Setting up Basic Station protocol on RAK7240 and RAK7249 industrial gateways

As some of you may know Things Network supports a new packet forwarded protocol called Basic Station. This is based on Websockets and adds extra security and stability compared to the old Semtech UDP protocol. Actually the creators of the original UDP protocol have publicly said it was an internal proof of concept which should never have been deployed. So this change is great news!

RAK7240 and RAK7249 firmware from release V1.1.0062_Release_r202 snow support Basic Station, but instructions on how to use it have been hard to find. Well wonder no more, here they are in 3 simple steps:

Step 1) Log into the web configuration, go to the new Basic Station tab ard press Enable

Step 2) Scroll down to the LNS server section

For LNS URI enter: wss://lns.eu.thethings.network

(“eu” stand for Europe, replace the eu with us, in or au if you’re in the US, India or Australia respectively)

in Authentication mode select “TLS Server Authentication”

and in trust field paste the LetsEncrypt root key in BER format from https://letsencrypt.org/certs/trustid-x3-root.pem.txt

Step 3) Press Save & Apply

Done, you’re gateway will now connect to Things Network using the Basic Station protocol. On the Things Network end everything will be the same as with the Semtech UDP “legacy” protocol, and the gateway should have the same EUI as before.

If this is a new gateway you can simply register it on TTN using the EUI shown near the top

and on TTN remember to tick the use legacy packet forwarder box

Hope you found this easy but let me know if you have any questions

Let’s all move to Basic Station protocol as soon as possible and leave the old insecure and unreliable UDP protocol well in the past. Thanks for reading.

should we disable LORA PACKET FORWARDER once LORA BASIC STATION IS ENABLED ?

screenshot attached.

what should i enter in trust box ?

this does not work on things industries hosted network server, can somebody help.

Hi @abhishek2101, if you are a TTI cloud-hosted enterprise stack customer then you can contact the technical support people directly. I am a customer and the response is very fast and very good.

thank you for this advice. I had my RAK7249 working perfectly as a Packet Forwarder using UDP. I decided to change to basic station. It appears everything works.

However TTN shows the gateway is not connected even though I get data. Also you said to tick on Legacy Packets in the TTN setup. Why would I do that if I am now using Basic Station>

This is a known problem with V2 backend/console. Fact you are getting data through from nodes to your apps shows gw is working. Use forum search. We are moving to V3 this year so problem won’t be fixed… it is intermittent. If any consolation when I checked my GW’s before turning in last night approx 1/3rd of mine had been showing offline for 15hrs or more. No doubt when I check later most will be showing connected again

Because in V2 BasicStation connectivity uses an intermediate process which translates the connection to the legacy UDP connectivity.
V3 has native support for BasicStation and uses the EUI to identify the gateway.

I found your article very useful for v2 of TTN. But I have now deleted that gw in V2 and trying to set it up in v3. I am using LNS, wss://nam1.cloud.thethings.network 8887 as a port and authentication is TLS server.

But v3 console shows disconnect. Any advice?

@RockiesIOT Looks like you need to use a token. I got my RAK7258 working with Basic Station and TTN v3 with these settings:

(X) LNS Server

URI: wss://eu1.cloud.thethings.network

Port: 8887

Authentication Mode: TLS Server Authentication and Client Token

Trust: -----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----

(I got the certificate here - https://letsencrypt.org/certs/isrgrootx1.pem.txt)

Token: Authorization: Bearer [LNS_API_KEY]

To create your LNS_API_KEY, in the TTN v3 console goto Gateways and API Keys and click the + Add API key button.
Enter a Name like “LNSkey”, select Grant individual rights, select Link as Gateway to a Gateway Server for traffic exchange, i.e. write uplink and read downlink, click the Create API key button. Copy the key and paste it after the text "Authorization: Bearer " in the Token box so it looks like: Authorization: Bearer NNSXS…

thank you. This seemed to work. If you follow the v2 explanation at the beginning of this thread you are advised to use Server Authentication. For v3 it appears you must use Server and Token Authentication.

I was also able to get Basic Station working with CUPS:

(X) CUPS Server

URI: https://eu1.cloud.thethings.network

Port: 443

Authentication Mode: TLS Server Authentication and Client Token

Trust: [same certificate as LNS above]

Token: Authorization: Bearer [CUPS_API_KEY]

To create your CUPS_API_KEY, follow these instructions - Configuration and Update Server (CUPS) | The Things Stack for LoRaWAN

I tried the above settings but ran into an issue on WisDM. The following documentation helped me:

https://www.thethingsindustries.com/docs/gateways/concepts/lora-basics-station/lns/