I’ve recently been experimenting with Xiaomi Zigbee IoT/Smart Home devices. These devices are super affordable (approx $20-55NZD) and make it very easy and affordable to upgrade a home with useful smart devices.
My plan is to do a more detailed blog post at a later stage, but if you’re interested in learning more, I recorded a talk I made at the Wellington Home Automation Meetup a few weeks back that introduces these products and how I’m using them.
I’m slowly setting up more and more Internet-of-Things stuff in my house and because of my interest in this space I’ve started a Wellington Home Automation Hackers meetup that will meet monthly! If you’re in Wellington and are interested in this sort of thing, please do join the group and come along!
I’m aiming to have 2 different presenters lined up every month to ensure a range of topics, including a mix of presentations suitable for less technical beginners as well as more technical gurus (and everything in-between).
I kicked off the first month by talking about my adventures so far with Home Assistant, using it to integrate with my air conditioning, house alarm and how I’m using it in conjunction with Apple Homekit. If you missed it but this sounds fun, check it out on YouTube below!
I’ve recently been playing with the popular open source home automation software Home Assistant. One of the nice features of this platform is that it can export most of the devices it manages as HomeKit devices for easy use from iOS devices.
HomeKit isn’t perfect, it’s a generic management platform so it’ll never be as good at doing thing X compared to a native app from vendor X – it just can’t have all the same parameters and configurability.
Despite this, there’s some compelling features for a household that’s fully on the Apple ecosystem:
The only thing that’s a bit annoying, is that if you get your firewall rulesets wrong it can be tricky to debug.
I had opened up TCP port 51827 (used by HomeKit) and was able to pair my device successfully, but then had weird issues where the accessories would go into “No Response” state for prolonged periods and only occasionally update with the latest information.
Steve says you’re holding it wrong
The trick to finding this was to do some packet dumping. I ran a packet dump for all traffic from my phone to the server running the Home Assistant app to see what was coming across the wire and could see a pile of mDNS requests that weren’t being answered.
Wireshark never lies
mDNS is a tricky protocol – essentially it’s DNS, but instead of going to a name server for resolution, devices using mDNS send out a multicast packet to the network and wait to see who replies with the answer. Devices implementing mDNS need to listen to these packets and respond where appropriate. It’s most commonly implemented as Bonjour (Apple) and Avahi (Linux).
This means that we need to setup a firewall rule for UDP port 5353 to allow HomeKit clients to find the HomeKit accessory (in this case, Home Assistant). Without it, you get the “No Response” problem when lookups fail.
Why did it work at all without it? Not 100% sure, but I think HAP-Python might occasionally send out it’s own multicast messages advertising itself to iOS devices which allows them to find it for a period of time, but when the TTL expires and they try to re-resolve for connected accessories it’s nowhere to be found.
So the complete set of iptables rules you probably want (or something like them) is:
# mDNS iptables -A INPUT -p udp -m multiport --dports 5353 -j ACCEPT # Homekit Protocol iptables -A INPUT -p tcp -m multiport --dports 51827 -j ACCEPT # Home Assistant interface iptables -A INPUT -p tcp -m multiport --dports 8123 -j ACCEPT