Additional Wi-Fi settings
When providing your network credentials in the network.json
file, you can also include additional fields in the file to adjust the network authentication protocols or even provide multiple networks' details.
Note
Configuring additional network settings using the network.json
is supported on Gateway Plus starting with firmware version 2.13.0.
Wi-Fi fields
The main field that contains the list of Wi-Fi credentials and settings is wifi_auth
and can contain the following fields:
Field | Type | Description | Required | Default | Values |
---|---|---|---|---|---|
| String | The SSID of the access point, i.e. the network's name. | Required | The SSID can have maximum 32 characters. | |
| String | Whether the network is visible or hidden. | Optional |
|
|
| Integer | Auto-connect priority. Networks with higher priority will be connected to first. | Optional | 0 | For connections with identical values, the behavior is undefined and left up to the network manager. |
| Object | The authentication method used. | Required |
| |
| Object | IP settings for the specific interface | Optional | See below for Interface settings. |
WPA Personal
If you are using the WPA Personal authentication method, in the network.json
file, add wpa_psk
holding the psk
(pre-shared key) field and put your network's password as value.
{ "wifi": { "wifi_auth": [ { "ssid": "Your SSID", "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE", "priority": 10, "wpa_psk": { "psk": "p4$$w0rD" } } ] } }
WPA Enterprise (EAP)
If you are using the WPA Enterprise authentication method, in the network.json
file, add the wpa_eap
field that can hold the following fields and values:
Field | Description | Type | Required | Value |
---|---|---|---|---|
| The anonymous identity used to talk to the proper RADIUS server. | String | Optional | The identity value can have 0-128 characters. |
| The domain / realm of the RADIUS server. | String | Optional | The domain value can have 0-128 characters. |
| The path to a CA root certificate used to authenticate the RADIUS server. | String | Optional | A relative path in the archive to the PEM certificate. |
EAP Authentication | The type of WPA-Enterprise authentication. | Object | Required |
|
{ "wifi": { "wifi_auth": [ { "ssid": "Your SSID", "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE", "priority": 20, "wpa_eap": { "anonymous_identity": "anonymous", "domain": "", "ca_cert_path": "ca_cert.pem", "peap": { "identity": "John Doe", "password": "p4$$w0rD", "inner_auth": "PEAP_INNER_AUTH_MSCHAPV2" } } } ] } }
EAP-TLS
If you are using the EAP-TLS authentication method, in the network.json
file, add the eap_tls
field that can hold the following fields and values:
Field | Description | Type | Required | Value |
---|---|---|---|---|
| The identity (username) stored in the RADIUS server database to authenticate the client. | String | Required | The identity value must have 1-128 characters. |
| The path to the user's public certificate. | String | Required | The relative path in the archive to the PEM certificate |
| The path to the user's private key. | String | Required | The relative path in the archive to the PEM certificate |
| The private key password used to open it. | String | Optional |
{ "wifi": { "wifi_auth": [ { "ssid": "Your SSID", "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE", "priority": 20, "wpa_eap": { "anonymous_identity": "anonymous", "domain": "", "ca_cert_path": "ca_cert.pem", "eap_tls": { "identity": "John Doe", "user_cert_path": "cert_tls.pem", "private_key_path": "key_tls.pem", "private_key_password": "p4$$w0rD" } } } ] } }
EAP-TTLS
If you are using the EAP-TTLS authentication method, in the network.json
file, add the eap_ttls
field that can hold the following fields and values:
Field | Description | Type | Required | Value |
---|---|---|---|---|
| The identity (username) stored in the RADIUS server database to authenticate the client. | String | Required | The identity must have 1-128 characters. |
| The password associated with the identity. | String | Required | |
| The inner authentication. | String | Required |
|
{ "wifi": { "wifi_auth": [ { "ssid": "Your SSID", "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE", "priority": 20, "wpa_eap": { "anonymous_identity": "anonymous", "domain": "", "ca_cert_path": "ca_cert.pem", "eap_ttls": { "identity": "John Doe", "password": "p4$$w0rD", "inner_auth": "EAP_TTLS_INNER_AUTH_PAP" } } } ] } }
PEAP
If you are using the PEAP authentication method, in the network.json
file, add the peap
field that can hold the following fields and values:
Field | Description | Type | Required | Value |
---|---|---|---|---|
| The identity (username) stored in the RADIUS server database to authenticate the client. | String | Required | The identity must have 1-128 characters. |
| The password associated with the identity. | String | Required | |
| The inner authentication. | String | Required |
|
{ "wifi": { "wifi_auth": [ { "ssid": "Your SSID", "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE", "priority": 20, "wpa_eap": { "anonymous_identity": "anonymous", "domain": "", "ca_cert_path": "ca_cert.pem", "peap": { "identity": "John Doe", "password": "p4$$w0rD", "inner_auth": "PEAP_INNER_AUTH_MSCHAPV2" } } } ] } }
NTP settings
When using a custom NTP, make sure all NTP servers get added to the trusted list on your firewall. This will ensure the time of your Gateway Plus stays synchronous with the INSIGHT webportal.
