WisGateOS 2 Extensions User Manual
Overview
WisGateOS 2 introduces an extension framework that allows gateways to expand their functionality by installing additional software modules. Extensions can be added, removed, or updated based on operational needs, providing greater flexibility and customization for different deployment scenarios.
Starting from WisGateOS 2 2.2.x, the extension installation process is further improved for better security and user experience:
- All extensions are verified with a digital signature to ensure authenticity and compatibility.
- The Extension Gallery enables direct access to verified extensions, simplifying installation and management workflows.
- An Internet connection is required during installation to complete the signature verification.
To check your gateway firmware version, navigate to Dashboard > Overview in the Web UI.
- For gateways running WisGateOS 2 2.0.x or 2.1.x, follow the installation procedure outlined in the WisGateOS 2 2.0.x/2.1.x section.
- For gateways running WisGateOS 2 2.2.x or later, proceed to the updated steps in the WisGateOS 2 2.2.x or Later section.
Supported Extensions
Extensions | Descriptions | Remarks |
---|---|---|
Breathing Light | By using the breathing light extension, you can personalize the LED light’s working modes, frequency, and color. | - |
Custom Logo | The Custom Logo extension allows you to upload your logo in the Web UI. This extension is universal and applicable to all gateways that support WisGateOS 2. | - |
Country Settings | Listen Before Talk (LBT) ensures the gateway checks the availability of the channel before transmitting. This is crucial in LoRaWAN, a multi-channel protocol and uses ISM band, to prevent collision from simultaneous transmission. LBT regulations vary by country, and WisGateOS 2 provides a country table easy configuration of the country code. | - |
Open/Close Port | This extension enables you to add or delete packet traffic management rules on the gateway, allowing designated subnet host IPs to communicate with the gateway through specified ports. | - |
Solar Battery | The Solar Battery extension displays the operational status information of the solar battery used by the gateway. This includes information on the performance of the solar battery, battery health status, cycle period, battery capacity, charging and discharging modes, and more. | Compatible with any WisGateOS 2 gateway equipped with solar power systems. |
WireGuard | WireGuard is a simple and fast VPN, designed to be more efficient and leaner than the IPsec protocol, and to outperform the well-known RAKwireless OpenVPN. Support for WireGuard has been implemented on RAKwireless gateways. | - |
OpenVPN Client | OpenVPN is a VPN solution that creates a secure network through a server accessible via a public IP address. This server allows the gateway and various client devices, such as PCs and smartphones, to connect. It can utilize backhaul options like Ethernet, Wi-Fi, or LTE. For LTE connections, ensure the gateway has a static public IP address. | - |
Operation and Maintenance | This is an operation and maintenance tool that features scheduled device reboot and monitoring of the 4G network status. If the 4G network connection is lost, it automatically restarts the cellular module to recover the connection. | This extension is only compatible with WisGateOS 2 2.2.2 and later. |
Field Test | This application is designed to provide backend computing services for Field Tester. It communicates with the LoRaWAN network server via MQTT subscribe/publish, supporting both the built-in LNS in the RAK gateway and third-party LNS. This extension allows you to view and download measurement data from the Field Tester. | This extension is only compatible with WisGateOS 2 2.2.2 and later. |
Failover Reboot | The Failover Reboot tool periodically checks the status of all enabled network links (LTE / Ethernet / Wi-Fi) of the gateway. Once it detects that all network links are offline, it will try to restore network connectivity by rebooting LTE module or gateway with failover. | This extension is only compatible with WisGateOS 2 2.2.2 and later. |
WisGateOS 2 2.0.x/2.1.x
Before installing the extension, you need to obtain the extension file in ipk
format. Gateways running WisGateOS 2 2.0.x/2.1.x support the extensions shown in the table below.
Extension Names | Extension Files |
---|---|
Breathing Light | Download |
Custom Logo | Download |
Country Settings | Download |
Open/Close Port | Download |
Solar Battery | Download |
WireGuard | Download |
OpenVPN Client | Download |
How to Add an Extension
- To install an extension, start with accessing the gateway. In accessing the gateway, check the Access the WisGateOS 2 Web UI user manual.

- After a successful login, head to the Extensions tab (
).
- You can click the WisGate logo (
) to expand the menu on the left and see the full names of the tabs.
- By default, no extensions are installed.

- To install one, you can click either on Add new extension button or the install one now link. An Add new extension window will pop up.

- Now, you can either drag and drop the extension file in the Drop your Extension file here or choose file form or click the choose file link in the form and browse for the extension file.
The extension files are in IPK format, specifically created for the WisGateOS 2 and WisGate Edge hardware platform. A general IPK file for OpenWrt cannot be installed.

- After you choose the extension file, click Add extension to install it. It takes some time for the extension to install.

- After the installation process is complete, the WisGateOS will reboot and you need to log in again.
- Head to the Extensions tab again and you should see the installed extension.

- You can now install more extensions via the Add new extension button or configure the installed ones by clicking the Launch button on the extension.
How to Remove an Extension
- Go to the Extensions tab, select the extension you want to remove, and click the Remove button.

