Teltonika Router - OpenRoaming Configuration

Configure OpenRoaming on Teltonika RUTX and RUT series industrial routers with IronWifi RADIUS authentication and Hotspot 2.0. This guide covers RADIUS server configuration, roaming consortium OI setup, and NAI realm configuration through the RutOS web interface and CLI.

Quick Start

Enable OpenRoaming in IronWifi Console and note RADIUS details
Configure RADIUS server in Teltonika web interface
Create wireless interface with WPA2-Enterprise
Enable Hotspot 2.0 / 802.11u
Add roaming consortium OIs: 5A03BA0000, 5A03BA0200, 004096
Configure NAI realms for ironwifi.com

Supported Devices

RUTX Series - RUTX08, RUTX09, RUTX10, RUTX11, RUTX12, RUTX14, RUTX50
RUT Series - RUT950, RUT955, RUT956 (with Hotspot 2.0 support)

Prerequisites

In Teltonika:

Teltonika router with RutOS 7.x or later
Firmware with Hotspot 2.0 / 802.11u support
Network connectivity to IronWifi RADIUS servers

In IronWifi Console (complete these first):

Create or select a Network in the IronWifi Console
Enable OpenRoaming from the dropdown menu
Configure roaming type (Settled or Settlement-free)
Note the RADIUS server details (IP address, port, and shared secret)

OpenRoaming Overview

Teltonika routers support OpenRoaming through:

Hotspot 2.0 (Passpoint) - Automatic network discovery
802.11u - Interworking protocol
WPA2-Enterprise - Secure RADIUS authentication

This makes Teltonika ideal for:

Industrial IoT - Factory and warehouse WiFi
Transportation - Vehicle and fleet connectivity
Remote sites - Oil, gas, and utility installations
Kiosks - Retail and service deployments

RutOS Web Interface Configuration

Step 1: Configure RADIUS Server

Log in to Teltonika router web interface
Navigate to Services > Hotspot > RADIUS
Configure Authentication Server:
- Server Address: IronWifi RADIUS IP
- Server Port: 1812
- Shared Secret: Your RADIUS secret
Configure Accounting Server:
- Server Address: IronWifi RADIUS IP
- Server Port: 1813
- Shared Secret: Your RADIUS secret
Click Save

Step 2: Create Wireless Interface

Navigate to Network > Wireless
Click Add to create new interface
Configure basic settings:
- SSID: OpenRoaming
- Mode: Access Point
- Encryption: WPA2-Enterprise (WPA2-EAP)
In Security settings:
- Authentication: RADIUS
- RADIUS Profile: Select configured profile

Step 3: Enable Hotspot 2.0

In wireless interface settings, find Advanced Settings
Locate Hotspot 2.0 or 802.11u section
Enable Hotspot 2.0
Enable Interworking (802.11u)

Step 4: Configure 802.11u Settings

Interworking:

Setting	Value
Access Network Type	Free public network
Internet Access	Enabled
ASRA	Disabled
ESR	Disabled

Venue Information:

Setting	Value
Venue Group	Business
Venue Type	Unspecified Business
Venue Name	Your Location Name

Step 5: Configure Domain Name

Find Domain Name setting
Enter: ironwifi.net

Step 6: Configure Roaming Consortium

Add Organization Identifiers:

OI	Description
`5A03BA0000`	WBA OpenRoaming (Settled)
`5A03BA0200`	WBA OpenRoaming (Settlement-free)
`004096`	Cisco OpenRoaming

Step 7: Configure NAI Realm

Find NAI Realm section
Add realm configuration:
- Realm: ironwifi.com
- EAP Method: EAP-TTLS
- Inner Authentication: PAP

Step 8: Apply Configuration

Click Save & Apply
Wait for wireless interface to restart

CLI Configuration

SSH Access

Connect via SSH:

ssh root@192.168.1.1

UCI Configuration for OpenRoaming

# Configure RADIUS
uci set wireless.@wifi-iface[0].auth_server='radius.ironwifi.com'
uci set wireless.@wifi-iface[0].auth_port='1812'
uci set wireless.@wifi-iface[0].auth_secret='your-secret'
uci set wireless.@wifi-iface[0].acct_server='radius.ironwifi.com'
uci set wireless.@wifi-iface[0].acct_port='1813'
uci set wireless.@wifi-iface[0].acct_secret='your-secret'

# Configure wireless
uci set wireless.@wifi-iface[0].ssid='OpenRoaming'
uci set wireless.@wifi-iface[0].encryption='wpa2+aes'

# Enable 802.11u (Interworking)
uci set wireless.@wifi-iface[0].iw_enabled='1'
uci set wireless.@wifi-iface[0].iw_access_network_type='2'
uci set wireless.@wifi-iface[0].iw_internet='1'
uci set wireless.@wifi-iface[0].iw_venue_group='2'
uci set wireless.@wifi-iface[0].iw_venue_type='0'

# Enable Hotspot 2.0
uci set wireless.@wifi-iface[0].hs20='1'
uci set wireless.@wifi-iface[0].hs20_domain_name='ironwifi.net'

# Configure OpenRoaming OIs
uci delete wireless.@wifi-iface[0].hs20_roaming_consortium 2>/dev/null
uci add_list wireless.@wifi-iface[0].hs20_roaming_consortium='5A03BA0000'
uci add_list wireless.@wifi-iface[0].hs20_roaming_consortium='5A03BA0200'
uci add_list wireless.@wifi-iface[0].hs20_roaming_consortium='004096'

