Crashman
November 14, 2022, 10:58am
1
Hi!
I had a working KNX integration but now I want to switch to a KNX secure connection.
I am using an MDT IP Interface with 4 tunnels. Therefore I tried two ways: Manual configuration and automatic configuration using knxkeys-file from tunnel 4.
I don’t know what’s wrong, but I keep getting an error message: tunnel connection could not be established.
BTW: Tunnel connection using ETS is working fine. Should be a general problem.
What can I do? Thx for your help!
Crashman
November 14, 2022, 11:08am
2
Okay, got it working, but there seems to be a problem with tunnel 2, 3 and 4.
While I had ETS connected and blocking tunnel 1, no connection was possible. When disconnecting ETS and using tunnel 1 for HA, I got it working fine.
I cannot connect a different tunnel than 1 (userid: 2).
farmio
November 14, 2022, 11:09am
3
Hi
Crashman
November 14, 2022, 11:40am
4
On tunnel 1 both ways are working fine, on tunnel 4 I could not establish a connection, neither manual nor via knxkeys file.
Interestingly, HA KNX integration now connects as tunnel 2 (based on ETS group monitor) - I never configured tunnel 2.
farmio
November 14, 2022, 11:48am
5
I don’t have such an interface to test with.
Crashman
November 14, 2022, 11:50am
6
Tell me where to find or how to activate the specific logging and I will give you error logs.
farmio
November 14, 2022, 11:52am
7
Have a look here: https://www.home-assistant.io/integrations/knx/#logs-for-the-knx-integration farmio#5918
farmio
November 14, 2022, 8:53pm
8
So I did some testing and found a bug 🪲😬
"knxkeys_filename": ...,
"knxkeys_password": ...,
from your .storage/core.config_entries file manually.
There also seems to be a problem when your knxkeys file contains keys from multiple tunnelling servers.
I’ll try to do a fix for that for the next release.
1 Like
farmio
November 28, 2022, 6:47am
9
So that bug (and the multiple Tunnel server bug) is fixed with xknx 2.0.0 coming with HA 2022.12.
For the other way around (manual to keyfile) I’m confident that the fix will be merged in time as well.
home-assistant:dev ← farmio:knx_flow_entry_cleanup
opened 08:19AM - 26 Nov 22 UTC
## Proposed change
<!--
Describe the big picture of your changes here to com… municate to the
maintainers why we should accept this pull request. If it fixes a bug
or resolves a feature request, be sure to link to that issue in the
additional information section.
-->
- Clean up the config entry to not have previous `user_id`, `user_password` and `device_authentication` when setting to use knxkeys file.
If user_id and user_password are set these would take precendence over reading the keyfile in xknx so the keyfile wouldn't be used - even worse, if a different gateway was selected it would not be able to connect since the credentials are wrong.
- Remove directory prefix from default filename if there is one already set.
## Type of change
<!--
What type of change does your PR introduce to Home Assistant?
NOTE: Please, check only 1! box!
If your PR requires multiple boxes to be checked, you'll most likely need to
split it into multiple PRs. This makes things easier and faster to code review.
-->
- [ ] Dependency upgrade
- [x] Bugfix (non-breaking change which fixes an issue)
- [ ] New integration (thank you!)
- [ ] New feature (which adds functionality to an existing integration)
- [ ] Deprecation (breaking change to happen in the future)
- [ ] Breaking change (fix/feature causing existing functionality to break)
- [ ] Code quality improvements to existing code or addition of tests
## Additional information
<!--
Details are important, and help maintainers processing your PR.
Please be sure to fill out additional details, if applicable.
-->
- This PR fixes or closes issue: fixes #
- This PR is related to issue:
- Link to documentation pull request:
## Checklist
<!--
Put an `x` in the boxes that apply. You can also fill these out after
creating the PR. If you're unsure about any of them, don't hesitate to ask.
We're here to help! This is simply a reminder of what we are going to look
for before merging your code.
-->
- [x] The code change is tested and works locally.