Note
NTP settings are supported on Gateway Plus starting with firmware version 2.13.0.
Field | Description | Type | Values |
---|---|---|---|
| NTP server list. Can be a URL or an IP address (v4 or v6). | List of strings | Maximum 2 |
0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
Examples
{ "wifi": { "wifi_auth": [ { "ssid": "Test", "wpa_psk": { "psk": "xxxxxxxxxxx" }, "ntp_settings": { "ntp_servers": [ "0.arch.pool.ntp.org", "1.arch.pool.ntp.org" ] } } ] } }
{ "ethernet": { "ntp_settings": { "ntp_servers": [ "0.arch.pool.ntp.org", "1.arch.pool.ntp.org" ] } } }
Interface settings
Dynamic Host Configuration Protocol (DHCP) is used by default for IPv4 and IPv6 if no settings are specified.
Note
Interface settings are supported on Gateway Plus starting with firmware version 2.13.0.
Field | Description | Type | Required | Values |
---|---|---|---|---|
| IPv4 settings | Object | Optional | See IP settings below. |
| IPv6 settings | Object | Optional | See IP settings below. |
IP Settings
The following settings are common to IPv4 and IPv6:
Field | Description | Type | Required | Default | Example |
---|---|---|---|---|---|
| The address to assign to the Gateway Plus. | String | Required | 192.168.1.42 | |
| The IP netmask to use (can be either the IPv4 address or a number). | String | Optional | 255.255.255.255 |
|
| The address of the network gateway (not to be confused with the ProGlove Gateway Plus device). | String | Optional | 192.168.1.1 |
Field | Description | Type | Required | Default | Example |
---|---|---|---|---|---|
| The address to assign to the Gateway Plus. | String | Required | 001:db8:abcd:0012:ffff:ffff:ffff:ffff | |
| The prefix length of the network. | String | Optional | 128 | 64 |
| The address of the network gateway (not to be confused with the ProGlove Gateway Plus device). | String | Optional | 2001:db8:abcd:0012:0000:0000:0000:0000 |
External certificates
If your selected authentication method includes required fields like user_cert_path
and private_key_path
or optional fields like ca_cert_path
, you have to include the targeted certificates in the zipped provisioning file.
The example below displays a case where a single network.json
file is used for provisioning the Gateway Plus with credentials to connect to multiple networks using four authentication protocols: WPA Personal, EAP-TTLS, PEAP, and EAP-TLS.
There are three external certificates referenced inside the following fields of the network.json
file:
ca_cert_path
user_cert_path
private_key_path
To provision your Gateway Plus with these certificates, include the .pem
files in the same folder with the network.json
file, zip them together and apply the provisioning file.
network.zip
network.json
ca_cert.pem
cert.pem
key.pem
{ "wifi": { "wifi_auth": [ { "ssid": "Your SSID", "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE", "priority": 10, "wpa_psk": { "psk": "p4$$w0rD" } }, { "ssid": "Your SSID", "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE", "priority": 20, "wpa_eap": { "anonymous_identity": "anonymous", "domain": "", "ca_cert_path": "ca_cert.pem", "eap_ttls": { "identity": "John Doe", "password": "p4$$w0rD", "inner_auth": "EAP_TTLS_INNER_AUTH_PAP" } } }, { "ssid": "Your SSID", "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE", "priority": 20, "wpa_eap": { "anonymous_identity": "anonymous", "domain": "", "ca_cert_path": "ca_cert.pem", "peap": { "identity": "John Doe", "password": "p4$$w0rD", "inner_auth": "PEAP_INNER_AUTH_MSCHAPV2" } } }, { "ssid": "Your SSID", "visibility": "ACCESS_POINT_VISIBILITY_VISIBLE", "priority": 20, "wpa_eap": { "anonymous_identity": "anonymous", "domain": "", "ca_cert_path": "ca_cert.pem", "eap_tls": { "user_cert_path": "cert.pem", "private_key_path": "key.pem", "private_key_password": "p4$$w0rD" } } } ] } }