Teltonika Router - Passpoint Configuration

Configure Passpoint (Hotspot 2.0) on Teltonika RUTX and RUT series industrial routers to enable automatic WiFi authentication through IronWifi's cloud RADIUS service. This provides WPA2/WPA3-Enterprise security for IoT and M2M applications without manual network selection.

Supported Devices

RUTX Series - RUTX08, RUTX09, RUTX10, RUTX11, RUTX12, RUTX14, RUTX50
RUT Series - RUT950, RUT955, RUT956 (with Hotspot 2.0 support)

Prerequisites

In Teltonika:

Teltonika router with RutOS 7.x or later
Firmware with Hotspot 2.0 / 802.11u support
Network connectivity to IronWifi RADIUS servers

In IronWifi Console (complete these first):

Log in to IronWifi Management Console
Navigate to Networks > select your network
Enable Passpoint
Note the following details:
- Primary RADIUS Server IP
- Secondary RADIUS Server IP
- RADIUS Secret
- NAI Realm (e.g., ironwifi.com)
- Roaming Consortium OIs

RutOS Web Interface Configuration

Step 1: Configure RADIUS Server

Log in to Teltonika router web interface
Navigate to Services > Hotspot > RADIUS
Configure Authentication Server:
- Server Address: IronWifi RADIUS IP
- Server Port: 1812
- Shared Secret: Your RADIUS secret
Configure Accounting Server:
- Server Address: IronWifi RADIUS IP
- Server Port: 1813
- Shared Secret: Your RADIUS secret
Click Save

Step 2: Create Wireless Interface

Navigate to Network > Wireless
Click Add to create new interface
Configure basic settings:
- SSID: Passpoint
- Mode: Access Point
- Encryption: WPA2-Enterprise (WPA2-EAP)
In Security settings:
- Authentication: RADIUS
- RADIUS Profile: Select configured profile

Step 3: Enable Hotspot 2.0

In wireless interface settings, find Advanced Settings
Locate Hotspot 2.0 or 802.11u section
Enable Hotspot 2.0
Enable Interworking (802.11u)

Step 4: Configure 802.11u Settings

Interworking:

Access Network Type: Free public network
Internet Access: Enabled
ASRA: Disabled
ESR: Disabled

Venue Information:

Venue Group: Business
Venue Type: Unspecified Business
Venue Name: Your Location Name

Step 5: Configure Domain Name

Find Domain Name setting
Enter: ironwifi.net

Step 6: Configure Roaming Consortium

Find Roaming Consortium section
Add Organization Identifiers:
- 5A03BA0000 (OpenRoaming Settled)
- 004096 (OpenRoaming Settlement-Free)

Step 7: Configure NAI Realm

Find NAI Realm section
Add realm configuration:
- Realm: ironwifi.com
- EAP Method: EAP-TTLS
- Inner Authentication: PAP

Step 8: Apply Configuration

Click Save & Apply
Wait for wireless interface to restart

CLI Configuration

SSH Access

Connect via SSH to configure via command line:

ssh root@192.168.1.1

UCI Configuration

# Configure RADIUS
uci set wireless.@wifi-iface[0].auth_server='radius.ironwifi.com'
uci set wireless.@wifi-iface[0].auth_port='1812'
uci set wireless.@wifi-iface[0].auth_secret='your-secret'
uci set wireless.@wifi-iface[0].acct_server='radius.ironwifi.com'
uci set wireless.@wifi-iface[0].acct_port='1813'
uci set wireless.@wifi-iface[0].acct_secret='your-secret'

# Configure wireless
uci set wireless.@wifi-iface[0].ssid='Passpoint'
uci set wireless.@wifi-iface[0].encryption='wpa2+aes'

# Enable 802.11u
uci set wireless.@wifi-iface[0].iw_enabled='1'
uci set wireless.@wifi-iface[0].iw_access_network_type='2'
uci set wireless.@wifi-iface[0].iw_internet='1'
uci set wireless.@wifi-iface[0].iw_venue_group='2'
uci set wireless.@wifi-iface[0].iw_venue_type='0'

# Enable Hotspot 2.0
uci set wireless.@wifi-iface[0].hs20='1'
uci set wireless.@wifi-iface[0].hs20_domain_name='ironwifi.net'
uci add_list wireless.@wifi-iface[0].hs20_roaming_consortium='5A03BA0000'
uci add_list wireless.@wifi-iface[0].hs20_roaming_consortium='004096'
uci set wireless.@wifi-iface[0].hs20_nai_realm='0,ironwifi.com,21[2:4]'

# Apply changes
uci commit wireless
wifi reload

OpenRoaming Configuration

Enable OpenRoaming

For full OpenRoaming support:

