Reading Energy Data from HAN Port?

At least mine from the Stromnetz Berlin is discarding any ICMP (=Ping) traffic sent to it.

Ok, that seems to be the case at mine (from Rheinische Netzgesellschaft) too. The LED is blinking, but the Switch cannot even see the MAC address. So not Ping and no MAC.

I found this today, while googling for info about suitable HAN tools. (We had a Finnish HAN-enabled power meter installed during the weekend, which is why I started caring about it. )

The page unfortunately doesn’t list anything about the German standard(s) at the moment, but perhaps someone has any details about it that could get added there? Regulatory specifications for example, from the German authorities.

I got my theben CONEXA 3.0 installed this week.
The IP address is 192.168.2.100.
You need a username and password.
My username is a six-digit number followed by an underscore and the number of my electricity meter (not the gateway!).
The password is a 32 character string, letters, upper case, lower case and numbers.

The device responds to ping within 500 ms in my network and shows nmap an open port on 443.

The HAN port should not be connected directly to the network, as the HAN interface must not have an Internet connection (see CONEXA 3.0 manual). I have therefore moved the gateway to a VLAN and blocked its Internet access and I would recommend you do the same.

I can access the HAN interface via https://192.168.2.100 and retrieve absolutely worthless data (name, software version, date) via the browser. There is NOTHING else available via the browser.

The way I see Gateway’s little bit of web server, only the correct URLs would need to be retrieved to get the data. However, there is no documentation that is publicly available and I have really and truly searched for it…

TRUDI software is fully functional but cannot be integrated into the home automation system.
I would like to replace TRUDI and collect the data directly on the M2M interface.

In the associated manual “CONEXA 3.0 AGD-LV v3.67.x”, chapter A-9, page 11 refers to the fact that the following documents are available on thebens website

• Logbook entries CONEXA 3.0 [4]
• Interface description IF_GW_CON [5]

Intended operation of theben CONEXA 3.0 device, firmware v3.67.x includes the use of the M2M interface
see “CONEXA 3.0 AGD-LV v3.67.x”

• The end consumer is authorized to retrieve information from the SMGW, such as the software version. The retrieval of this information is described in [5 p. Chapter A-2.2.
• The contract data imported for the end consumer can be retrieved as described in [5 S. Chapter A-2.3.
• Detailed information on a contract can be retrieved as described in [5 p. Chapter A-2.4.
• The end consumer is authorized to retrieve log data from the SMGW. The retrieval of the end consumer logbook is described in [5 p. Chapter A-2.5.].
• The end consumer is authorized to retrieve measurement data from his contracts. This retrieval is described under [5 p. Chapter A-2.6.].
• Alternatively, a self-test can be started manually by the end consumer. The manual start of the self-test is described in [5 p. Chapter A-2.7].
• The results of the self-test are logged in the end consumer logbook. The retrieval of the end consumer logbook is described in Section E-5.6.
• The details of this log message can be found in [4].

Theben refused to provide me with the documents. Allegedly this would jeopardize the safety of the product.

I therefore wrote to the BSI and explained to them that Theben considers the open HAN interface of its product to be insecure and therefore asked the BSI to re-examine the certification for the gateway and, if necessary, to revoke it.

p.s. I even phoned theben’s technical hotline and was told that the interface documentation, which is part of the end user documentation, will no longer be issued. The documentation would also only “confuse” the users. Thanks for nothing theben. Yes, I’m really angry at the moment.

p.p.s
I have sent an IFG request to the BSI and hope to receive the documents in question from the BSI, as these were part of the certification. According to the certification, these are part of the scope of delivery to end users, which is why Theben cannot demand confidentiality.
https://fragdenstaat.de/a/318394

Our energy provider (Germany as well) replaced our smart meter today, and installed a new one which also includes a SMGW from PPC.
I was surprised that it comes with its own LTE modem, as our electrician installed a LAN cable next to the smart meter some years ago, claiming that this was mandated by law to accomodate the upcoming SMGWs. Oh well, I figured maybe I could use it for the HAN port.

Nevertheless, after reading this whole thread, I believe the current solution I have in place (using the SML IR reader) is far superior anyway: I can get all the data I want, including current power draw. And I can get it on a per-second basis, so not just every 15 minutes.

@CM000n If you care about customers in Germany, you would be able to reach most of them with that standard. The documentation I follow is this: https://wiki.volkszaehler.org/

Hi @BennyInc . I’m Not caring about any customer. I’m a private person

Ah, sorry – mixed that up when scrolling for the right name. I meant to address @ArnieO

Hi, anyone got this working on the PPC SMGW from Netze-BW?

I requested information/response from them if the HAN-Port is active (password, etc) - But got no answer.

thanks in advance

Hi,
I am also looking for information for my NetzeBW-smartmeter solution provided by Iskra for the meter and PPC as the gateway.

