Azure LoRaWAN Gateway Integration

1. Overview

The following instructions will guide customers bring their own LoRaWAN gateway while utilizing Azure IoT Hub for provisioning and deployment. This approach offers various features:

• Secure communication and transport for LoRaWAN packets
• Double encryption using x.509 TLS certificates
• Device management and metrics
• Lower network bandwidth consumption
• Region Interoperability and scalability

2. Configure Packet Forwarder

The Semtech Packet Forwarder configuration global_conf.json file must be configured according to it’s region.

myDevices uses the Frequency Sub-band 2 (FSB2)

Gateway Server Address and Port

Locate the Lora packet forwarder configuration file in your gateway for your region. Most gateways uses the Semtech Packet Forwarder. The server address under the global_conf.json must be set to localhost and server port to 1700.

Example global_conf.json

{
  [...] 
  "gateway_conf": {
    "server_address": "localhost", 
    "serv_port_up": 1700, 
    "serv_port_down": 1700, [...] 
  } 
}

• Generic Example US915-global_conf.json
• Tektelic Micro Example
• Tektelic Macro Example

3. x509 Certificates

Login to the myDevices network server and register a new gateway under your organization.

After adding a new gateway, click on “Certificates” followed by “Generate Certificate”. The application will generate three values, we will need the TLS Certificate and TLS Key portion. The certificates are generated only once and will disappear, hence make sure to copy the values to individual text files. Save the certificate and key with the following naming pattern for ease of management.

• abcd0000fffff0001.cert.pem
• abcd0000fffff0001.key.pem

Copy the certificate to a non-volatile location within the gateway.

• Multitech: /var/config/app/mydevices/
• Tektelic: /var/config/mydevices/
• Gemtek: /mnt/data/app/azureiot/
• Other: /opt/mydevices/

The certificates must be placed in a secure directory within the gateway and permissions to these must be set to chmod 444 (read read read). Furthermore, these certificates will be used by the Device Provisioning Service client and the ChirpStack Gateway Bridge client.

4. Device Provisioning Service Client (DPS)

DPS client is a software that will be provided by myDevices to always execute on boot up. This software is responsible for the following:

• Registering the gateway to Azure IoT Hub
• Generating the configuration file needed for the ChirpStack Gateway Bridge client

Current dps-client (opkg) packages for specific gateways are available below:

• Multitech
• Tektelic
• Gemtek/Browan (package also contains the chirpstack-gateway-bridge)

If your gateway is not supported, follow the compile instructions here.

Example of installing opkg packages in the gateway.

opkg install gateway-bridge-dps_1.3.11-r0_ramips_24kec.ipk

5. ChirpStack Gateway Bridge Client

The chirpstack-gateway-bridge is responsible for creating a UDP server and forwarding all UDP packets received by the Semtech packet forward through MQTT. myDevices contributed to the Azure Integration and other features within ChirpStack. The bridge requires a configuration file which contains device certificate paths, device Id and IoT Hub hostname. All of this information will be generated by the Device Provisioning Service (DPS) client. More information about this client can be found here.

Note: Please make sure to use the following versions from 3.14.3 to 3.14.5. v4.0.0 is not supported.

chirpstack.io project has instructions for various gateway manufactures such as Multitech, Tektelic, Kerlink, Laird, and others.

Current chirpstack-gateway-bridge packages for specific gateways are available at these links:

• Multitech
• Tektelic
• Browan/Gemtek (package also contains the dps-client)
• Dragino LG308

6. Gateway Command Control Script

The gateway command control script is used by the chirpstack-gateway-bridge to execute commands on the gateway. These include commands to initiate a remote shell session from a gateway to a server for debugging of remote devices over SSH, as well as update packages on the gateway. The script is called command-ctrl.sh and is available in the gateway-provisioning-assets repo. This script should be installed on the device at /opt/mydevices/command-ctrl.sh. The script file permissions should be set to allow execution by the root user.

The commands to use this script are included in the chirpstack-gateway-bridge config file generated by the dps-client.

7. Registration and Verification

After completed the above steps on the gateway, make sure to restart the gateway and verify services are running.

1. Login to the LNS and check the Last Seen status has been updated or click on Frames and wait for new data to be populated.
2. After, login to myDevices Console and registry the new gateway with the eui- prefix. For example: eui-0009000009090111.
3. Pair the gateway in the myDevices portal.