- A pop-up window will appear to verify if you want delete the extension. Click Remove and wait for the process to finish.


How to Use the Extensions
Breathing Light
The breathing light LED is located on the top cover of the WisGate Edge Lite 2 gateways, which helps to easily determine the gateway’s status visually. The breathing light extension allows you to enable or disable the breathing light on the gateway’s top cover. The default state of the LED is as in its Normal state - a slowly blinking blue light.
The Breathing Light extension is available only for the WisGate Edge Lite 2 version 2 gateways.
Working Mode
By using the Breathing Light extension, the working mode, frequency, and color of the LED light are now customizable. This extansion has two working modes: All and Warning Only.
-
Choosing the All mode can:
- Change the Normal light color, that is the light you see when the gateway is working properly.
- Set the blinking frequency from slow, fast, and steady.
- Configure the color of the Warning light.
NOTE
The colors for the Normal and the Warning Light should not be the same.
-
If you choose Warning only mode:
- The LED light will only work in case of abnormal activities like Internet connection loss.
- Light's color can be modified, but not its frequency.
Install the Breathing Light Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the Breathing Light Extension
- To access the Breathing Light extension, click Launch.

- In the Configuration page, configure the mode, color, and blinking frequency of the LED.

-
Interface
- Enable Breathing Light: Enables or disables the breathing light extension.
- Mode: Sets the mode of the extension.
- All: The Normal light is enabled.
- Warning only: Disables the Normal light settings and only Warning light will glow.
-
Normal light: The settings for the normal light.
- Color: The color of the light (red, green, blue).
- Frequency: Blink frequency of the led (slow, fast, steady).
NOTEThe Normal light settings are disabled if Warning only mode is selected.
-
Warning Light: The color of the warning light.
- Once done with the configuration, click Save changes.
You can check the status of the LED on the gateway itself.
Custom Logo
The Custom Logo extension allows you to upload your logo in the Web UI. This extension is universal and applicable to all gateways that support WisGateOS 2. It was developed with both small or bigger enterprises in mind, allowing them to have their logo recognized and used in their daily operations.
Having the capability to rebrand your Web UI is essential for companies that need to effectively promote and visualize their brand or product. This necessity is met by RAKWireless’ white label feature, which allows clients to customize the user interface to reflect their branding elements seamlessly.
Size and Format Requirements
The uploaded logo image must be in SVG format and cannot exceed 300 kb. You can preview the Web UI page before finally switching RAKWireless’ logo with your brand logo.
Install the Custom Logo Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the Custom Logo Extension
- To access the Custom Logo extension, click Launch.

- In the Configuration page, you can set a custom logo on the login page and on the sidebar menu.

- Interface: Enables/disables custom logo extension.
- Large logo: This logo will be used on the login page and on the expanded sidebar menu. To upload a logo, either drop the image in the area or click Choose file and browse for the image.
- Small logo: This logo will be used for mobile view and on the collapsed sidebar menu. To upload a logo, either drop the image in the area or click Choose file and browse for the image.
- Preview: After choosing the desired images, click preview and see how the logo will look on the login page, expanded and collapsed sidebar in desktop and mobile versions.


- To apply the selected logos, click Save changes. The page will reload and apply the logos.
Country Settings
LBT (Listen Before Talk) means that, before transmitting, the gateway checks the availability of the channel. This is necessary because LoRaWAN is a multi-channel protocol and uses ISM Band. Anyone can use the band - a collision occurs if two or more end devices send signals simultaneously.
The gateway checks for empty channels and uses one of them to send downlink data. If a channel is occupied, the gateway performs a random back off. In case all of the channels are occupied, the gateway waits for a free channel and tries to send the downlink data again.
LBT is usually governed by regulations per country. In WisGateOS 2 2.x, there is a country table which includes proper configurations for all countries so you can set the country code in WisGateOS 2 2.x.
AS923 end-devices operating in Japan shall perform Listen Before Talk (LBT), based on ARIB STD-T108 regulations. The ARIB STD-T108 regulation is available for free and should be consulted as needed.
You can switch the frequency plan in the following regions:
- AS923, KR920
- EU868, RU864, IN865
- CN470
The frequency plan will be limited to a particular region. Tx power will be limited to under the maximum.
- Downlink Tx Power
- Beacon Tx Power
Install the Country Settings Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the Country Settings Extension
- To access the Country Settings extension, click Launch.

- In the Configuration page, click the Select your Country button to set your country.


- In the new window, find your country and select it. Tick the checkbox below to confirm that you have chosen the country where the gateway is located. Then click Confirm to set the LBT for your country.

- Enable the LBT by clicking on the Enable Listen Before Talk switch.

- To save the changes, click Save changes. Now, your gateway has its LBT enabled.
Open/Close Port
This extension allows you to add or delete packet traffic management rules on the gateway, allowing any (or specific) host IP from a designated subnet to communicate with the gateway through specified ports.
Install the Open/Close Port Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the Open/Close Port Extension
- To access the Open/Close Port extension, click Launch.

- In the Traffic rules page, you can see the default traffic rules of the Open/Close port extension.

