Unable to retrieve LNS credentials using CUPS using TTS with custom certificates

Hello all,

I am trying to connect a Multitech Conduit (MLinux, version 5.3.0) to The Things Stack (v3). I have managed to connect the gateway to TTS using the ttn-packet-forwarder, and it works perfectly fine. Now, I’d like to try get the gateway connecting using Basics Station. I am having an issues with getting CUPS to retrieve the LNS credentials.

At the moment this is just for testing purposes, so I am running TTS as localhost (so I have removed ports 80 and 443 from docker-compose.yml and added “1885:1885”, “8885:8885”, and appended the port to the static ip of my server in ttn-lw-stack-docker.yml). I am also using custom certificates, and have generated a key.pem, cert.pem, and ca.pem using the instructions provided here: Certificates | The Things Stack for LoRaWAN

To connect using Basics Station, on the TTS end, I modified the registered gateway to add a CUPS and an LNS API key giving the permissions requested in the instructions, and configured CUPS to send the LNS API key.

On the gateway, I did a clean install of the gateway and installed Basics Station using the instructions provided in the “Installation on MTCDT/MTCAP” of this page: MultiTech Developer Resources » Running Basic Station on Conduit

I then populated the /var/config/lora folder of the gateway with the cups.key, cups.trust, cups.uri, and station.conf, with the following format:

cups.key: “Authorization: Bearer {CUPS_API_KEY}”
cups.trust: “{SAME_AS_ca.pem_ON_THE_LNS}”
cups.uri: “https://{IP_ADDRESS_OF_LNS}:8887”
station.conf: "{"SX1301_conf: {standard channel allocation for EU868},
“gateway_conf: {
“forward_crc_disabled”: false,
“forward_crc_error”: true,
“forward_crc_valid”: true,
“gateway_ID”: “{GATEWAY_ID_ON_LNS}”,
“keepalive_interval”: 10,
“push_timeout_ms”: 100,
“serv_port_down”: 20000,
“serv_port_up”: 20000,
“server_address”: “{IP_ADDRESS_OF_LNS}”,
“stat_interval”: 30,
“autoquit_threshold”: 60
}
}”

However, when I run the basics station, CUPS never retrieves the LNS API key, though the debug information is rather lacking:

2021-03-18 10:27:45.020 [SYS:INFO] Logging : stderr (maxsize=10485760, rotate=3)
2021-03-18 10:27:45.021 [SYS:INFO] Station Ver : 2.0.3(mlinux/std) 2020-03-11 15:07:03
2021-03-18 10:27:45.022 [SYS:INFO] Package Ver : (null)
2021-03-18 10:27:45.024 [SYS:INFO] proto EUI : 0:8:4a:ab80 (/sys/class/net/eth0/address)
2021-03-18 10:27:45.024 [SYS:INFO] prefix EUI : ::1 (builtin)
2021-03-18 10:27:45.024 [SYS:INFO] Station EUI : 8:ff:fe4a:ab80
2021-03-18 10:27:45.024 [SYS:INFO] Station home: ./ (builtin)
2021-03-18 10:27:45.024 [SYS:INFO] Station temp: /var/tmp/ (builtin)
2021-03-18 10:27:45.227 [TCE:INFO] Starting TC engine
2021-03-18 10:27:45.228 [TCE:ERRO] No TC URI configured
2021-03-18 10:27:45.228 [CUP:INFO] Starting a CUPS session in 0 seconds.
2021-03-18 10:27:45.229 [TCE:INFO] INFOS reconnect backoff 0s (retry 0)
2021-03-18 10:27:45.229 [CUP:INFO] Starting a CUPS session now.
2021-03-18 10:27:45.229 [CUP:INFO] Connecting to CUPS ... https://{IP_ADDRESS_OF_LNS}:8885 (try #1)
2021-03-18 10:27:45.233 [any:INFO] cert. version : 3
serial number : 73:B4:31:F6:A8:66:E3:84:E8:16:62:71:A6:97:76:24:C3:87:00:3D
issuer name : C=NL, ST=Noord-Holland, L=Amsterdam, O=The Things Demo
subject name : C=NL, ST=Noord-Holland, L=Amsterdam, O=The Things Demo
issued on : 2021-03-12 10:43:00
expires on : 2026-03-11 10:43:00
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2021-03-18 10:27:45.233 [AIO:INFO] cups has no cert configured - running server auth and client auth with token
2021-03-18 10:27:45.280 [TCE:ERRO] No TC URI configured
2021-03-18 10:27:45.282 [TCE:INFO] INFOS reconnect backoff 10s (retry 1)
2021-03-18 10:27:46.272 [CUP:INFO] Interaction with CUPS failed - retrying in 1m
2021-03-18 10:27:55.284 [TCE:ERRO] No TC URI configured
2021-03-18 10:27:55.284 [TCE:INFO] INFOS reconnect backoff 20s (retry 2)

