Key expires in spite of using it

[sonic74]

Please note: this key will expire if you don't use it in 6 weeks from activation. Every time you use this key the time will be extended accordingly.

Although I use the key twice each day, every 6 weeks I get

Jun 30 11:09:28 ALRT 115 invalidate peer
Jun 30 11:09:28 WARN received alert, peer has been invalidated
Aug 18 12:00:00 ALRT 115 invalidate peer
Aug 18 12:00:00 WARN received alert, peer has been invalidated

and I have to add another user. Am I missing something?

[glenndehaan]

I have not seen this issue before on my side. Now I do know that once in a while an IKEA update just bricks my gateway and destroys all connections. Even connections with home assistent and Google Home. Also the app won't work unless I reboot the gateway and that will reset the identities.

So i'm not sure on this one.

[sonic74]

I have to reboot it after DHCP server reboots so the symbolic hostname works again. I did this both by powercycling and by
coap-client -m post -u "$TF_USERNAME" -k "$TF_PRESHARED_KEY" "coaps://$TF_GATEWAYIP:5684/15011/9030"
But for me, the identities stay in place and are not reset.

[glenndehaan]

Huh oke well that could maybe then be a defect in my unit  🤣.
Then I would suggest using a uuid as the identity and then create a script that will renew the key after 4 to 6 weeks.
I am however curious how many keys it will keep in storage then.

[sonic74]

I just realized I can do
coap-client -m post -u "Client_identity" -k "$TF_GATEWAYCODE" -e "{\"9090\":\"$TF_USERNAME\"}" "coaps://$TF_GATEWAYIP:5684/15011/9063"
with the old username after it expired. So I could just do it every time and ignore the
4.00
it returns if it's still valid and only store the PSK if it's returned.

[glenndehaan]

mmm Oke thats new since I know from testing way back that didn't work. But maybe they changed that in an update.

[sonic74]

Something like

TF_USERNAME=sonic
TF_GATEWAYCODE=0Aa000AaaAaaaAAA
TF_GATEWAYIP=GW-A0A0A0A000A0.
TF_PRESHARED_KEY=$(coap-client -m post -u "Client_identity" -k "$TF_GATEWAYCODE" -e "{\"9090\":\"$TF_USERNAME\"}" "coaps://$TF_GATEWAYIP:5684/15011/9063" | sed -n 2p | jq -r '."9091"')
if [ -z "$TF_PRESHARED_KEY" ]
then
        TF_PRESHARED_KEY=$(cat /tmp/tradfri-PSK.txt)
else
        echo $TF_PRESHARED_KEY >/tmp/tradfri-PSK.txt
fi
echo TF_PRESHARED_KEY=$TF_PRESHARED_KEY

I'll see in 6 weeks whether it works :-)

[glenndehaan]

Cool yeah if it works please create a pull request so it can be documented

[sonic74]

Oct 13 02:44:31 ALRT 20 invalidate peer
Oct 13 02:44:31 WARN received alert, peer has been invalidated

Damn, still doesn't work with 1.11.0047 ...