I have SenseCAP M2 LoRaWAN Indoor Gateway and I want to connect to the console using Putty SSH. I have connected the Gateway to my network and both are in the same segment.
I am trying to SSH into the console using IP address and port 22 using Putty. It returns “Network error: connection refused”.
Question:
How do I enable port 22 on the Gateway so it can allow login to the console using Putty?
I got it streight from Seeed that it is not possable to ssh in why dont you go in thru http?
@cgwaltney I understand. By the term “thru http” do you mean root@ipaddress? This way it also refuses. Or did you mean some other way?
use a web browser and type in the ip address
the source code is not open, it is closed because it is based on Helium and it is closed source for security reasons
This is the upgrade and usage tutorial of the open source firmware. You can send an application for browsing permission and I will review it for you.
Application for browsing permission sent. Please approve.
Approved, please check it again.
Got it 
.
I am able to see the console via USB C using Putty Serial, 57600 baud rate. But I am not able to connect M2’s IP over SSH port 22, it says connection refused. My Senscap IP address is correct and I am able to ping it. While attempting to SSH, it says “connection refused”. Am I missing something?
I did not flash M2 yet, do not wish to do it and retain original firmware. Is it necessary for me to flash new firmware EU868 to be able to connect via SSH and to customise openWRT?
Yes, you need to flash the opensource firmware first and then you are able to ssh it.
Hi I would like to have access to the open source firmware. I sent an application. Please approve.
Thanks
Ben
The original firmware on the M2 might have SSH disabled by default, which is why you’re seeing connection refused on port 22. Flashing it with new firmware like EU868 might enable SSH, but if you’re keen to keep the original firmware, check if there’s an option to enable SSH in the device settings or through the console.
the stock M2 device does not allow ssh because the firmware is propritory… (closed source) I got this from Seeed… this person (lee) said they developed an (Open Source) firmware
It’s possible to have access to the official m2 gateway firmware to restore the gateway ?
Thanks,
Ben
Ok. Thank you for the suggestions. Still working on it.
@Lee can you provide the official m2 gateway firmware (4G EU868) please ?
Hi @benat, sorry to keep you waiting so long. Lee is on holiday these days, you can communicate with [email protected] about the firmware.
Hello,
I find it surprising that I cannot launch the openvpn client because “start” does not launch the vpn client despite having deposited .ovpn which was checked on another machine?
However OpenVpn is indeed on the original firmware…
Did I miss something?
I made a request on the drive link because I want to activate ssh on my sensecap M2 -4G EU868 wanting to create a VPN tunnel between my Openvpn server and the gateway but I see a message in the openvpn menu of the sensecap gateway: Insufficient permissions to read UCI configuration.
I see that I do not have ssh access and that on the interface with admin without a password, I do not have access so do I really need to flash the sensecap M2 or can I have a procedure without flashing it. In the event that it is flashed, do we keep the same base so if I make a backup of my current configuration, can I restore it?
Also do we keep all our LORAWAN keys from the gateway?
I guess for the firmware it’s this link: Flash Opensource Firmware to M2 Gateway | Seeed Studio Wiki
thank you in advance.
Christopher
Hello, I come back to let you know that I was able to launch the OpenVPN client in TCP without flashing, I have not tried in UDP but it must be possible.
So the gateway works fine with “start” without flashing it in the OpenVPN menu.
In fact the certificate created was corrupt? It was by using a valid certificate that I used with my PC that I was able to verify it.
Also why use OpenVPN on my gateway which is 4G, because quite simply there is no fixed IP on the mobile network of general public plans in France in any case and above all impossible to ping because GC-NAT therefore impossible to take control of it either except with OpenVPN.
Otherwise, it transfers UDP packets to the chirpstack server without OpenVPN in dynamic IP in 4G, this does not pose a problem because it sends to chirpstack on a fixed public IP in my case.
Also access to the web server is therefore impossible without creating a VPN tunnel which makes it possible to create a virtual fixed IP therefore always accessible, provided that the PC is also in this OpenVPN network, for my part I set up an OpenVPN server to have a continuous active link for other uses which can also explain a more significant 4G consumption, because with only the gateway I was more towards 2.3 GB per month of data consumption.
FYI:
I estimated around 4.59 GB of monthly consumption data in 4G with a constant VPN tunnel and with a gateway power consumption of 1.8 watts or around 45w per day or 1350w monthly.
VPN enabled:
Uptime: 2h 21m 43s
RX: 11.09 MB (35679 Pkts.)
TX: 4.74 MB (29450 pkts.)
openwrt-21.02.0-ramips-mt76x8-sensecap_wm7628n-squashfs-sysupgrade-EU868-4G.bin
https://github.com/Seeed-Solution/LoRa_Gateway_OpenWRT/releases/download/v1.0.0/openwrt-21.02.0-ramips-mt76x8-sensecap_wm7628n-squashfs-sysupgrade-EU868-4G.bin
Now, regarding ssh, I found the info, you have to flash the gateway.
But do we keep all our LORAWAN “Gateway EUI” keys? we can assume…
Questions
For those interested, here is a little diagram to better visualize the operating principle.
As you see I use an OpenVPN server so I had to add sudo nano /etc/openvpn/server.conf and add this line so that the clients can communicate with each other : client-to-client
port 1800
proto tcp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
client-to-client 
server 10.7.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “dhcp-option DNS 192.168.1.250”
push “dhcp-option DNS 1.1.1.1”
push “redirect-gateway def1 bypass-dhcp”
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