I installed Basics Station on my laptop and tried running it locally, and got the same issue but with a bit more information:

2021-03-18 11:10:29.385 [SYS:INFO] Logging : stderr (maxsize=10000000, rotate=3)
2021-03-18 11:10:29.385 [SYS:INFO] Station Ver : 2.0.5(linux/std) 2021-03-17 13:24:33
2021-03-18 11:10:29.385 [SYS:INFO] Package Ver : 1.0.0
2021-03-18 11:10:29.385 [SYS:INFO] proto EUI : 0:242:fc72:bf64 (/sys/class/net/br-c39b1fdb300d/address)
2021-03-18 11:10:29.385 [SYS:INFO] prefix EUI : ::1 (builtin)
2021-03-18 11:10:29.385 [SYS:INFO] Station EUI : 242:fcff:fe72:bf64
2021-03-18 11:10:29.385 [SYS:INFO] Station home: ./ (builtin)
2021-03-18 11:10:29.385 [SYS:INFO] Station temp: /var/tmp/ (builtin)
2021-03-18 11:10:29.586 [TCE:INFO] Starting TC engine
2021-03-18 11:10:29.586 [TCE:ERRO] No TC URI configured
2021-03-18 11:10:29.586 [CUP:INFO] Starting a CUPS session in 0 seconds.
2021-03-18 11:10:29.586 [TCE:INFO] Router rejected or retry limit reached. Invoking CUPS.
2021-03-18 11:10:29.586 [TCE:INFO] Terminating TC engine
2021-03-18 11:10:29.586 [CUP:INFO] Starting a CUPS session now.
2021-03-18 11:10:29.586 [CUP:INFO] Connecting to CUPS ... https://{IP_ADDRESS_OF_LNS}:8885 (try #1)
2021-03-18 11:10:29.586 [any:INFO] ./cups.trust:
cert. version : 3
serial number : 73:B4:31:F6:A8:66:E3:84:E8:16:62:71:A6:97:76:24:C3:87:00:3D
issuer name : C=NL, ST=Noord-Holland, L=Amsterdam, O=The Things Demo
subject name : C=NL, ST=Noord-Holland, L=Amsterdam, O=The Things Demo
issued on : 2021-03-12 10:43:00
expires on : 2026-03-11 10:43:00
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=true
key usage : Key Cert Sign,2021-03-18 11:10:29.586 [AIO:INFO] cups has no cert configured - running server auth and client auth with token
2021-03-18 11:10:29.632 [CUP:VERB] Retrieving update-info from CUPS https://{IP_ADDRESS_OF_LNS}:8885...
2021-03-18 11:10:29.686 [AIO:ERRO] [3] Send failed: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
2021-03-18 11:10:29.686 [AIO:DEBU] [3] HTTP connection shutdown...
2021-03-18 11:10:29.686 [CUP:INFO] Interaction with CUPS failed - retrying in 1s
2021-03-18 11:10:29.686 [TCE:INFO] Starting TC engine
2021-03-18 11:10:29.686 [TCE:ERRO] No TC URI configured
2021-03-18 11:10:29.686 [TCE:INFO] Router rejected or retry limit reached. Invoking CUPS.
2021-03-18 11:10:29.686 [TCE:INFO] Terminating TC engine
2021-03-18 11:10:29.686 [CUP:INFO] Starting a CUPS session in 1 seconds.
2021-03-18 11:10:30.687 [CUP:INFO] Starting a CUPS session now.

So it looks like my configuration of CUPS is incorrect. Could anyone verify for me if the cups.x files I am using are correct?
Or if there are any other mistakes I have made in the configuration?

No CUPS server available for v3???

There isn’t? I thought this documentation was all relevant for v3:

https://www.thethingsindustries.com/docs/gateways/lora-basics-station/cups/

Which would imply that CUPS can be used with it?

The TTIG isn’t able to be migrated to TTNv3 so I think that implies CUPS is not ready for TTNv3 yet.

Plus all the reject messages in your logs above.

I’m not saying, I’m suggesting. Perhaps some searching of the forum?

Ahh I see, I figured that that issue was related to the TTIG specifically connecting to TTNv3, I didn’t realise it was also the case when I’m running my own Things Stack locally.

For others with a similar issue, here’s an explanation of it:

However, I did see some others who are using the Multitech Conduit, who do have issues but have managed to get CUPS working correctly? (though they are using a different version of the gateway):

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.