proxy70

# CONNECTING TO AARHUS UNIVERSITY EDUROAM WITH WPA_SUPPLICANT 

Eduroam is an international Wi-Fi roaming service that provides network
access to university staff and visitors from other universities.
Aarhus University provides instructions on connecting to eduroam via
iOS/Android/Windows/Mac and a Python install script for Linux.  In this
post, I will explain how users of BSD or Linux can set up eduroam
connectivity manually.


## Preparing the system

First, install wpa_supplicant, which is the only prerequisite.  Your
system might already have it installed for authenticating with ordinary
Wi-Fi networks.  WPA supplicant supports many different authentication
methods, and the configuration must be correct for the connection to
succeed.  On OpenBSD, install and enable the wpa_supplicant daemon with:

	# pkg_add wpa_supplicant
	# rcctl enable wpa_supplicant

On Gentoo Linux with OpenRC, the equivalent procedure is:

	# emerge net-wireless/wpa_supplicant
	# rc-update add wpa_supplicant default

Next, save the self-signed Aarhus University PEM certificate to the
file /etc/ssl/au-eduroam-cert.pem.  I extracted this key file from the
official Python installer.

	-----BEGIN CERTIFICATE-----
	MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
	MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
	OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
	cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
	AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
	4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
	XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
	JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
	M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
	5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
	MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
	r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
	QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
	/soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
	y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
	DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
	FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
	sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
	hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
	MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
	v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
	FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
	fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
	5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
	JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
	Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
	tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
	+jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
	-----END CERTIFICATE-----


## Option 1: Configuring wpa_supplicant manually

If your system _does not_ use Network Manager, you must configure
wpa_supplicant directly.  Open (or create)
/etc/wpa_supplicant/wpa_supplicant.conf.  At minimum, it should
contain the following configuration of the eduroam network.  You
can also add other Wi-Fi networks here.

	ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
	disable_scan_offload=1
	update_config=1
	autoscan=periodic:10
	network={
		ssid="eduroam"
		key_mgmt=WPA-EAP
		eap=TTLS PEAP
		identity="auNNNNNN@uni.au.dk"
		password="YOURPASSWORD"
		ca_cert="/etc/ssl/au-eduroam-cert.pem"
		phase2="auth=MSCHAPV2"
		mesh_fwding=1
		frequency=5200
	}

The ctrl_interface line may look different on your system.  Make sure
to edit the identity and password values according to your AU ID.

Next, make sure that other users cannot read the contents of the file:

	# chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
	# chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf

On OpenBSD, associate wpa_supplicant with the network interface.  In the
following command, change "iwm0" to your wifi device name:

	# rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant.conf -s -D openbsd -i iwm0

It is now time to start the wpa_supplicant service:

	# rcctl start wpa_supplicant		# OpenBSD
	# rc-service wpa_supplicant start	# Gentoo (OpenRC)

You should now be connected to the Aarhus University eduroam network.
In case of problems, you can stop the wpa_supplicant daemon and manually
launch it with debugging messages enabled (-d):

	# wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf


## Option 2: Using Network Manager

If your system uses Network Manager to configure networking, connect to
the eduroam wifi with the following configuration:

	gopher://adamsgaard.dk/I/tmp/eduroam-network-manager.png