KNX Secure Connection

I have uploaded the relevant log part and a pcap with the discovery messages to my server.
You can retrieve the files here:

The HA device (raspberry pi 3) is on the same layer 2 network as the IP interface.
I have used the guide for installing the Home Assistant Operating System for the raspberry pi.

Thanks for your interest and time!

Alright, thank you very much!
I have found a bug in our logic thanks to your logs :+1:. It handles the response wrongly when the order of description information in the frame is not as expected.
I’ll try to put up a fix tonight or so. This will be resolved in the next version of xknx (and HA).

:partying_face: That is a great message!

I am glad you were able to find the problem and I will look forward to the next release!

In case you are interested:

1 Like

I’m planning to switch to KNX secure using the Weinzierl IP Interface 731. Has anyone have an experience with secure using that device? Other than that, from what I figured, KNX secure is used during comissioning through ETS but also during use over TP as well as IPNet. Those devices that cannot speak secure will use normal KNX. Is that right?

1 Like

Hi :wave:!
The 731 can’t speak IP Secure. You’d need a 732.
That said there are 2 types of secure communication in Knx

  • IP Secure: only IP traffic (eg. from HA to the interface) is secured. TP traffic not affected.
  • Data Secure: only the payloads are secured, parts of the Telegrams stay unencrypted.

These can be used together.
HA supports only the former.

1 Like

Thanks for the quick answer! I meant the 732 indeed. If the ETS goes over IP then it also uses the IP Secure during comissioning, right?

Yes sure. If it is configured to use IP Secure no non-Secure connection is possible. ETS has no exception.

Hi,
I have been trying to get HA to connect using IP secure but authentication is failing.
Did you have to create the knx directory to put the .knxkeys file into?

I then tried to load a TCP only tunnel connection and all my entities lost their custom icons etc.
Will this be the case when I get the IP secure working?

I’ve restored to a backup for now but thought I would check before going too much further.

Hi :wave:!

Do you have any logs of that? Did you follow the documentation about getting the right keys? What interface is it?

Yes, you’ll have to create that directory.
Or use manual user/password/auth-key configuration. (do this if you use an interface from MDT)

I don’t know why this happened and if it could happen again.

Are you saying it’s impossible to connect to 731 after the KNX integration started using IP Secure?

No. IP-Secure is an optional feature of the KNX integration.