Configure Roaming Consortium OIs:
- 5A03BA0000 - OpenRoaming Settled
- 004096 - OpenRoaming Settlement-Free
Configure domain names:
```
ironwifi.net
openroaming.org
```
Configure NAI realms:
```
ironwifi.com
openroaming.org
```

UCI Commands for OpenRoaming

# OpenRoaming OIs
uci delete wireless.@wifi-iface[0].hs20_roaming_consortium
uci add_list wireless.@wifi-iface[0].hs20_roaming_consortium='5A03BA0000'
uci add_list wireless.@wifi-iface[0].hs20_roaming_consortium='004096'

# Multiple domains
uci set wireless.@wifi-iface[0].hs20_domain_name='ironwifi.net;openroaming.org'

# Multiple NAI realms
uci delete wireless.@wifi-iface[0].hs20_nai_realm
uci add_list wireless.@wifi-iface[0].hs20_nai_realm='0,ironwifi.com,21[2:4]'
uci add_list wireless.@wifi-iface[0].hs20_nai_realm='0,openroaming.org,21[2:4]'

uci commit wireless
wifi reload

Advanced Settings

WAN Metrics

Configure WAN link information:

uci set wireless.@wifi-iface[0].hs20_wan_metrics='01:8000:1000:80:240:0'
# Format: link_status:dl_speed:ul_speed:dl_load:ul_load:lmd

Connection Capability

Define available services:

uci add_list wireless.@wifi-iface[0].hs20_conn_capab='6:80:1'    # HTTP open
uci add_list wireless.@wifi-iface[0].hs20_conn_capab='6:443:1'   # HTTPS open
uci add_list wireless.@wifi-iface[0].hs20_conn_capab='17:5060:1' # SIP UDP open

Operator Name

Set operator friendly name:

uci set wireless.@wifi-iface[0].hs20_oper_friendly_name='eng:IronWifi'

3GPP Cellular Information

For carrier offload:

uci set wireless.@wifi-iface[0].anqp_3gpp_cell_net='310,410;311,480'

RMS (Remote Management System) Configuration

If using Teltonika RMS for fleet management:

Configure via RMS

Log in to RMS
Select device or device group
Navigate to Services > Hotspot
Configure RADIUS and Hotspot 2.0 settings
Push configuration to devices

Template Configuration

Create configuration template for multiple devices:

In RMS, go to Management > Configuration Templates
Create new template with Passpoint settings
Apply template to device groups
Schedule configuration push

Troubleshooting

Network Not Discovered

Verify Hotspot 2.0 Enabled
```
uci show wireless | grep hs20
```
Check Firmware Version
- Ensure RutOS version supports HS2.0
- Update firmware if needed
Verify Wireless Driver
```
iw phy | grep -i 'valid'
```

Authentication Failures

Test RADIUS Connectivity

# Check connectivity
ping radius.ironwifi.com

# Check port access
nc -uvz radius.ironwifi.com 1812

Check Logs
```
logread | grep -E '(hostapd|radius)'
```
Verify Secret
- Confirm RADIUS secret matches IronWifi configuration

Debug Commands

# Show wireless status
wifi status

# Show hostapd status
hostapd_cli -i wlan0 status

# Show connected clients
hostapd_cli -i wlan0 all_sta

# View real-time logs
logread -f | grep hostapd

Common Issues

Issue	Solution
HS2.0 option not visible	Update firmware to latest version
RADIUS timeout	Check firewall, verify server reachable
Clients don't auto-connect	Verify OI and NAI realm configuration
Intermittent failures	Check for interference, verify signal

Best Practices

Firmware Updates: Keep RutOS updated for best HS2.0 support
Use RMS: Centrally manage multiple devices
Test Thoroughly: Verify with multiple Passpoint clients
Monitor: Set up alerts for authentication failures
Documentation: Document your configuration
Backup: Export configuration before changes

Supported Devices​

Prerequisites​

In Teltonika:​

In IronWifi Console (complete these first):​

RutOS Web Interface Configuration​

Step 1: Configure RADIUS Server​

Step 2: Create Wireless Interface​

Step 3: Enable Hotspot 2.0​

Step 4: Configure 802.11u Settings​

Step 5: Configure Domain Name​

Step 6: Configure Roaming Consortium​

Step 7: Configure NAI Realm​

Step 8: Apply Configuration​

CLI Configuration​

SSH Access​

UCI Configuration​

OpenRoaming Configuration​

Enable OpenRoaming​

UCI Commands for OpenRoaming​

Advanced Settings​

WAN Metrics​

Connection Capability​

Operator Name​

3GPP Cellular Information​

RMS (Remote Management System) Configuration​

Configure via RMS​

Template Configuration​

Troubleshooting​

Network Not Discovered​

Authentication Failures​

Debug Commands​

Common Issues​

Best Practices​

Related Topics​