- Service name: A readable name for the service.
- Protocol: The protocol used.
- Family: The protocol version used for the traffic.
- From: External source.
- To: Internal source.
For example, the Allow-http service indicates that any host in WAN can communicate with the gateway through port 80 using the TCP protocol type.
- To add a new rule, click the Add new rule and configure the following information.

- Service name: Provide a readable name for the rule.
- Protocol: Select the protocol used for the rule.
- TCP
- UDP
- TCP + UDP
- Sources:
- Allow any host: Allows any host to access the rule.
- Source IP address: Specify up to three host IPs.
- Destination port: The destination port for routing.
- To save the changes, click Add new rule. Then you can view the rule created in the list of Traffic rules interface.
Solar Battery
The Solar Battery extension is used to display the operational status information of the solar battery used by the gateway. This includes information on the performance of the solar battery, battery health status, cycle period, battery capacity, charging and discharging modes, and more.
This extension is compatible with the following gateways:
- RAK7240V2
- RAK7267
- RAK7289
- RAK7289V2
- RAK7285
You can learn the status of the solar battery in real-time through the UI interface.
Install the Solar Battery Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the Solar Battery Extension
- To access the Solar Battery extension, click Launch.

- In the Details page, enable the switch to activate Monitor solar battery.

-
Solar battery performance: Shows the real-time performance of the battery.
- Temperature: The temperature of the battery. Used to prevent overheating or freezing.
- Voltage: The voltage level of the battery.
- State of charge: The current battery level.
- Current: Indicates whether the battery is charging or discharging.
-
About solar battery: Contains additional information about the battery.
- State of Health: Represents the battery’s overall condition.
- Cycle times: The number of charge/recharge cycles.
- Remaining Capacity: The current available capacity of the battery.
- Full-charge capacity: The maximum capacity when the battery is fully charged.
- Battery working mode: Indicates whether the battery is charging or discharging.
-
Solar battery active events: Notifies users about battery-related issues.
- FAULT: The system detects a potentially damaged battery and recommends immediate replacement.
- PROTECT: The system detects a serious issue and shuts down the battery as a protective measure. Once conditions are safe, the battery resumes operation automatically.
WireGuard
WireGuard is a simple but fast VPN. It aims to be faster, simpler, and leaner than the IPsec protocol. It intends to be more performant than the well-known RAKwireless - OpenVPN. Before, it was not possible to use the WireGuard protocol on the RAKwireless gateways, but that is not the case now.
The new WisGateOS 2 now offers Extension features, where you can install and set up the WireGuard extension. In this tutorial, you will learn how to set the WireGuard client on the gateway.
This guide assumes that you have some knowledge in setting up a WireGuard server and have a WireGuard server set up.
Install the WireGuard Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the WireGuard Extension
- To access the WireGuard extension, click Launch.

- In the Configuration page, enable the Enable WireGuard switch and configure the following information.

-
Interface: Settings for the WireGuard client.
-
Address with netmask: The address used by the WireGuard client. It must be in the same range (e.g.,
10.0.8.0
to10.0.8.255
) defined by the server. -
Generate key pair: Automatically generates the key pair.
-
Public key: The public key of the WireGuard client.
-
Private key: The private key of the WireGuard client.
NOTEDo not share your private key with anyone.
-
-
Server: Settings for the WireGuard server.
-
Endpoint host: The IP address of the machine or cloud service where the WireGuard server is hosted.
-
Endpoint port: The port used for WireGuard traffic.
-
Persistent keepalive (ms): The interval at which keepalive packets are sent to maintain the connection.
-
Public key: The public key of the WireGuard server.
-
Enable preshared key: Enables the preshared key field. This key is used as part of the Noise protocol during encrypted connection setup between the two peers.
Figure 1: Enable preshared key
-
-
Route All Traffic: allows traffic from all IPs
- Allowed IPs: you can set current IPs that will have the right to connect to the gateway via the WireGuard IP. Only available when Route All Traffic is disabled.
- To save the changes, click Save changes.
Remember to add the WireGuard Client credentials to the WireGuard server configuration.
- After the connection is established, check the status of the WireGuard in the Status tab.

OpenVPN Client
OpenVPN is a virtual private network (VPN). A VPN is created where a server is deployed that both the Gateway and any number of customer devices (PC, Phone, etc.) can connect to via a public IP address. This is possible to implement using any of the backhaul connectivity options the Gateway supports (Ethernet, Wi-Fi, LTE). For the LTE backhaul, make sure that the gateway has a static public IP.
Thus, by connecting to the server via a remote client, can remotely manage the gateway from any point, at any time. As mentioned above, an OpenVPN server is required. This guide shows how to set up a server in the AWS cloud.
Install the OpenVPN Client Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the OpenVPN Client Extension
Make sure you have local network access to your gateway and connect to it to access the Web UI.
- To access the OpenVPN Client extension, click Launch.

- To add an OpenVPN tunnel, click either Add tunnel button or add one now link.

- Click choose file link and browse for the
.OVPN
file or drag and drop the.OVPN
file you have created in the WisGate Edge V2 Gateways Remote Management - OpenVPN guide.

- Once the file is added, click Add tunnel to add the OpenVPN tunnel.

