Temperature and Humidity Monitoring in the Outbuildings – Stage 3

Posted on by

An earlier Post outlined the plan to use IKEA TIMMERFLOTTE Temperature & Humidity Sensors with a GL.iNet GL-S20 Thread Border Router in conjunction with Home Assistant, to monitor the environmental conditions in various parts of the Outbuildings – especially the unheated rooms which are open to the ambient conditions.

I got the TIMMERFLOTTE devices on-boarded to Home Assistant fairly easily and they even noticed they had a firmware update available and downloaded and installed that over-the-air – all without needing any other IKEA-specific ‘hub’ or similar devices. The on-boarding (“commissioning” in Matter terminology) requires a smartphone (iOS in my case) and makes use of some of the built-in Apple software to help the Home Assistant App handle the set-up. For that to work, the smartphone must (temporarily) connect to the same network subnet as both the Thread Border Router and Home Assistant.

While the devices worked fine when tested in the House, they were not working when moved to the Outbuildings – despite them being on the same network Subnet (which gets ‘stretched’ to the Outbuildings – albeit via a few Ethernet Bridges and extra network hops). This was puzzling because everything was expected to work the same in both locations. It turned out to be a firewall issue, related to the use of an extra IPv6 address range: in the House the network traffic only has to traverse the network Switch to get from the Thread Border Router to Home Assistant (so it doesn’t reach the firewall) but with the Thread Border Router moved to the Outbuildings the traffic is traversing the inter-building link so hits the firewall to get to Home Assistant – even though it’s on the same Subnet. Three firewall rules turned out to be required:

  • Allow IPv6 UDP traffic with Source Port 5353 (i.e. mDNS)
  • Allow IPv6 UDP traffic with Destination Port 5540 (i.e. Matter)
  • Allow IPv6 ICMP traffic – to permit Home Assistant to ‘ping’ the sensors for diagnostic purposes

It’s clear the Matter protocol expects a completely ‘flat’ network topology – which isn’t great from a security or problem-solving standpoint. A decent compromise is to have a dedicated and largely isolated ‘flat’ Subnet for Matter / Thread traffic – but to dual-home the Home Assistant server so it can also participate in Matter communications (while using its ‘other’ network interface for all other communications).

CC BY-SA 4.0 Temperature and Humidity Monitoring in the Outbuildings – Stage 3 by Marsh Flatts Farm Self Build Diary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.