something similar blocks it.

5

Right - that’s what I tried at the beginning:

image
image742×882 43.4 KB

After that I started experimenting with XKNX.

It turns out that I configured the interface to use secure and I needed to provide device and user passwords… Caveat was the user id, which seems to start at #2.

connection_config_secure = ConnectionConfig(
        connection_type=ConnectionType.TUNNELING_TCP_SECURE,
        gateway_ip="192.168.178.3",
        individual_address="1.1.14",
        secure_config=SecureConfig(
            device_authentication_password="<my_device_auth_pw>",
            user_id=2,
            user_password="<first_tunnel_pw>"
        )
    )

Wohoo thanks :slight_smile: