Running OH 4.1.2 with Zooz Z-wave dongle controller set to Network Wide Inclusion and Secure Inclusion mode for all devices. It has never securely included any of the 10+ things (which support secure inclusion). Before starting to set up OH, I used the Silicon Labs Zwave controller UI with the same controller and a few of the same things, and was always able to include with security. What am I doing wrong, and what is the easiest way to change to use secure inclusion with the devices I already have in OH?
Not super strong in this area. What I know for sure is if you include a device with security in Simplicity suite, it will not work in OH with the zwave binding. For a device to work in with OH with the zwave binding it needs to be included with it. Also, as to security, the OH zwave binding only supports the legacy S0 not the newer S2. There are now two security command classes V1 and V2. The OH Zwave binding only supports V1. Some of the newer devices only have the V2 version. Some transition devices may have both Command classes. If your device has V1 it should be able to be included as the spec requires S0 as a fallback. If it only has V2 it probably can’t be included with the OH Zwave binding. I also believe security inclusion must be done within a very short time to be successful.
An alternative is to use zwave-js-ui in OH instead of the OH Zwave binding. I have that working for some of my networks. It is a little more complicated, but they have all the security options (as it seems important to you) including what is needed for Long Range inclusion.
I would add that secure inclusion significantly increases network traffic, which can decrease battery life. In the past, it has been advised to only use it for security devices like door locks.
As a HA beginner, I’m not sure how important the security is for light switches etc., although I can see increased importance for locks. I was not necessarily planning to go through and re-include everything for security, but was interested why it didn’t work, which was explained above. Most of my things are 800 chip S2 Long Range devices which I thought would offer the latest and greatest including backwards compatibility for security.
ZUI does seem pretty complicated. If I don’t use that and obtain a door lock, I guess it would need to support S0 for security?
Also, for example, I have a device that lists the following Command Classes which I assume would support both S0 and S2?
COMMAND_CLASS_SECURITY
COMMAND_CLASS_SECURITY_2
When I included this device, I don’t recall being asked for a DSK or anything else that would imply security is being used.
I would agree.
The DSK method is not supported in the OH binding. AFAIK it is only used with S2 anyway. IIRC on the UI properties dropdown it should say secure inclusion if it worked. Also could tell from debug logs to see if Nonce is being used.
Yes
The 800 chips are faster and use less power than the 700 or 500 chips. However 800 LR chips are essentially dual band radios. If included as LR, S2 security and DSK codes are required and they communicate directly with the controller (no mesh). However, they can be included like any other Zwave device using the other radio band and become part of the mesh, but the range and speeds will be similar to the 700 chips. It is one or the other not both.
Good info but I have 2 (dumb?) questions:
What is IIRC?
Where is the UI dropdown?
I used the Silicon Labs Zwave controller software to include my devices. I was able to take the security code from my openhab install and overwrite it on the Silabs software to easily include my door locks then discover them on openhab. Mine is an older 700 series dongle.
I have a 50% success rate securely including via OH but 100% on Silabs software.
Wow, that’s an interesting post. Would you mind describing how exactly you do this with Silabs even with a few screenshots because I failed with my ABUS door look and that seems to be like a bit of hope …