STORE HOME CONTACT SIGN IN

rXg Knowledge Base

OpenWiFi Tips & Tricks

March 11, 2025

OpenWiFi Controller Configuration and WAP onboarding 

See https://support.rgnets.com/knowledge/90  for detailed instructions on downloading, instantiating, and configuring an OpenWiFi Controller, followed by WAP onboarding.Note that the OpenWiFi Controller UI can be accessed only using its pre-configured FQDN and not the direct IP address - any attempts to use the explicit IP address will result in likely certificate failures and loss of functionality. 
In the case of connectivity problems between the OpenWiFi controller and the WAP, confirm that both of them can be reached from the rXg shell. 
If the WAP does not connect to the OpenWiFi Controller, there are a few settings / configuration details worth looking at, including:
  • The content of /etc/hosts file on the WAP: confirm that an entry for the openwifi.wlan.local is present, and if using the rXg in a NATed configuration - the rXg FQDN is also present; 
  • The the /etc/ucentral/gateway.json file should contain the following string: {"server":"openwifi.wlan.local","port":15002} assuming teh default FQDN for the OpenWiFi Controller was used. 
  • Confirm that the WAP can properly receive and process certificates by issuing the `openssl s\_client -connect openwifi.wlan.local:15002 -cert /etc/ucentral/cert.pem -key /etc/ucentral/key.pem` command in the WAP shell. The output should include a valid certificate chain, even if the self signed certificate warning is present
No client certificate CA names sent
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3897 bytes and written 2163 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
	Protocol  : TLSv1.3
	Cipher	: TLS_CHACHA20_POLY1305_SHA256
	Session-ID: 20BED919F346FAFD41B3A2B8119EDEB8FC317812C3F2EC2BABFD3E2384DA0F1B
	Session-ID-ctx:
	Resumption PSK: 735141CB14549D95B12E2ADA8F92E599A2E60917B9468098522253398FABD53E
	PSK identity: None
	PSK identity hint: None
	SRP username: None
	TLS session ticket lifetime hint: 120 (seconds)
	TLS session ticket:
	0000 - c4 93 6a 4f 02 3e b0 67-8d 91 5b 02 2c 4c 03 6f   ..jO.>.g..[.,L.o
	0010 - 64 55 58 cd 14 47 e2 8d-f1 1c af fe e1 bb d1 d7   dUX..G..........
	0020 - b4 ea da db fe 9b a4 d3-e8 76 7d 9e 73 40 ea d6   .........v}.s@..
<<<snip>>>

Shell Access to OpenWiFi APs

OpenWiFi access points default credentials are: root/openwifi

When you are logged into the CLI, you may find the logread command useful to display current running log on the WAP:
logread -l100 -f

The /etc/hosts file on the AP should have an entry for the controller and the local rXg gateway address as well:
root@d4babaa141d0:~# cat /etc/hosts
127.0.0.1 localhost

::1 	localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.49.2 openwifi.wlan.local
10.0.47.1 rxgdev02.home 

If you need to factory reset an AP, use the following command: 
firstboot -yr

Recovering WAP from a bricked state

If the AP powers on but does not respond to SSH or acquire the IP address via DHCP, configure a device (a laptop) with an address in the 192.168.1.0/24 prefix, connect to the WAP on the WAN/LAN port and see if you can ping the AP at 192.168.1.1. If that works, you should be able to ssh to the AP on 192.168.1.1 using the default credentials. 
Once the connection was successful, execute the factory default to attempt to restore the device to its original state. 

Firmware Upgrade

Once in the WAP shell, transfer firmware file to the /tmp directory of the AP by SCP and then run sysupgrade command to upgrade the AP
sysupgrade -o /tmp/firmware_file.bin
If you want to build your own firmware, check out details at https://github.com/Telecominfraproject/wlan-ap.
The firmware upgrade is also available via the OpenWiFi UI, when a new firmware becomes available. 
Screenshot 2025-01-13 at 8.51.59 AM.png 335.55 KB
back to articles home
Categories
Configuration Guides
FAQ
3rd Party
Features and Capabilities
Known Issues
Tags
SoftGRE
RUCKUS
SmartZone
IPMI
Dell
Fleet Manager
ESXI
Hardware
Extreme
NAT
Bhyve
Upgrading
DHCP
Performance Improvements
DNS
Licensing
RADIUS
CLI
API
Configuration Templates
SD-WAN
IDV
NVIDIA
IPv6
Site Surveys
OpenWiFi

About

RG Nets is the premium provider of gateways and centralized-authentication appliances designed to manage, provision, and protect revenue-generating networks. Our mission is to create tools that are so good, we would use our own money to buy them.
316 California Ave.
Suite 331
Reno, NV 89509
+1 (408) 441 0100
[email protected]

Company Links

Copyright 2025 RG Nets, Inc.
v2025.05-11-g22428
Cookies help us deliver our services. By using our services, you agree to our use of cookies.