Skip to main content

OpenWiFi (TIP) - Passpoint Configuration

Configure Passpoint (Hotspot 2.0) on OpenWiFi (Telecom Infra Project) access points to enable automatic WiFi authentication through IronWifi's cloud RADIUS service. This open-source solution provides carrier-grade WPA2/WPA3-Enterprise security without manual network selection.

Overview

OpenWiFi is an open-source wireless networking solution from the Telecom Infra Project (TIP). It provides carrier-grade features including full Passpoint/Hotspot 2.0 support.

Supported Platforms

  • OpenWiFi Cloud SDK - Cloud controller
  • OpenWiFi AP Firmware - Compatible access points
  • Supported Hardware: EdgeCore, CIG, HFCL, Actiontec, and other TIP-compliant APs

Prerequisites

In OpenWiFi:

  • OpenWiFi controller deployed (cloud or on-premises)
  • OpenWiFi-compatible access points
  • OpenWiFi firmware 2.x or later

In IronWifi Console (complete these first):

  1. Log in to IronWifi Management Console
  2. Navigate to Networks > select your network
  3. Enable Passpoint
  4. Note the following:
    • RADIUS Server IPs
    • RADIUS Secret
    • NAI Realm (e.g., ironwifi.com)
    • Roaming Consortium OIs

OpenWiFi Controller Configuration

OpenWiFi Cloud SDK Configuration

Step 1: Create RADIUS Profile

  1. Log in to OpenWiFi Cloud SDK
  2. Navigate to Profiles > RADIUS
  3. Click Create Profile
  4. Configure:
{
  "name": "IronWifi-RADIUS",
  "radius": {
    "authentication": {
      "host": "radius.ironwifi.com",
      "port": 1812,
      "secret": "your-radius-secret"
    },
    "accounting": {
      "host": "radius.ironwifi.com",
      "port": 1813,
      "secret": "your-radius-secret"
    }
  }
}

Step 2: Create Passpoint Profile

  1. Navigate to Profiles > Passpoint
  2. Click Create Profile
  3. Configure Hotspot 2.0 settings:
{
  "name": "IronWifi-Passpoint",
  "passpoint": {
    "enabled": true,
    "venue": {
      "group": "business",
      "type": "unspecified"
    },
    "access-network-type": "free-public",
    "internet": true,
    "domain-names": [
      "ironwifi.net"
    ],
    "roaming-consortium": [
      "5A03BA0000",
      "004096"
    ],
    "nai-realms": [
      {
        "realm": "ironwifi.com",
        "eap-methods": [
          {
            "method": "eap-ttls",
            "authentication": {
              "inner": "pap"
            }
          }
        ]
      }
    ]
  }
}

Step 3: Create SSID Configuration

  1. Navigate to Configurations > SSIDs
  2. Click Create SSID
  3. Configure:
{
  "name": "Passpoint",
  "ssid": "Passpoint",
  "encryption": {
    "proto": "wpa2",
    "ieee80211w": "optional"
  },
  "radius": {
    "profile": "IronWifi-RADIUS"
  },
  "passpoint": {
    "profile": "IronWifi-Passpoint"
  }
}

Step 4: Create Device Configuration

  1. Navigate to Configurations > Device Configs
  2. Create or edit configuration
  3. Add the Passpoint SSID
  4. Push to devices

JSON Configuration Reference

Complete Passpoint Configuration

{
  "uuid": "device-uuid",
  "configuration": {
    "interfaces": [
      {
        "name": "WAN",
        "role": "upstream",
        "ethernet": [
          {
            "select-ports": ["WAN*"]
          }
        ],
        "ipv4": {
          "addressing": "dynamic"
        }
      },
      {
        "name": "Passpoint",
        "role": "downstream",
        "ssids": [
          {
            "name": "Passpoint",
            "wifi-bands": ["2G", "5G"],
            "bss-mode": "ap",
            "encryption": {
              "proto": "wpa2",
              "key": "",
              "ieee80211w": "optional"
            },
            "radius": {
              "authentication": {
                "host": "1.2.3.4",
                "port": 1812,
                "secret": "your-secret"
              },
              "accounting": {
                "host": "1.2.3.4",
                "port": 1813,
                "secret": "your-secret"
              }
            },
            "pass-point": {
              "venue-name": [
                "eng:IronWifi Hotspot"
              ],
              "venue-group": 2,
              "venue-type": 0,
              "access-network-type": 0,
              "internet": 1,
              "domain-name": [
                "ironwifi.net"
              ],
              "roaming-consortium": [
                "5A03BA0000",
                "004096"
              ],
              "nai-realm": [
                "0,ironwifi.com,21[2:4]"
              ],
              "osen": false,
              "anqp-domain": 0,
              "friendly-name": [
                "eng:IronWifi"
              ]
            }
          }
        ]
      }
    ]
  }
}