- A success message will appear after the tunnel is added successfully.

- Click Configure button of the VPN tunnel. On the next window, click the Enable Connection switch to enable the OpenVPN tunnel and click Save changes.

- In the Logs tab, you can check the OpenVPN status.

- You can see the assigned IP in the OpenVPN overview page.

WisGateOS 2 2.2.x or Later
If your gateway firmware is WisGateOS 2 2.2.x or later. Installing extensions becomes easier, you can select and install extensions from the Extension gallery.
How to Add an Extension
- To install an extension, start with accessing the gateway. In accessing the gateway, check the Access the WisGateOS 2 Web UI user manual.

- After a successful login, head to the Extensions tab (
).
- You can click the WisGate logo (
) to expand the menu on the left and see the full names of the tabs.
- By default, no extensions are installed.

- To install one, click Extension gallery tab. All extensions that support WisGateOS 2 2.2.x or later will be displayed in the gallery.

- Choose the extension (for example, RAK OpenVPN Client) to install and click Install button. It takes some time for the extension to install.
- If the icon
appears on the Extension tab, it means that the gateway hardware does not support the installation of this extension.
- If the icon 🟢 appears on the Extension tab, it means that the gateway hardware support the installation of this extension. You can choose to install this extension.
- If the Auto Update is enabled during installation, the gateway will automatically update the extension when the latest version is available.

- Head to the Installed tab and you should see the installed extension.

How to Remove an Extension
- To remove an extension, head to the Extensions > Installed.

- Click the Remove button at the extension you want to remove. You will be asked if you want to remove that extension.

- Click Remove and wait for the process to finish.


How to Update an Extension
In order to use the latest features of the extension, we strongly recommend updating the extension to the latest version.
- To update an extension, head to the Extensions > Installed.

- If the latest version of the extension is available, the Update button will be highlighted, indicating that you can choose to update the extension. For example, the RAK Open/Close port extension. Click Update. It takes some time for the extension to update.

- After the update process is complete, you can see the extension is already in the latest version and there are no updates available.

To facilitate timely updates, the RAK gateway provides an automatic update feature. It allows you to check the Auto Update button on the extension tab. Once Auto Update is enabled, the gateway will automatically update the extension when the latest version is available.

How to Use the Extensions
RAK Breathing Light
The breathing light LED is located on the top cover of the WisGate Edge Lite 2 gateways and helps to easily determine the gateway’s status visually. The breathing light extension allows you to enable or disable the breathing light on the gateway’s top cover. The default state of the LED is as in its Normal state - a slowly blinking blue light.
The Breathing Light extension is available only for the WisGate Edge Lite 2 version 2 gateways.
Working Mode
By using the Breathing Light extension, you can customize the working mode, frequency, and color of the LED light. There are two working modes: All and Warning Only.
If you choose the All mode, you can change the Normal light color, that is the light you see when the gateway is working properly. The blinking frequency can be changed as well – you can choose from Slow, Fast, and Steady. It’s possible to configure the color of the Warning light in All working mode as well. Note that the colors for the Normal and the Warning Light cannot be the same.
If you choose Warning only mode, the LED light will only work in case of abnormal activities like Internet connection loss. In Warning only mode, you can modify the light's color, but not its frequency.
Install the RAK Breathing Light Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the RAK Breathing Light Extension
- To access the RAK Breathing Light extension, click Launch.

- In the Configuration page, you can configure the mode, color, and blinking frequency of the LED.

-
Interface
- Enable Breathing Light: Enables or disables the breathing light extension.
- Mode: Sets the mode of the extension.
- All: The Normal light is enabled.
- Warning only: Disables the Normal light settings and only Warning light will glow.
-
Normal light: The settings for the normal light.
- Color: The color of the light (red, green, blue).
- Frequency: Blink frequency of the led (slow, fast, steady).
NOTEThe Normal light settings are disabled if Warning only mode is selected.
-
Warning Light: The color of the warning light.
- To save the changes, click Save changes.
You can check the status of the LED on the gateway itself.
RAK Custom Logo
The Custom Logo extension allows you to upload your logo in the Web UI. This extension is universal and applicable to all gateways that support WisGateOS 2. It was developed with both small or bigger enterprises in mind, allowing them to have their logo recognized and used in their daily operations.
Having the capability to rebrand your Web UI is essential for companies that need to effectively promote and visualize their brand or product. This necessity is met by RAKWireless’ white label feature, which allows clients to customize the user interface to reflect their branding elements seamlessly.
Size and Format Requirements
The uploaded logo image must be in SVG format and cannot exceed 300 kb. You can preview the Web UI page before finally switching RAKWireless’ logo with your brand logo.
Install the RAK Custom Logo Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the RAK Custom Logo Extension
- To access the RAK Custom Logo extension, click Launch.

- In the Configuration page, you can set a custom logo on the login page and on the sidebar menu.

- Interface: Enables or disables the custom logo extension.
- Large logo: Used on the login page and the expanded sidebar menu. To upload a logo, drag and drop the image into the area or click Choose file to browse for an image.
- Small logo: Used for mobile view and the collapsed sidebar menu. Upload by dragging and dropping the image or clicking Choose file.
- Preview: After selecting the images, click Preview to see how the logo appears on the login page, and in expanded and collapsed sidebars for both desktop and mobile views.


