Skip to main content

Convert WiFi Networks



The network conversion process activates Passpoint-enabled hardware for cellular network data transfer on Helium. In the cellular industry, these are known as 'Brownfield' deployments – where existing hardware is configured to operate a new network. Converted networks continue to work with existing SSIDs. The Helium Network configurations are additive to other configurations and do not impact existing network function.

Using existing infrastructure reduces costs, making it a practical solution for venue owners. When deciding between deploying a new Hotspot (Greenfield) or converting an existing network, consider Proof of Coverage rewards, deployment costs, and coverage needs. Both options can complement each other in the Helium Mobile network.

Getting Started

For compatible networks, integrating with Helium Mobile is simple. Start by reviewing the manufacturer-specific guides:

Or refer to the generic deployment reference for guidance with other manufacturers:

Deployment Requirements

Existing WiFi networks must have Passpoint-enabled access points, which are typically supported by manufacturers like Ubiquiti, Cisco, and Aruba. Additionally, these access points need to integrate with the Helium MOBILE Network to handle traffic and qualify for data transfer rewards. This integration involves network-level configurations for authentication, authorization, and accounting.

Enterprise Network Considerations

Fleets are characterized on Helium with a public on-chain key which is paired with the RADIUS certificates. The entities created from the self-serve tooling expect each pubkey/cert pair to be attached to a single NAS-ID. Via the Helium Plus program, multiple NAS-IDs may be onboarded to a single certificate set.

RadSecProxy Deployment options

RADIUS is a UDP protocol meant for use inside an operators secure network. RADIUS in standard form is not meant to traverse the open internet as this would expose private user identity data to the open internet. To address this the industry created a RADIUS over TLS protocol called RadSec. Using RadSec RADIUS contents are encrypted and packaged into a TCP session which makes it suitable to traverse the open internet safely.

If your WiFi OEM does not natively support RadSec in the network you want to convert, deployers must choose one of two main options:

  • Deploy local RadSecProxy within the deployer controlled secure domain
  • Establish a secure IPsec VPN to the Helium hosted cloud RadSecProxy instance

More details about RadSecProxy can be found here.