- [x] Local tests pass. **Your PR cannot be merged unless tests pass**
- [x] There is no commented out code in this PR.
- [x] I have followed the [development checklist][dev-checklist]
- [x] The code has been formatted using Black (`black --fast homeassistant tests`)
- [ ] Tests have been added to verify that the new code works.
If user exposed functionality or configuration variables are added/changed:
- [ ] Documentation added/updated for [www.home-assistant.io][docs-repository]
If the code communicates with devices, web services, or third-party tools:
- [ ] The [manifest file][manifest-docs] has all fields filled out correctly.
Updated and included derived files by running: `python3 -m script.hassfest`.
- [ ] New or updated dependencies have been added to `requirements_all.txt`.
Updated by running `python3 -m script.gen_requirements_all`.
- [ ] For the updated dependencies - a link to the changelog, or at minimum a diff between library versions is added to the PR description.
- [ ] Untested files have been added to `.coveragerc`.
<!--
This project is very active and we have a high turnover of pull requests.
Unfortunately, the number of incoming pull requests is higher than what our
reviewers can review and merge so there is a long backlog of pull requests
waiting for review. You can help here!
By reviewing another pull request, you will help raise the code quality of
that pull request and the final review will be faster. This way the general
pace of pull request reviews will go up and your wait time will go down.
When picking a pull request to review, try to choose one that hasn't yet
been reviewed.
Thanks for helping out!
-->
To help with the load of incoming pull requests:
- [ ] I have reviewed two other [open pull requests][prs] in this repository.
[prs]: https://github.com/home-assistant/core/pulls?q=is%3Aopen+is%3Apr+-author%3A%40me+-draft%3Atrue+-label%3Awaiting-for-upstream+sort%3Acreated-desc+review%3Anone+-status%3Afailure
<!--
Thank you for contributing <3
Below, some useful links you could explore:
-->
[dev-checklist]: https://developers.home-assistant.io/docs/en/development_checklist.html
[manifest-docs]: https://developers.home-assistant.io/docs/en/creating_integration_manifest.html
[quality-scale]: https://developers.home-assistant.io/docs/en/next/integration_quality_scale_index.html
[docs-repository]: https://github.com/home-assistant/home-assistant.io
Thanks for reporting
dworks
January 26, 2023, 12:31pm
10
I can confim this bug and only got it working by manually setting Tunnel 1 and have no ETS connection open. All other tunnels do not work.
farmio
January 26, 2023, 12:41pm
11
Just to be sure: did you set the appropriate password for the different tunnels? Every tunnel (user_id) has its own password.
dworks
February 1, 2023, 2:49pm
12
Just in case someone is searching here:MDT Secure tunnelling ErrorCode.E_NO_MORE_CONNECTIONS · Issue #86655 · home-assistant/core · GitHub
Got another reply from MDT that they think it is related to the ETS keyring with referencing to https://knx-user-forum.de/forum/öffentlicher-bereich/knx-eib-forum/diy-do-it-yourself/1836390-falcon-sdk-6-0-2-und-knx-secure-ip-tunnel-user-login-failed (sorry, it´s in German)
Their developers will have a look into it and might provide an update in the future if necessary.
For now we would need to use non-secure or bind to tunnel 1 to get it working.
Update 2023-11-28: Please see further down for the fixed MDT versions.
1 Like
MrFaul
February 21, 2023, 2:09pm
13
Well thx, and here was I seething with rage at the myriad of breaking points in my setup.
Usually they are reliable and fix it relatively fast I’ll have to wait then.
dworks
November 28, 2023, 7:35pm
14
A headsup on this topic. The issue seemed to be resolved with the latest knxprod V2.3 from 08/23. Also make sure to have firmware V3.06 in place.https://www.mdt.de/produkte/produktdetail/systemkomponenten/systemgeraete/ip-router.html#downloads
The downside is that there is no upgrade path, so the IP router and Email client need to be removed and re-added with the new version. Make sure to have the QR codes at hand if you are using secure connection.
!