Versions Compared

Version Old Version 1 New Version Current
Changes made by

Anh Arsenault

Andrew Stokinger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This configuration supports a WiFi environment that duplicates the functionality of Powerhouse (PhD) physical SAP. It requires scripting/programming to allow existing network infrastructure to provide the same type of “Plug and Play” support that the SAP provides. Therefore, this environment is more suitable for enterprise customers who have invested in their sophisticated network/IT organization. This is for customers who have a enterprise wide solution like Meraki network devices. The ‘Automatic’ term of this configuration means a new ConnectWare module can connect to Open Kitchen Cloud without requiring manual entering of network credentials like the Wifi direct connect mode.

The configuration consists of the following steps.

  1. The customer network needs to duplicate Customer network duplicates two interfaces that are equivalent to a PhD’s SAP:

...

The credential of this interface is known by all ConnectWare modules. The public interface only provides access to the provisioning endpoint (either one of the followings: provision.sitesage.net or sprovision.sitesage.net or sprovisiondev.sitesage.net or provisiondev.sitesage.net). This connection uses port 443. This interface should be configured as “hidden” network for security.

  • The second SSID is designated as the secure interface and the SSID and PSK are unique to each AP. This interface provides full internet access including traffic to pushspush.sitesage.net or pushdevspushdev.sitesage.net.
    This interface can be configured “hidden” or “broadcast”.

Info

The SSID and its PSK of the secure interface must be shared with Open Kitchen through a secure API (to be provided by PhD) or through the Open Kitchen interface with appropriate user credentials (discussed in the text below)

Info

Both interfaces should be isolated with firewall rules and allows only *.sitesage.net

...

Port 443 should be allowed by firewall

Info

Access Point Wifi Frequency shoud be set to 2.4 GHz

  1. Customer provides additional information about connection is provided to Open Kitchen

  • MAC address of the network gateway of the secure SSID that ConnectWare Modules and Equipment connect. All messages sent to Open Kitchen include a parameter labeled as gwmac carrying this MAC address. If there are multiple gateways at one location, all gwmac(s) should be provided to Open Kitchen

  • Open Kitchen maintains a mapping table of locations and gwmac(s) which will be used to automatically associate equipment to a specific location(TBD) Open Kitchen provides a set of

  1. APIs

...

  1. to

...

  1. update

...

  1. Provisioning API

...

  • The ca.crt file is the Certificate Authority for the OpenVPN server and allows the client to authenticate
    that it is connecting to the expected server. The format of the ca.crt file shall be a format supported by
    the OpenVPN client, typically X509 certificate format.

  • The client.crt file is the client's certificate, used by the server to authenticate the client. The format of
    the client.crt file shall be a format supported by the OpenVPN client, typically X509 certificate format.

  • The client.key file is the client's private key. The private key is used by the client to attest to its
    authenticity. The key shall be in a format supported by the OpenVPN client.
    The ca.crt, client.crt, and client.key files need to be copied to the AAP's /etc/openvpn/ovpn0
    directory or equivalent. You may end up modifying the path provided in the openvpn file to support
    your implementation.

  • The openvpn file is the configuration of the OpenVPN client in OpenWRT Unified Configuration Interface
    (UCI) syntax. This file directly replaces a client.conf file written in OpenVPN configuration syntax. A
    minimal valid openvpn configuration file would be:
    package openvpn
    config openvpn phd_config
    option enabled 1
    option client 1
    option dev tun0
    option proto tcp
    option remote " secure10.sitesage.net 443"
    option ca "/etc/openvpn/ovpn0/ca.crt"
    option cert "/etc/openvpn/ovpn0/client.crt"
    option key "/etc/openvpn/ovpn0/client.key"

...

  1. Access Point (AP)

Coming soon

The APIs provide the Access Point (AP) information and the location which the AP is bound to. The APIs can be used to update Access Point SSID and PSK

  1. Bound Access Point (AP) to a Location in Open Kitchen Web Application

Log into Open Kitchen https://ok.sitesage.net

Navigate to the location where the Access Point is to be bound, and go to Connectivity tab. Use ‘+ Add AP’ button to open ‘Add AP’ diaglog box to configure Access Point

...

Click Save after information has been entered for Access Point

  1. Access Point (AP) can be updated in Open Kitchen Web Application

An existing Access Point (AP) can have its credential updated in Open Kitchen.

Log into Open Kitchen https://ok.sitesage.net

Navigate to the location where the Access Point is bound, and go to Connectivity tab.

Select the AP image in the Connectivity page

...

Automatic Access Point Configuration dialog box opens for update. MAC address of Default Gateway must not be changed, thus it is not editable.

...

Click Update after information has been entered for Access Point