- To apply the selected logos, click Save changes. The page will reload and apply the logos.
RAK Country Settings
LBT (Listen Before Talk) means that, before transmitting, the gateway checks the availability of the channel. This is necessary because LoRaWAN is a multi-channel protocol and uses ISM Band. Anyone can use the band - a collision occurs if two or more end devices send signals simultaneously.
The gateway checks for empty channels and uses one of them to send downlink data. If a channel is occupied, the gateway performs a random back off. In case all of the channels are occupied, the gateway waits for a free channel and tries to send the downlink data again.
LBT is usually governed by regulations per country. In WisGateOS 2 2.x, there is a country table which includes proper configurations for all countries so you can set the country code in WisGateOS 2 2.x.
AS923 end-devices operating in Japan shall perform Listen Before Talk (LBT), based on ARIB STD-T108 regulations. The ARIB STD-T108 regulation is available for free and should be consulted as needed.
You can switch the frequency plan in the following regions:
- AS923, KR920
- EU868, RU864, IN865
- CN470
The frequency plan will be limited to a particular region. Tx power will be limited to under the maximum.
- Downlink Tx Power
- Beacon Tx Power
Install the RAK Country Settings Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the RAK Country Settings Extension
- To access the RAK Country Settings extension, click Launch.

- In the Configuration page, click the Select your Country button to set your country.


- In the new window, find your country and select it. Tick the checkbox below to confirm that you have chosen the country where the gateway is located. Then click Confirm to set the LBT for your country.

- Enable the LBT by clicking on the Enable Listen Before Talk switch.

- To save the changes, click Save changes. Now, your gateway has its LBT enabled.
RAK Open/Close Port
This extension allows you to add or delete packet traffic management rules on the gateway, allowing any (or specific) host IP from a designated subnet to communicate with the gateway through specified ports.
Install the RAK Open/Close Port Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the RAK Open/Close Port Extension
- To access the RAK Open/Close Port extension, click Launch.

- In the Traffic rules page, you can see the default traffic rules of the Open/Close port extension.

- Service name: A readable name for the service.
- Protocol: The protocol used.
- Family: The protocol version used for the traffic.
- From: External source.
- To: Internal source.
For example, the Allow-http service indicates that any host in WAN can communicate with the gateway through port 80 using the TCP protocol type.
- To add a new rule, click the Add new rule and configure the following information.

- Service name: give a readable name for the rule
- Protocol: choose the protocol used for the rule:
- TCP
- UDP
- TCP + UDP
- Sources
- Allow any host: allows any host to have access to the rule
- Source IP address: you can set up three host IPs
- Destination Port: the destination port of the routing
- To save the changes, click Add new rule. Then you can view the rule created in the list of Traffic rules interface.
RAK Solar Battery
The RAK Solar Battery extension is used to display the operational status information of the solar battery used by the gateway. This includes information on the performance of the solar battery, battery health status, cycle period, battery capacity, charging and discharging modes, and more.
This extension is compatible with the following gateways:
- RAK7240V2
- RAK7267
- RAK7289
- RAK7289V2
- RAK7285
You can learn the status of the solar battery in real-time through the UI interface.
Install the RAK Solar Battery Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the RAK Solar Battery Extension
- To access the RAK Solar Battery extension, click Launch.

- In the Details page, enable the switch to activate Monitor solar battery.

-
Solar battery performance: Shows the real-time performance of the battery.
- Temperature: The temperature of the battery. Used to prevent overheating or freezing.
- Voltage: The voltage level of the battery.
- State of charge: The current battery level.
- Current: Indicates whether the battery is charging or discharging.
-
About solar battery: Contains additional information about the battery.
- State of Health: Represents the battery’s overall condition.
- Cycle times: The number of charge/recharge cycles.
- Remaining Capacity: The current available capacity of the battery.
- Full-charge capacity: The maximum capacity when the battery is fully charged.
- Battery working mode: Indicates whether the battery is charging or discharging.
-
Solar battery active events: Notifies users about battery-related issues.
- FAULT: The system detects a potentially damaged battery and recommends immediate replacement.
- PROTECT: The system detects a serious issue and shuts down the battery as a protective measure. Once conditions are safe, the battery resumes operation automatically.
RAK WireGuard
WireGuard is a simple but fast VPN. It aims to be faster, simpler, and leaner than the IPsec protocol. It intends to be more performant than the well-known RAKwireless - OpenVPN. Before, it was not possible to use the WireGuard protocol on the RAKwireless gateways, but that is not the case now.
The new WisGateOS 2 now offers Extension features, where you can install and set up the WireGuard extension. In this tutorial, you will learn how to set the WireGuard client on the gateway.
This guide assumes that you have some knowledge in setting up a WireGuard server and have a WireGuard server set up.
Install the RAK WireGuard Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the RAK WireGuard Extension
- To access the RAK WireGuard extension, click Launch.

- In the Configuration page, enable the Enable WireGuard switch and configure the following information.

