Building a LoRaWAN Gateway

Background

Long Range Wide Area Network (LoRaWAN) is a proprietary wireless communication protocol. While the achievable data rates are by design comparatively low, it offers long communication ranges with low power consumption. In Europe the unlicensed 868MHz frequency band is used, such that anyone use LoRaWAN without the need to apply for dedicated spectrum. So LoRaWAN is a good choice for IoT applications.

Around the globe there are several commercial network operators that operate LoRaWAN networks. These networks consist of gateways which provide coverage to connect nodes with the LoRaWAN network and a backend. The gateways forward messages to and from the nodes to the network operator backend via the Internet. In the backend messages received from the nodes can be accessed and data can be send to the nodes. Besides the commercial networks also the community driven The Things Network (TTN) provides a freely accessible LoRaWAN network in many locations worldwide. Here the gateways are provided and operated by individuals. Also the backend can be used by anyone free of charge.

This article explains how an own gateway can be built and connected to The Things Network. The following explanations are mainly based on a guide from the Zürich TTN community.

Gateway Hardware

Gateways are either available as ready to use product my multiple network equipment vendors. An overview is on this page of the TTN community. But there is also the possibility to build an own gateway. This article focuses on the latter. There are multiple possibilities to build an own gateway, but in the following these components are used:

Additional components like a SD card, a power supply or a casing are not covered in the article. These should be suitable for the intended environment, e.g. outdoor placement of the gateway.

DescriptioniC880a pinRaspberry Pi pin
Supply Voltage 5V212
GND226
Reset1322
SPI CLK1423
SPI MISO1521
SPI MOSI1619
SPI CE1724

Software

The TTN network is currently in transition from the current Things Network Stack V2 to the next version, which is called The Things Stack V3. Therefore, the software required to operate an own gateway is not actively maintained anymore while the software for the next version is not yet available.

The guide of the TTN Zürich community also includes an automatic installation script. It was developed for an older version of Raspbian, but also works on current versions.

Open LUKS encrypted device via key on USB stick

Background

If you want to encrypt the root file system of a computer running Linux with LUKS, you usually have to entere the encryption password at every system boot. Especially in the case of a headless computer acting as a server this is not suitable. To overcome this problem LUKS offers the possibility to store the encryption key as a keyfile and use it to open the encrypted disk.

There also exist several guides how the keyfile can be stored on a USB stick. Examples include here, here or here (the second and third guides are only available in German).

However, all the guides we found did not work with recent versions of Debian or Ubuntu. The problem seems to be a combination of systemd not supporting the keyscript mechanism used in some guides and incomplete support of keyfiles in the script /usr/share/initramfs-tools/hooks/cryptroot. The cryptroot script is responsible to generate the crypttab file in the initramfs which is used during the boot process to unlock the encrypted disks.

Solution

To overcome the problem we created a minimal hook that generates a correct crypttab file in the initramfs. The script is placed in /etc/initramfs-tools/hooks/xyz-crypttab. Thereby it is executed at the end of the process to generate an initramfs. The script looks as follows:

#!/bin/sh

PREREQ=""

prereqs()
{
    echo "$PREREQ"
}

case "$1" in
    prereqs)
        prereqs
        exit 0
        ;;
esac

. /usr/share/initramfs-tools/hook-functions
. /lib/cryptsetup/functions
TABFILE="/etc/crypttab"

cp "$TABFILE" "${DESTDIR}/cryptroot/crypttab"
exit 0

The script simply copies the original crypttab file into the correct destination in the initramfs. After the scripted is set as executable, the existing initramfs can be regenerated by executing sudo update-initramfs -u. At the next boot your system should be able to unlock the encrypted root file system by the keyfile stored on the USB stick.