t015-au-eduroam.html - adamsgaard.dk - my academic webpage
(HTM) git clone git://src.adamsgaard.dk/adamsgaard.dk
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
t015-au-eduroam.html (5486B)
---
1 <p><a href="https://en.wikipedia.org/wiki/Eduroam">Eduroam</a> is an international Wi-Fi roaming service that provides network access to university staff and visitors from other universities.
2 Aarhus University provides <a href="https://eduroam.au.dk/">instructions on connecting</a> to eduroam via iOS/Android/Windows/Mac and a Python install script for Linux.
3 In this post, I will explain how users of BSD or Linux can set up eduroam connectivity manually.</p>
4
5 <h2>Preparing the system</h2>
6 <p>First, install <a href="https://w1.fi/wpa_supplicant/">wpa_supplicant</a>, which is the only prerequisite.
7 Your system might already have it installed for authenticating with ordinary Wi-Fi networks.
8 WPA supplicant supports many different authentication methods, and the configuration must be correct for the connection to succeed.
9 On OpenBSD, install and enable the wpa_supplicant daemon with:
10 </p>
11
12 <pre><code># pkg_add wpa_supplicant
13 # rcctl enable wpa_supplicant</pre></code>
14
15 <p>On Gentoo Linux with OpenRC, the equivalent procedure is:
16
17 <pre><code># emerge net-wireless/wpa_supplicant
18 # rc-update add wpa_supplicant default</pre></code>
19
20 <p>Next, save the self-signed Aarhus University PEM certificate to the file
21 <a href="https://adamsgaard.dk/tmp/au-eduroam-cert.pem">/etc/ssl/au-eduroam-cert.pem</a>.
22 I extracted this key file from the official Python installer.
23 </p>
24
25 <pre><code>-----BEGIN CERTIFICATE-----
26 MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
27 MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
28 OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
29 cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
30 AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
31 4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
32 XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
33 JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
34 M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
35 5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
36 MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
37 r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
38 QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
39 /soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
40 y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
41 DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
42 FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
43 sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
44 hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
45 MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
46 v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
47 FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
48 fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
49 5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
50 JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
51 Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
52 tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
53 +jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
54 -----END CERTIFICATE-----</pre></code>
55
56 <h2>Option 1: Configuring wpa_supplicant manually</h2>
57 <p>If your system <b>does not</b> use Network Manager, you must configure wpa_supplicant directly.
58 Open (or create) /etc/wpa_supplicant/wpa_supplicant.conf.
59 At minimum, it should contain the following configuration of the eduroam network.
60 You can also add other Wi-Fi networks here.</p>
61
62 <pre><code>ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
63 disable_scan_offload=1
64 update_config=1
65 autoscan=periodic:10
66
67 network={
68 ssid="eduroam"
69 key_mgmt=WPA-EAP
70 eap=TTLS PEAP
71 identity="auNNNNNN@uni.au.dk"
72 password="YOURPASSWORD"
73 ca_cert="/etc/ssl/au-eduroam-cert.pem"
74 phase2="auth=MSCHAPV2"
75 mesh_fwding=1
76 frequency=5200
77 }</pre></code>
78
79 <p>The <b>ctrl_interface</b> line may look different on your system.
80 Make sure to edit the <b>identity</b> and <b>password</b> values according to your AU ID.</p>
81
82 <p>Next, make sure that other users cannot read the contents of the file:</p>
83
84 <pre><code># chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
85 # chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf</pre></code>
86
87 <p>On OpenBSD, associate wpa_supplicant with the network interface.
88 In the following command, change "iwm0" to your wifi device name:</p>
89
90 <pre><code># rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant.conf -s -D openbsd -i iwm0</code></pre>
91
92 <p>It is now time to start the wpa_supplicant service:</p>
93
94 <pre><code># rcctl start wpa_supplicant # OpenBSD
95 # rc-service wpa_supplicant start # Gentoo (OpenRC)</code></pre>
96
97 <p>You should now be connected to the Aarhus University eduroam network.
98 In case of problems, you can stop the wpa_supplicant daemon and manually launch it with debugging messages enabled (-d):</p>
99
100 <pre><code># wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf</code></pre>
101
102 <h2>Option 2: Using Network Manager</h2>
103 If your system uses Network Manager to configure networking, connect to the eduroam wifi with the following configuration:</p>
104
105 <figure class="pagefigure">
106 <img src="img/eduroam-network-manager.png"
107 alt="Aarhus University eduroam configuration in Network Manager"
108 class="pageimg"/>
109 <figcaption>
110 Fig. 1: Aarhus University eduroam configuration in Network Manager.
111 </figcaption>
112 </figure>