Bootstrap using Air for Cellular

When bootstrapping, a Virtual SIM will be created which will incur an initial fee. In addition, the Virtual SIM will incur a monthly service fee until the Virtual SIM is terminated. Refer to the Pricing & Fee Schedule for more information.

When bootstrapping with cellular, Soratun will use the cellular connection provided by Soracom Air for Cellular to securely authorize a call to the Soracom Krypton bootstrapArc API to create a Virtual SIM.

You can use this method to streamline the process of creating a Virtual SIM by performing the following bootstrap steps when your device is initialized, without having to create Virtual SIMs one by one and using a separate process to install Soratun configuration files on each device.

This method will create a Subscription Container Virtual SIM which will be attached to the IoT SIM.

Because authorization is provided through the Soracom Air cellular connection, there is no need to store additional credentials on your device.

Requirements

Your device should have:


Enabling Soracom Krypton

In addition to Virtual SIM initial and monthly fees, enabling Krypton in order to use the cellular bootstrapping method will incur Krypton fees. Refer to the Pricing & Fee Schedule for more information.

  1. Refer to the Groups: Basic Usage documentation to create a new Group.

  2. Once you have created a group, click the name of the group. From the Basic Settings tab, click the SORACOM Krypton panel to expand its settings. Then enable Krypton by switching the option to ON, and click the Save button.

  3. Last, refer to the Groups: Basic Usage documentation to add your IoT SIM to the group.

Bootstrapping a Device

  1. Start the bootstrap process:

    soratun bootstrap cellular --config /path/to/arc.json

    The --config flag will allow you to specify where the Soratun configuration file will be saved on the device. If left unspecified, the configuration file will be saved in a file arc.json in the current directory.

    When bootstrapping using the cellular connection, your device must connect to Krypton using its Soracom Air cellular connection. If your device has additional network interfaces (such as Wi-Fi or ethernet) and encounters any errors during the bootstrap process, check that your device is sending its network traffic over the cellular interface.

    If Soratun is able to successfully create a Virtual SIM, you will see a response indicating that Soratun configuration file was successfully saved to the file path specified:

    >Virtual subscriber SIM ID: 8900000000012345678
    >Created/updated configuration file: /path/to/arc.json

Bootstrapping is now complete. With the Soratun configuration file successfully created, you can proceed to the Connecting to Soracom section below to activate the WireGuard connection and connect to Soracom.

If you prefer to use a different WireGuard client, refer to the Command Reference section for details about the Soratun configuration file.

Subsequent Bootstrapping

If you reset a Virtual SIM's session from the User Console or Soracom API/CLI, bootstrapping again allows your device to update its Arc connection information. By specifying the same configuration path (such as /path/to/arc.json), Soratun will skip creating a new Virtual SIM and will instead only update the session information (specified in the arcSessionStatus section of the Soratun configuration file).

Because the cellular bootstrapping method creates a Subscription Container Virtual SIM, specifying a different Soratun configuration file path will not result in the creation of a new Virtual SIM. Instead, the latest session information will simply be saved in the new Soratun configuration file location.

However, if you change the IoT SIM in your device and subsequently perform cellular bootstrapping again, a new Subscription Container Virtual SIM will be created for the new IoT SIM, and its Soratun connection file saved to the specified file path accordingly.


Connecting to Soracom

Before using soratun to connect to Soracom, check your device's network interfaces and routing configuration. If your device is configured with a default gateway to send all traffic using the cellular interface, this will cause the Arc connection to be routed over the cellular connection.

If you intend to use a different network connection (such as Wi-Fi or ethernet) for the Arc connection, either disable your device's cellular interface before enabling the Arc connection, or ensure that your device's default gateway is configured to use an appropriate network interface other than the cellular interface.

To connect to Soracom, run soratun up while specifying the Soratun configuration file:

sudo soratun up --config /path/to/arc.json

Alternatively, if you have installed Soratun as a systemd service, you can start the Soratun daemon:

sudo systemctl start soratun

Then you can being accessing Soracom platform services:

curl -X POST \
  -d 'Hello world!' \
  http://harvest.soracom.io

When Soratun activates the WireGuard connection, Soratun will use the arcAllowedIPs and additionalAllowedIPs parameters in the Soratun configuration file to create network routes and route traffic via the Arc connection. By default:

  • arcAllowedIPs will contain 100.127.0.0/16, as returned from Arc to the device during bootstrapping.
  • additionalAllowedIPs will be empty, however you can specify additional IP address ranges in order to route additional traffic over the Arc connection.

Note that if a network route for the IP address range already exists, it will be overwritten.