This forum uses cookies

gjniewenhuijse · 04.10.2024, 13:03

Just a question before i made this.

I have 2 logicmachines connected over ip.

LM1: have 2 secure groupaddresses 10/7/1 and 10/7/2 and i can monitor and control these groupaddress in the lm, because i use the dummy from the example.

LM2: how to control and monitor 10/7/1 and 10/7/2 from LM2? Do i need to configure something to get this working?

***admin*** · 04.10.2024, 13:20

You need dummy devices for both LMs. Import same ETS project into both LMs.

gjniewenhuijse · 06.10.2024, 13:19

Under Utilities there is an option to transfer group addresses from logic machine 1 to logic machine 2 via remote services. This works, but not for secure group addresses. Secure group addresses are then suddenly not secure.

How to solve this? My goal is to have both lm’s with the same groupaddresses, without do maintenance on both.

***admin*** · 07.10.2024, 06:46

Each KNX secure device has a sending sequence number that is required for secure communication. It cannot be added manually or via object import. You must import ETS project into both LMs.

domotiqa · (This post was last modified: 23.12.2025, 11:19 by domotiqa.)

(07.10.2024, 06:46)admin Wrote: Each KNX secure device has a sending sequence number that is required for secure communication. It cannot be added manually or via object import. You must import ETS project into both LMs.

hi admin.
1/ So it mean when we have project with gundreds of group adress we need to add all of them ? if thousand ? is there known limitation on dummy secure device ?
2/I tried to test the secure ip connection to one of our remote site (firewalled on our company ip)? We opened the 3671 (UDP, but alos tcp) on demand. I did a test, add ip secure dummy product. define project password. export diag secure key. save ets project, import the key,a ctivate communication secure only. then on Ets try to communicate with LM.I have a timeout. is it still 3671 ? any help appreciate.

Note: i saw:
At this moment only secure Routing (multicast) is supported. Backbone key can be found in ETS > Reports > Project Security. You can export report to PDF to be able to copy/paste the key. The option to automatically extract this key when importing the project file will be added later.

is it still case ? maybe the reason

My hope was to secure ip connection quick on each customer, even on their own lan.

***Daniel*** · 23.12.2025, 12:10

You are mixing KNX data secure and KNX IP secure. For IP secure you just need the backbone key which must be the same for whole project. For this you enable only secure communication in KNX settings.
Data secure, you saw already the video, this is for TP communication when telegrams are encrypted on the TP level between device and LM.

domotiqa · (This post was last modified: 23.12.2025, 12:28 by domotiqa.)

(23.12.2025, 12:10)Daniel Wrote: You are mixing KNX data secure and KNX IP secure. For IP secure you just need the backbone key which must be the same for whole project. For this you enable only secure communication in KNX settings.
Data secure, you saw already the video, this is for TP communication when telegrams are encrypted on the TP level between device and LM.

sorry i didn't explain well ! I know the diff. I use them with SE secure ip interface and secure coupler.

My question was:
point1 is for data secure
point2 is for ip secure

***Daniel*** · 23.12.2025, 12:31

OK
1. Yes all which use data secure and you want them to talk to LM.
2. It is KNX multicast, it won't work over networks.

domotiqa · 23.12.2025, 17:19

(23.12.2025, 12:31)Daniel Wrote: OK
1. Yes all which use data secure and you want them to talk to LM.
2. It is KNX multicast, it won't work over networks.

thks daniel. is it planned to do ip tunneling secure through 3671 ?

***Daniel*** · 23.12.2025, 17:51

We have it on our roadmap but with a low priority. With Zerotier or a VPN the connection is already secure.

domotiqa · Yesterday, 11:00

ok understoud

Login
Username:
Password:	Lost Password?
	Remember me