Zigbee Home Automation on OpenBSD: Sonoff Dongle-M and openHAB
Zigbee over Ethernet, PoE setup, and the winning Z2M + openHAB stack on OpenBSD
In my previous post, we looked at sniffing Zigbee traffic using the older TI CC2531. While great for learning, it’s not the hardware you want running your actual home. The CC2531 is excellent for sniffing because it simply runs the sniffer firmware—that is what I used it for, and that is what I will keep using it for.
Following my own advice, I bought myself a Sonoff Dongle Max on eBay to act as a proper Zigbee Coordinator. In that previous post, I could only see a few Zigbee and other 802.15.4 devices from neighbors, but where is the fun in that? It got me curious and looking to get my own home automation started!
Hardware: The Sonoff Dongle Max
Sonoff Dongle Max
The Sonoff Dongle Max is a versatile beast. Unlike the cheap USB sticks, this version supports:
- USB Connectivity
- Ethernet with PoE (Power over Ethernet)
- WiFi
Their getting started documentation you can find here.
Connected to USB, the device shows up as a serial port.
uslcom0 at uhub5 port 2 configuration 1 interface 0 "SONOFF SONOFF Dongle Max MG24" rev 2.00/1.00 addr 5
ucom0 at uslcom0 portno 0: usb1.1.00002.0The “Smart IP” Headache
A quick warning for the factory defaults: The dongle uses “Smart IP.” It remembers the very first IP it receives from DHCP and sticks to it like glue, even if your DHCP server tries to assign a different static lease later.
If you have trouble reaching the device after setting a static lease, you’ll hopefully have remembered it’s initial IP and connect there, or you need to connect to its internal WiFi AP to manually switch the settings from “Smart IP” to standard DHCP.
This caused me quite a bit of headache ;)
In any case, once you figured that out, you can direct your browser to http://
Finding Connection Information
To configure openHAB or Zigbee2MQTT, you need the specific port strings from the dongle’s web interface. In the menu on the left, navigate to Z2M&ZHA -> Zigbee2MQTT. From there, you can expand the USB Connection and TCP Connection sections to get the exact paths and port numbers required for your config files.
Zigbee2MQTT connection information in the Sonoff Web UI
/dev/cuaU0 or alike. With regard to the TCP connection, ensure to use the proper hostname, or stay with the IP address.Setting up openHAB on OpenBSD
Installing openHAB on OpenBSD is straightforward thanks to the available packages. Once the packages are in place, you’re left with starting the service.
pkg_add -i openhab%5 openhab-addons%5
rcctl start openhabAfter the service starts, point your browser to http://localhost:8080 (or your server’s IP). You’ll be greeted by the setup wizard where you’ll create your initial Administrator account. Once logged in, the first order of business is to head over to Settings > Add-ons and install the Zigbee Binding.
Initial Attempt: The Direct Zigbee Binding Route
Once logged in, my first instinct was to keep it simple and use the native binding:
- Go to Settings > Add-ons and install the Zigbee Binding.
- Navigate to Settings > Things, click the blue + button, and select the Zigbee Binding.
- Choose Ember Coordinator from the list (the correct driver for the Sonoff Dongle-M).
- In the configuration, I set the port to:
tcp://10.0.0.210:6638.
I also configured the Baud Rate to 115200 and Flow Control to None. However, even after clicking save, the Thing remained stubborn and wouldn’t come online.
To see what was happening under the hood, I bumped up the logs in the Karaf console:
# Connect to Karaf (default pass: habopen)
ssh -p 8101 openhab@localhost
log:set DEBUG org.openhab.binding.zigbee
log:set DEBUG com.zsmartsystems.zigbeeThe log revealed the wall I had hit:
[DEBUG] [nding.zigbee.serial.ZigBeeSerialPort] - Connecting to serial port [tcp://10.0.0.210:6638] at 115200 baud...
[DEBUG] [nding.zigbee.serial.ZigBeeSerialPort] - No communication ports found, cannot connect to [tcp://10.0.0.210:6638]
[ERROR] [zigbee.dongle.ember.ZigBeeDongleEzsp] - EZSP Dongle: Unable to open serial portLooking at the OpenBSD port README, there is a significant hint regarding Java serial access:
“The example of passing
-Dgnu.io.rxtx.SerialPortsuses the rxtx library, which is currently unsupported on OpenBSD. However, 100% Java implementations such as PureJavaComm and jSerialComm are known to work.”
The README refers to physical serial ports, not TCP. However, because the TCP method failed immediately and I saw the note about rxtx support being missing, I didn’t even bother attempting a local serial connection. Time for a more robust architectural approach.
The Winning Stack: Zigbee2MQTT + Mosquitto
Instead of a direct connection, I moved to a decoupled stack: Sonoff (TCP) <-> Zigbee2MQTT <-> Mosquitto (MQTT) <-> openHAB.
