SenseCAP M2 LoRaWAN Gateway - How to ssh into console

Products & Technology SenseCAP
21

Has anyone been able to perform this firmware update on an Outdoor Gateway? I’d like to remove the cellular modem and install a HaLow radio. Also swap out the LoRa chip with one that has GPS on it.

I like the box and the board but want to do some custom stuff with it.

22

Hello, could you share your openvpn client configuration file ?
I’m trying to set-up OpenVpn on my SensCap M2 running OS 0.9.6-7.
The OpenVPN server is a freebox which is configured as OpenVPN TCP server with certificate authentication. config.ovpn file looks like this :

client
remote SERVER_IP 44875
proto tcp-client
nobind
dev-type tun

pull
dev tun0
redirect-gateway
auth-user-pass
auth-retry interact
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server a7beac99791055daf5bbe7fe697389e3"
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>

I’ve upload the configuration and used “edit” to provide the auth-user-pass file’s content.
But when I click start, the status goes back to “Started NO” and there is no log for the VPN part so I do not know what’s wrong …
I’ve attached a terminal to the serial console but there is nothing related to openvpn, just plain kernel boot messages …
Any hints ?

23

Hi there,

And Welcome here…

So I recall an openVpn thing to Leave out the cert blocks and see if it starts the service, often it’s a goofy malformed cert options. I have had that happen on embedded only systems, where they released test code as custom and never added the cert options or something?

OK… So go try this stuff… Some embedded systems fail unless ‘dev tun’ is used instead of tun0 or tun1’

Here is the full AI monty… :grin: :+1:

:white_check_mark: Checklist for OpenVPN on SensCap M2 (OS 0.9.6-7)

1. Ensure OpenVPN is Actually Running on M2

  • First, SSH into the SensCap M2 (or use the serial terminal if SSH isn’t available).
  • Run:
ps | grep openvpn

If it’s not showing up, the service may not be starting at all due to a config error.

2. Check if Config is Being Parsed Correctly

  • Confirm the config.ovpn is correctly placed in the /etc/openvpn/ or the expected UI-configured location.
  • Try running OpenVPN manually for better error output:
openvpn --config /path/to/your/config.ovpn

This will often tell you exactly where the problem is — malformed certs, bad options, missing files, etc.

3. Common Issues:

  • Incorrect format or encoding of <ca>, <cert>, <key> blocks
    Make sure there are no hidden characters, mismatched BEGIN/END lines, or extra spaces.
  • auth-user-pass input handling:
    If you edited this via the GUI, ensure the content was saved correctly to a file and referenced in the .ovpn file as:
auth-user-pass /etc/openvpn/credentials.txt
  • Missing or incorrect dev tun0 setup:
    Some embedded systems fail unless dev tun is used instead of tun0. Try replacing:
dev-type tun
dev tun0

with just:

dev tun
  • TCP Mode compatibility issue:
    Some OpenVPN clients default to UDP mode. Your config correctly uses:
proto tcp-client

Just ensure the Freebox allows this specific TCP connection from the WAN.

:test_tube: Debugging Tip:

Since OpenVPN logs aren’t showing up in the console:

  • Run this from serial or SSH:
logread | grep openvpn

or

cat /var/log/messages | grep openvpn

(Depending on log system used)

If logging is suppressed due to the OpenVPN service not starting at all, try launching manually as mentioned above to capture the errors.

:bulb: Suggestion:

If the Freebox OpenVPN server is working with other clients (Windows, Linux, etc.) — then the config is likely okay. The issue is probably:

  • M2 firmware not supporting inline <extra-certs> properly (try removing that block temporarily)
  • Incorrect handling of auth-user-pass in UI

Give that a go and come back let us know what you find :crossed_fingers:

HTH
GL :slight_smile: PJ :v:

24

I saw this one?

Maybe test it first…

client
dev tun
proto tcp-client
remote YOUR_SERVER_IP 44875
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3

# Authentication
auth-user-pass /etc/openvpn/credentials.txt

# Certificates
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key

GL :slight_smile: PJ :v:

Place these files in the OpenVPN config directory, typically /etc/openvpn/ or the M2 GUI-synced path:

  • client.conf ← (the config file above)
  • ca.crt ← Your CA certificate
  • client.crt ← Your personal/client certificate
  • client.key ← Your private key
  • credentials.txt ← Your username + password (2 lines):
yourusername
yourpassword

:warning: You must not use <ca>, <cert>, <key> inline blocks in embedded Linux configs unless explicitly supported — they often break OpenVPN startup on resource-limited UIs like SensCap’s.

If you can SSH or use serial:

openvpn --config /etc/openvpn/client.conf

This will output real-time logs and show any certificate or auth errors directly.

25

Hi, thanks a lot for the detailed information. I’m sure it will help :slight_smile:
But I’m facing a stupid issue :

  • SSH is not allowed on WAN/LAN
  • On the USB serial I only have access to boot & kernel logs , I cannot get a shell. I’m sure I’m missing a stupid thing but so far I’m not able to figure out which one :frowning: Any hints on how to get a login shell using the serial console ?