-
Interface: Settings for the WireGuard client.
- Address with netmask: The IP address the WireGuard client will use. It must be in the same range (e.g.,
10.0.8.0
to10.0.8.255
) defined by the server. - Generate key pair: Automatically generates the key pair.
- Public Key: The public key of the WireGuard client.
- Private Key: The private key of the WireGuard client.
NOTE
Do not share your private key with anyone.
- DNS: The DNS server used by the client.
- Address with netmask: The IP address the WireGuard client will use. It must be in the same range (e.g.,
-
Server: Settings for the WireGuard server.
- Endpoint Host: The IP address of the machine or cloud instance where the WireGuard server is hosted.
- Endpoint Port: The port used for WireGuard traffic.
- Persistent Keepalive (ms): The interval for sending keepalive packets to maintain the connection.
- Public Key: The public key of the WireGuard server.
- Enable Preshared Key: Enables the preshared key field. The preshared key is part of the Noise protocol used to establish an encrypted connection between peers.
Figure 1: Enable preshared key
-
Route All Traffic: Allows traffic from all IPs.
- Allowed IPs: Specifies the IPs that are allowed to connect to the gateway via the WireGuard IP. This option is only available when Route All Traffic is disabled.
- To save the changes, click Save changes.
Remember to add the WireGuard Client credentials to the WireGuard server configuration.
- After the connection is established, check the status of the WireGuard in the Status tab.

RAK OpenVPN Client
OpenVPN is a virtual private network (VPN). A VPN is created where a server is deployed that both the Gateway and any number of customer devices (PC, Phone, etc.) can connect to via a public IP address. This is possible to implement using any of the backhaul connectivity options the Gateway supports (Ethernet, Wi-Fi, LTE). For the LTE backhaul, make sure that the gateway has a static public IP.
Thus, by connecting to the server via a remote client, the user can remotely manage the gateway from any point, at any time. As mentioned above, an OpenVPN server is required. This guide shows how to set up a server in the AWS cloud.
Install the RAK OpenVPN Client Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the RAK OpenVPN Client Extension
Make sure you have local network access to your gateway and connect to it to access the Web UI.
- To access the RAK OpenVPN Client extension, click Launch.

- To add an OpenVPN tunnel, click either Add tunnel button or add one now link.

- Click choose file link and browse for the
.OVPN
file or drag and drop the.OVPN
file you have created in the WisGate Edge V2 Gateways Remote Management - OpenVPN guide.

- Once the file is added, click Add tunnel to add the OpenVPN tunnel.

- A success message will appear after the tunnel is added successfully.

- Click Configure button of the VPN tunnel. On the next window, click the Enable Connection switch to enable the OpenVPN tunnel and click Save changes.

- From the Logs tab, you can check the OpenVPN status.

- You can see the assigned IP in the OpenVPN overview page.

Operation and Maintenance
The Operation and Maintenance extension is operation and maintenance tool that features scheduled device reboot and monitoring of the 4G network status. If the 4G network connection is lost, it automatically restarts the cellular module to recover the connection.
This extension is only compatible with WisGateOS 2 2.2.2 and later.
Install the Operation and Maintenance Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the Operation and Maintenance Extension
- To access the Operation and Maintenance extension, click Launch.

- In the configuration page, you can set up cellular network monitoring and schedule reboot.

- Cellular Network Monitoring: When enabled, the gateway will monitor the cellular connection status every 2 minutes. If the 4G network connection is lost, it will automatically restart the cellular module to restore the connection.
- Schedule Reboot: When enabled, the gateway will reboot periodically based on the configured schedule.
- Gateway Current Time: The system time must be synced for scheduled tasks to function properly. To change the current time, go to User Preferences and set the time.
- Reboot Time: The time when the gateway will reboot.
- Repeat Time: The reboot cycle interval.
- To save the changes, click Save changes.
Field Test Data Processor
The Field Test Data Processor Extension is an optional application designed to enable local signal processing and data analysis for the Field Tester Plus. Installed on a RAK WisGateOS 2 gateway, it subscribes to uplink data from the connected LoRaWAN Network Server (LNS) using the MQTT protocol.
This extension supports both:
- The built-in LNS on RAK gateways.
- Third-party LNS platforms such as ChirpStack, TTN, and AWS IoT Core.
Once installed and connected, it provides the following capabilities:
- Local computation of RSSI, SNR, and packet loss.
- Storage and export of structured test data (e.g., CSV reports).
- Heatmap visualization of signal strength and gateway coverage.
- Support for offline or GPS-denied testing using manual location tags.
This extension allows you to analyze signal quality without relying on external cloud services, making it ideal for both indoor and field deployments.
This extension is only compatible with WisGateOS 2 2.2.2 and later.
Field Test Data Processor Extension – Parameter Definitions
Name | Description |
---|---|
Device EUI | The unique identifier of the Field Tester Plus device currently being analyzed. |
RSSI Chart | Received Signal Strength Indicator. Shows the signal strength of uplink packets received by the gateway. Measured in dBm. Closer to 0 = stronger signal. |
SNR Chart | Signal-to-Noise Ratio. Indicates how much stronger the signal is compared to background noise. Higher values represent better communication quality. |
DateRate | The LoRaWAN Data Rate (DR) used for the uplink. Lower DR values offer longer range but lower data throughput. |
Region | Frequency band used by the Field Tester Plus (e.g., EU868, US915). Must match the configuration of the connected gateway. |
Loss Rate | Uplink packet loss rate, calculated based on gaps in frame counters. Ideally should be 0%. |
Last Time | Timestamp of the last successfully processed uplink. Useful for checking if the device is still active. |
Label | A user-defined location tag for the current test point (e.g., 3F-Elevator). This label will appear in exported CSV reports. |
No. of Gateway | Number of gateways that received the latest uplink. |
Gateway EUI | The unique identifier of the gateway that received the latest uplink (typically the nearest or strongest gateway). |
Distance | Estimated distance (in meters) between the device and the gateway. Requires GPS on the device. |
Install the Field Test Data Processor Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the Field Test Data Processor Extension
The following steps describe how to configure the extension to communicate with the supported LoRaWAN network servers via MQTT.
Built-in Network Server
Prior to configuring the Field Test Data Processor extension, verify that both the gateway and the Field Tester Plus device have been correctly registered with the LoRaWAN Network Server (LNS) and are communicating successfully.
For setup instructions, see the Pre-Test Network Setup section of the Field Tester Plus User Guide.
- To access the Field Test Data Processor extension, click Launch.