NAI Realm Encoding

The NAI realm format follows:

<encoding>,<realm>,<eap-method>[<inner-auth>]

Where:

  • 0 = UTF-8 encoding
  • 21 = EAP-TTLS
  • [2:4] = Inner auth PAP

Common EAP methods:

  • 13 = EAP-TLS
  • 21 = EAP-TTLS
  • 25 = EAP-PEAP

Advanced Configuration

3GPP Cellular Network

For carrier integration:

{
  "pass-point": {
    "3gpp-plmn": [
      {
        "mcc": "310",
        "mnc": "410"
      },
      {
        "mcc": "311",
        "mnc": "480"
      }
    ]
  }
}

WAN Metrics

Configure link information:

{
  "pass-point": {
    "wan-metrics": {
      "link-status": "up",
      "symmetric-link": true,
      "downlink-speed": 100000,
      "uplink-speed": 50000,
      "downlink-load": 0,
      "uplink-load": 0
    }
  }
}

Connection Capability

Define available services:

{
  "pass-point": {
    "connection-capability": [
      {"protocol": "tcp", "port": 80, "status": "open"},
      {"protocol": "tcp", "port": 443, "status": "open"},
      {"protocol": "tcp", "port": 5060, "status": "open"},
      {"protocol": "udp", "port": 5060, "status": "open"}
    ]
  }
}

Operating Class

Configure supported frequencies:

{
  "pass-point": {
    "operating-class": [81, 115, 121, 124]
  }
}

OpenRoaming Integration

Full OpenRoaming Configuration

{
  "pass-point": {
    "roaming-consortium": [
      "5A03BA0000",
      "004096"
    ],
    "nai-realm": [
      "0,ironwifi.com,21[2:4]",
      "0,openroaming.org,21[2:4]"
    ],
    "domain-name": [
      "ironwifi.net",
      "openroaming.org"
    ]
  }
}

API Configuration

Using OpenWiFi API

Create configuration via API:

curl -X POST "https://owgw.example.com/api/v1/device/{device-uuid}/configure" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d @passpoint-config.json

Get Device Status

curl -X GET "https://owgw.example.com/api/v1/device/{device-uuid}/status" \
  -H "Authorization: Bearer YOUR_TOKEN"

Troubleshooting

Network Not Discovered

  1. Check Passpoint Status

    • Verify configuration pushed to device
    • Check device status in controller

  2. Verify ANQP

    • Check GAS/ANQP frames in packet capture
    • Verify all required IEs present

  3. Device Firmware

    • Ensure firmware supports Hotspot 2.0
    • Update to latest OpenWiFi firmware

Authentication Failures

  1. RADIUS Connectivity

    # Test from AP CLI
    radtest user password radius.ironwifi.com 1812 secret

  2. Check Logs

    • Review OpenWiFi controller logs
    • Check IronWifi authentication logs

  3. NAI Realm

    • Verify realm encoding
    • Check EAP method matches

Debug Commands

On OpenWiFi AP CLI:

# Show wireless status
ubus call wifi status

# Show hostapd status
hostapd_cli -i wlan0 status

# Show ANQP information
hostapd_cli -i wlan0 anqp_get

# Show associated clients
hostapd_cli -i wlan0 all_sta

# Debug logs
logread -f | grep -i hostapd

Best Practices

  1. Use Templates: Create reusable configuration templates
  2. Version Control: Track configuration changes
  3. Testing: Test with multiple Passpoint clients
  4. Monitoring: Set up logging and alerts
  5. Firmware: Keep APs on latest OpenWiFi firmware
  6. Redundancy: Configure backup RADIUS servers