1. Install the tools
pkg_add -i mosquitto zigbee2mqtt2. Configure Zigbee2MQTT
Edit your /etc/zigbee2mqtt/configuration.yaml. Note the adapter: ember setting, which is required for the MG24 chip in the Dongle-M.
version: 5
homeassistant:
enabled: true
frontend:
enabled: true
host: 127.0.0.1
port: 8081
mqtt:
base_topic: zigbee2mqtt
server: mqtt://localhost
serial:
port: tcp://10.0.0.210:6638
baudrate: 115200
adapter: ember
disable_led: false
rtscts: false
advanced:
channel: 25
log_level: debug
log_directory: /var/log/zigbee2mqtt
log_file: zigbee2mqtt_%TIMESTAMP%.log
log_rotation: true
log_output:
- file
network_key: GENERATE
pan_id: GENERATE
ext_pan_id: GENERATE
availability:
enabled: trueIf you don’t have PoE available, or simply prefer to connect the dongle directly via USB, change your serial: configuration to the following:
serial:
port: /dev/cuaU0
adapter: ember
baudrate: 115200
disable_led: false
rtscts: false_z2m user must have permission to access the serial radio device (typically /dev/cuaU0). On OpenBSD, you do this by adding the user to the dialer group:usermod -G dialer _z2mConfigure Mosquitto
For a basic local installation, the default configuration is sufficient, and no immediate changes are required to get started.
3. Start the services
rcctl start mosquitto
rcctl start zigbee2mqttThe Zigbee2MQTT Frontend
Since we enabled the frontend in the configuration file, you can manage your network directly through a web browser. By default, it is reachable at http://127.0.0.1:8081. This interface is incredibly helpful for pairing new devices, checking the network map, and monitoring the status of your sensors.
The Zigbee2MQTT Web Frontend
Integrating with openHAB
Once Zigbee2MQTT is running, integration is seamless:
- Install the MQTT Binding in openHAB.
- Add a new MQTT Broker Thing, pointing to
127.0.0.1. - Because we enabled
homeassistant: truein Z2M, your devices are supposed to appearing in the openHAB Inbox automatically as they are paired!
Bonus: Sniffing the new network
Even though I’m now using this for production, the “sniffer” in me still wants to see the packets. To decrypt the traffic of your new network in Wireshark, you need the Network Key.
At first start, Zigbee2MQTT will update the GENERATE string in your /etc/zigbee2mqtt/configuration.yaml and it will look like this:
network_key:
- 104
- 73
- 101
- 15
- 20
- 56
- 102
- 28
- 132
- 77
- 211
- 116
- 109
- 134
- 9
- 20Treat your Network Key like your most sensitive password. If someone obtains this key and is within physical range of your home, they can:
- Decrypt all traffic: Listen to every sensor event, switch state, and data packet sent across your network.
- Inject commands: Remotely control your lights, locks, or any other Zigbee devices without your permission.
- Sniff passively: Since Zigbee is a mesh protocol, they don’t even need to be “connected” to your Wi-Fi to exploit this; a simple USB sniffer is all it takes.
Only use this key for your own private troubleshooting in Wireshark and never include it in a public blog post or support forum!
# Your key from configuration.yaml
# - 104 - 73 - 101 - 15 - 20 ...
printf '%02x' 104 73 101 15 20 56 102 28 132 77 211 116 109 134 9 20 && echo
# Output: 6849650f1438661c844dd3746d860914Then using my TI CC 2531 I can use whsniff which made it just Today into the OpenBSD ports tree, to feed IEEE802.15.4 traffic into Wireshark:
sudo pkg_add -i whsniff wireshark
sudo whsniff -c 25 | wireshark -k -i -Once Wireshark is up and running, take that output string from above command and add it to Wireshark -> Preferences -> Protocols -> Zigbee -> Keys. Now you can watch your home automation commands fly through the air in plain text!
Sniffing decrypted Zigbee traffic in Wireshark
0x0000. In the Zigbee world, this is the standardized short address for the Network Coordinator (in my case, my Sonoff Dongle Max).With that, I can watch my home automation commands fly through the air - this time on my own terms!
Conclusion
Getting this stack running on OpenBSD was a bit of a challenge, but a rewarding one. As I wrap up this initial setup, I’m reminded of a section in the openHAB Introduction that rings especially true:
What You Need to Know Before You Start
When home automation just seems to work, it is always the result of hard work. Home automation is fascinating and requires a considerable investment of your time. Here are some key considerations especially for new users. To be successful, you will need to:
- Start slowly and proceed one step at a time
- Be prepared to learn
- Remain flexible in how you want to achieve your goal
- Celebrate all the small successes
That is exactly what I am doing here, and likely what I will be doing in a number of follow-up posts. Getting the coordinator talking to the stack on OpenBSD is a significant first step and a success for me—one I am definitely going to celebrate.
The documentation also leaves us with one final warning:
“Lastly, be prepared to start a new hobby: home automation.”
This is clearly true, though luckily for me, it has quite a bit of overlap with my other hobbies, making it a very natural extension of them!
Stay tuned—the sensors are on their way.