At the moment I have an 14 alpha-numeric case-sensitive password to add the smartmeter to their customers website, where I can see from last day backwards the hourly consumtions. Asking for more passwords they told me, that in a coupel of days I will receive an other letter with a 4 digit key for the meter itself, so the meter itself will then not only show the value of the 2 buildin meters, but also the actual power level of my actual consumtion.

But no information about the HAN ethernet port and its usuage!

Sorry for my poor English!

The four-digit digital code is most likely simply for the IR interface of your electricity meter and has no relevance for the HAN port.

Hey @jcollasius , great post here. Can you please explain, how to block the internet access in a vlan. I have a switch, that allows me to configure vlans, but how can i block internet access there.

As long as your home network is not using 192.168.1.x-as IP Range the smartmeter network won’t get internet access over that network. There’s no need to create a vlan.

Cave: Every Device in your home network is able to access that gateway with user/password by simply adding an additional ip address to its network port - or sniff the data transferred.

BTW: If you are using an internet router like a “Fritz!Box”: Go to network, click on the device and then you can prevent any device from connecting to the internet. This is not secure to prevent malicious devices from connecting to the internet but is perfect to prevent china hardware from talking to their overlords.

Thanks, that worked like a charm

1. Configured a static IP address in my home network and add the normal gateway and DNS (e.g. my FritzBox)
2. Add a second static IP address in the subnet of the SMGW

With this configuration i am able to connect to the SMGW and the normal network at the same time.

I would appreciate to have a cleaner solution for my network, to access the SMGW transparent from every device; without having to configure every network adapter on the relevant devices manually.

The next question will be, how to connect from the Raspberry PI / Home Assistant.

I have now received 2 letters from Netze-BW with access data for the PPC SMGW:

• Username
• Password
• Ip of the SMGW (192.168.168.168)
• Port of the SMGW (443)

I was already able to log in via the Trudi software ( → the meter ID is also required for this (printed on the PPC SMGW)).

The PPC SMGW does not have a web interface at Netze-BW and so far I have not been able to establish a connection either via ha-ppc-smgw (homeassistant) or via node-red-contrib-smgw (node-red).

Is there a way to change Ip add the Port and ID of the SMGW in ha-ppc-smgw? In the node-red plugin its possible tho add these.

offtopic:
I’m shocked at how much these “smart” meters have been crippled to provide little to no added value to customers - even though they technically could easily. And that you automatically receive access data for the customer portal by post after installing the SMGW but have to request access data for the HAN port separately. The Trudi software is also anything but up to date. No “normal” customer is going to go to all this trouble and then have a TXT file as a result.

Hey @klacol this depends on your switch. I have equipment from Ubiquity (Unifi) and there it was a checkbox in the configuration tab of the VLAN. It will be different for you, but I can’t tell you how.
If in doubt, create a firewall rule for the IP of your smart meter and block the traffic to/from the Internet for your smart meter individually.

After complaining to the Ministry, I was surprised to receive the following response today:

Dear Mr. xyz,

Thank you for your interest in the smart meter gateway and the possibilities for using the collected measurement data locally.

Unfortunately, with regard to the publication of documents, we cannot give you any other answer than the one already given by the BSI.

You are requesting manufacturer documents and not BSI documents. BSI therefore cannot distribute the requested documents without further ado. The “CONEXA 3.0 manual for the end user” that you requested also appears to be available on the Theben homepage at www.theben-se.de/conexa/#cx. However, a user account is required for the other documents (see p. 10 “CONEXA 3.0 manual for the end user v.3.80”).

Meanwhile, lawmakers have also recognized that the current, manufacturer-specific application programming interfaces do not correspond to the vision of the digitalization of the energy transition. The “Act to Restart the Digitalization of the Energy Transition (GNDEW)” therefore stipulates that the BSI standards will soon contain “uniform and sufficiently described specifications for application programming interfaces” (APIs) (see Section 22 (4) sentence 2 no. 2 of the Metering Point Operation Act (Messstellenbetriebsgesetz)).

The aim of these interoperability requirements has always been to describe all interfaces used to operate SMGWs openly and thus promote competition and innovation, while also ensuring that SMGWs from different manufacturers and different administration systems can be exchanged with each other. Technical guidelines should also enable open data access for the connection user and for innovative business models, in particular via API. This will also result in stronger competition among SMGW manufacturers and make it easier to reuse SMGWs when changing metering point operators.

The Gateway Standardization Committee will be consulted in the coming weeks regarding the necessary adjustments to the BSI technical standards. After approval by the Federal Ministry for Economic Affairs and Climate Protection, the new technical standards will be published on the BSI website.

Best regards

Your Citizens’ Dialogue team
Federal Ministry for Economic Affairs and Climate Protection, Berlin
Internet: www.bmwk.de

However, now that the government has been reshuffled, it is unclear whether the current government or future governments will actually implement this obvious goal (open and uniform APIs). It just takes sooooo long.