- Click the Configuration tab to set the following parameters.

- LoRa Network Server: Select the LoRaWAN network server where you registered the Field Tester device. In this example, the Built-in Server is selected.
- MQTT Integration:
- MQTT Broker Address: For the Built-in Server, set the MQTT broker address to localhost.
- Port: The default port used by the MQTT broker is 1883.
- Enable User Authentication: Keep the default value; no authentication is required.
- Enable TLS Setting: Keep the default value.
- Uplink Topic: Uplink topic template:
application/{appName}/device/{devEui}/rx
. To subscribe to a specific Field Tester device, replace{appName}
and{devEui}
with the exact values. - Downlink Topic: Downlink topic template:
application/{appName}/device/{devEui}/tx
. To publish to a specific Field Tester device, replace{appName}
and{devEui}
with the exact values.
-
To save the changes, click Save changes.
-
Click the Device Overview tab to view the Field Tester device and the collected data.

- Optional: Click Show Data to view the detailed device data.

- Optional: Click Export to download the data report for local viewing.
Only data reports for labeled devices can be exported.
Chirpstack
Before configuring the Field Test Data Processor extension, ensure that your Field Tester Plus device has been properly registered with the ChirpStack network server and has successfully joined the LoRaWAN network.
In this chapter, an external ChirpStack v4 network server is used as an example.
For setup instructions, see the Pre-Test Network Setup section of the Field Tester Plus User Guide.
- To access the Field Test Data Processor extension, click Launch.

- Click the Configuration tab to set the following parameters.

- LoRa Network Server: Select the LoRaWAN network server where you registered the Field Tester device. In this example, ChirpStack is selected.
- MQTT Integration:
- MQTT Broker Address: Set the MQTT broker address to the server where ChirpStack is deployed. In this example, the ChirpStack v4 server IP is
140.179.175.182
(your IP will be different). - Port: The default port used by the MQTT broker is 1883.
- Enable User Authentication: Keep the default value; no authentication is required.
- Enable TLS Setting: Keep the default value.
- Uplink Topic: Uplink topic template:
application/{applicationId}/device/{devEui}/event/up
. - Downlink Topic: Downlink topic template:
application/{applicationId}/device/{devEui}/command/down
.
- MQTT Broker Address: Set the MQTT broker address to the server where ChirpStack is deployed. In this example, the ChirpStack v4 server IP is
-
To save the changes, click Save changes.
-
Click the Device Overview tab to view the Field Tester devices and the collected data.

- Optional: Click Show Data to view the detailed device data.

- Optional: Click Export to download the data report for local viewing.
Only data reports for labeled devices can be exported.
The Things Network
Before configuring the Field Test Data Processor extension, ensure that your Field Tester Plus device has been properly registered with the TTNv3 network server and has successfully joined the LoRaWAN network.
For setup instructions, see the Pre-Test Network Setup section of the Field Tester Plus User Guide.
- To access the Field Test Data Processor extension, click Launch.

- Click the Configuration tab to set the following parameters.

For The Things Network server, each application supports MQTT integration and requires connection credentials. To view MQTT connection information, go to Applications > your application > Other integrations > MQTT.

- LoRa Network Server: Select the LoRaWAN network server where you registered the Field Tester device. In this example, The Things Network is selected.
- MQTT Integration:
- MQTT Broker Address: The public address for the MQTT broker is
eu1.cloud.thethings.network
. - Port: The default port used by the MQTT broker is 1883.
- Enable User Authentication: This option must be enabled.
- Username: This is the Username in the Connection credentials.
- Password: This is the Password in the Connection credentials. This value must be generated by clicking Generate new API key.
- Enable TLS Setting: Keep the default value.
- Uplink Topic: Uplink topic template:
application/{applicationId}/device/{devEui}/event/up
. - Downlink Topic: Downlink topic template:
application/{applicationId}/device/{devEui}/command/down
.
- MQTT Broker Address: The public address for the MQTT broker is
-
To save the changes, click Save changes.
-
Click the Device Overview tab to view the Field Tester devices and the collected data.