# Configure NAI Realm
uci delete wireless.@wifi-iface[0].hs20_nai_realm 2>/dev/null
uci add_list wireless.@wifi-iface[0].hs20_nai_realm='0,ironwifi.com,21[2:4]'
uci add_list wireless.@wifi-iface[0].hs20_nai_realm='0,openroaming.org,21[2:4]'

# Apply changes
uci commit wireless
wifi reload

Advanced Configuration

Multiple Domain Names

For broader OpenRoaming compatibility:

uci set wireless.@wifi-iface[0].hs20_domain_name='ironwifi.net;openroaming.org'
uci commit wireless
wifi reload

WAN Metrics

Configure WAN link information for client selection:

uci set wireless.@wifi-iface[0].hs20_wan_metrics='01:8000:1000:80:240:0'
# Format: link_status:dl_speed:ul_speed:dl_load:ul_load:lmd
uci commit wireless
wifi reload

Connection Capability

Define available services:

uci add_list wireless.@wifi-iface[0].hs20_conn_capab='6:80:1'    # HTTP open
uci add_list wireless.@wifi-iface[0].hs20_conn_capab='6:443:1'   # HTTPS open
uci add_list wireless.@wifi-iface[0].hs20_conn_capab='17:5060:1' # SIP UDP open
uci commit wireless
wifi reload

Operator Name

Set operator friendly name:

uci set wireless.@wifi-iface[0].hs20_oper_friendly_name='eng:IronWifi'
uci commit wireless
wifi reload

3GPP Cellular Information

For carrier offload:

uci set wireless.@wifi-iface[0].anqp_3gpp_cell_net='310,410;311,480'
uci commit wireless
wifi reload

RMS (Remote Management System) Configuration

For fleet deployments using Teltonika RMS:

Configure via RMS

Log in to RMS
Select device or device group
Navigate to Services > Hotspot
Configure RADIUS and Hotspot 2.0 settings
Push configuration to devices

Template Configuration

Create configuration template for multiple devices:

In RMS, go to Management > Configuration Templates
Create new template with OpenRoaming settings
Apply template to device groups
Schedule configuration push

Testing OpenRoaming

Verify Configuration

Check Hotspot 2.0 status:

uci show wireless | grep hs20

Test Client Connection

iOS:

Users with Apple ID should auto-connect
Or install OpenRoaming profile from IronWifi

Android:

Enable Passpoint in WiFi settings
Sign in with Google account
Device auto-connects to OpenRoaming networks

Monitor Connections

# Show connected clients
hostapd_cli -i wlan0 all_sta

# View authentication logs
logread | grep -E '(hostapd|radius)'

Troubleshooting

Network Not Discovered

Verify Hotspot 2.0 Enabled
```
uci show wireless | grep hs20
```
Check Firmware Version
- Ensure RutOS version supports HS2.0
- Update firmware if needed
Verify Wireless Driver
```
iw phy | grep -i 'valid'
```

Authentication Failures

Test RADIUS Connectivity

# Check connectivity
ping radius.ironwifi.com

# Check port access
nc -uvz radius.ironwifi.com 1812

Check Logs
```
logread | grep -E '(hostapd|radius)'
```
Verify Secret
- Confirm RADIUS secret matches IronWifi configuration

Debug Commands

# Show wireless status
wifi status

# Show hostapd status
hostapd_cli -i wlan0 status

# Show connected clients
hostapd_cli -i wlan0 all_sta

# View real-time logs
logread -f | grep hostapd

Common Issues

Issue	Solution
HS2.0 option not visible	Update firmware to latest version
RADIUS timeout	Check firewall, verify server reachable
Clients don't auto-connect	Verify OI and NAI realm configuration
Intermittent failures	Check for interference, verify signal

Best Practices

Firmware Updates: Keep RutOS updated for best OpenRoaming support
Use RMS: Centrally manage multiple devices
Test Thoroughly: Verify with multiple Passpoint clients
Monitor: Set up alerts for authentication failures
Documentation: Document your configuration
Backup: Export configuration before changes

OpenRoaming Overview - Main OpenRoaming configuration guide
Teltonika Passpoint - Passpoint configuration details
Teltonika Configuration - General RADIUS setup
Passpoint Overview - Understanding Passpoint technology

Quick Start​

Supported Devices​

Prerequisites​

In Teltonika:​

In IronWifi Console (complete these first):​

OpenRoaming Overview​

RutOS Web Interface Configuration​

Step 1: Configure RADIUS Server​

Step 2: Create Wireless Interface​

Step 3: Enable Hotspot 2.0​

Step 4: Configure 802.11u Settings​

Step 5: Configure Domain Name​

Step 6: Configure Roaming Consortium​

Step 7: Configure NAI Realm​

Step 8: Apply Configuration​

CLI Configuration​

SSH Access​

UCI Configuration for OpenRoaming​

Advanced Configuration​

Multiple Domain Names​

WAN Metrics​

Connection Capability​

Operator Name​

3GPP Cellular Information​

RMS (Remote Management System) Configuration​

Configure via RMS​

Template Configuration​

Testing OpenRoaming​

Verify Configuration​

Test Client Connection​

Monitor Connections​

Troubleshooting​

Network Not Discovered​

Authentication Failures​

Debug Commands​

Common Issues​

Best Practices​

Related Topics​