- Optional: Click Show Data to view the detailed device data.

- Optional: Click Export to download the data report for local viewing.
Only data reports for labeled devices can be exported.
AWS IoT
Before configuring the Field Test Data Processor extension, ensure that your Field Tester Plus device has been properly registered with AWS IoT Core for LoRaWAN and has successfully joined the LoRaWAN network.
For setup instructions, see the Pre-Test Network Setup section of the Field Tester Plus User Guide.
- To access the Field Test Data Processor extension, click Launch.

- Click the Configuration tab to set the following parameters.

-
LoRa NetWork Server: Select the LoRaWAN network server where you registered the Field Tester device. In this example, the AWS IoT is selected.
-
MQTT Broker Address:
To configure the MQTT broker address, go to AWS IoT > Connect > Domain configurations, and click iot:Data-ATS in the Domain configurations list. Copy the Domain name.
Figure 1: Configure the MQTT broker address
-
Port: The port is 8883.
-
Enable User Authentication: keep the default value and no authentication is required
-
Enable TLS Setting: Enable TLS setting to ensure the security of MQTT message transmissions. Therefore, you need to create certificates in AWS IoT.
a. AWS IoT policies allow you to control access to the AWS IoT Core data plane operations. To create an AWS IoT policy. Go to AWS IoT > Security > Policies, click Create policy.
Figure 1: Go to create an AWS IoT policy
b. Configure policy parameters and click Create.
Figure 1: Configure parameters
c. Create certificates to authenticate the connection between the device and the Field Test Data Processor extension. Go to AWS IoT > Security > Certificates, click Create certificate.
Figure 1: Go to create certificates
d. Configure certificate parameters and click Create.
Figure 1: Configure parameters
e. Download the certificate and key files. Click Continue.
Figure 1: Download the certificate and key files
f. In the Certificates list, click the Certificate ID created in the previous step to enter the certificate details page.
Figure 1: Certificate details
g. Click Attach policies to add the created AWS IoT policy for the certificates.
Figure 1: Attach policies
h. Add the certificates to the Field Test Data Processor extension.
Figure 1: Add certificates
-
Uplink Topic: To receive the uplink data from AWS IoT, you need to create a destination that will process the uplink data to this uplink topic.
a. To create a destination. Go to AWS IoT > Manage > LPWAN devices > Destination, click Add destination.
Figure 1: Create a destination
b. Assign the created destination to your Field tester device.
Figure 1: Assign the destination to your device.png
c. Configure the uplink topic.
Figure 1: Uplink topic
-
Downlink Topic: To send downlink messages to a Field Tester device, you need to create a Lambda function.
a. To create a Lambda function. Go to the AWS Lambda console and click Create function.
b. Configure the function name and runtime.
Figure 1: Create Lambda function
c. Copy the following Python code into the Code source and click Deploy.
import json
import boto3
import base64
import codecs
import binascii
client = boto3.client("iotwireless")
def lambda_handler(event, context):
print(event)
device_id = event["deviceID"]
data = event["data"]
fPort = event["fPort"]
client.send_data_to_wireless_device(TransmitMode=0,
Id=device_id,
WirelessMetadata={
"LoRaWAN": {"FPort": fPort}},
PayloadData=data)
return {
'statusCode': 200,
'body': json.dumps('Hello from Lambda!')
}Figure 1: Add Python code
d. Create a message routing rule in AWS IoT to subscribe the downlink topic and call this Lambda Function to process the downlink message. Go to AWS IoT > Message routing > Rules and click Create rule.
e. Follow the steps in the following figure to create the message routing rule. Then click Create.
Figure 1: Specify rule properties
Figure 1: Configure SQL statement
Figure 1: Attach rule actions
Figure 1: Review and create
f. Configure the downlink topic.
Figure 1: Downlink topic
- To save the changes, click Save changes.
- Click the Device Overview tab to view the Field Tester devices and the collected data.

- Optional: Click Show Data to view the detailed device data.

- Optional: Click Export to download the data report for local viewing.
Only data reports for labeled devices can be exported.
Failover Reboot
The Failover Reboot tool periodically checks the status of all enabled network links (LTE / Ethernet / Wi-Fi) of the gateway. Once it detects that all network links are offline, it will try to restore network connectivity by rebooting LTE module or gateway with failover.
The following is the logic diagram of the Failover Reboot extension.

- This extension is only compatible with WisGateOS 2 2.2 and later.
- The gateway can be rebooted up to five times.
Install the Failover Reboot Extension
To install the extension, follow the steps in How to Add an Extension.
Configure the Failover Reboot Extension
- To access the Failover Reboot extension, click Launch.

- In the configuration page, enable the Failover Reboot service and set the Check Interval.

- Enable Service: the Failover Reboot service
- Check Interval: time interval for checking the network status, in minutes
- To save the changes, click Save changes.