tadd au-eduroam post - adamsgaard.dk - my academic webpage

git clone git://src.adamsgaard.dk/adamsgaard.dk

Log

Files

Refs

README

LICENSE

---

commit d39d87607186e35cc48b3d23eb51b2a686b29a45

parent 1e568091cc63d3a16a553772d8b74d8d044a5677

Author: Anders Damsgaard 

Date:   Tue, 15 Nov 2022 16:25:55 +0100

add au-eduroam post

Diffstat:
  A pages/015-au-eduroam.cfg            |       8 ++++++++
  A pages/015-au-eduroam.html           |     112 +++++++++++++++++++++++++++++++
  A pages/015-au-eduroam.txt            |     116 ++++++++++++++++++++++++++++++

3 files changed, 236 insertions(+), 0 deletions(-)
---

diff --git a/pages/015-au-eduroam.cfg b/pages/015-au-eduroam.cfg

t@@ -0,0 +1,8 @@
+filename=au-eduroam.html
+title=Connecting to Aarhus University eduroam with wpa_supplicant
+description=Connect to the cross-university wifi-network eduroam from BSD or Linux
+id=new-homepage
+tags=linux, openbsd, wifi, eduroam, wpa_supplicant
+created=2022-11-15
+updated=2022-11-15
+#index=0

diff --git a/pages/015-au-eduroam.html b/pages/015-au-eduroam.html

t@@ -0,0 +1,112 @@
+
Eduroam is an international Wi-Fi roaming service that provides network access to university staff and visitors from other universities.
+Aarhus University provides instructions on connecting to eduroam via iOS/Android/Windows/Mac and a Python install script for Linux.
+In this post, I will explain how users of BSD or Linux can set up eduroam connectivity manually.
+
+
Preparing the system
+
First, install wpa_supplicant, which is the only prerequisite.
+Your system might already have it installed for authenticating with ordinary Wi-Fi networks.
+WPA supplicant supports many different authentication methods, and the configuration must be correct for the connection to succeed.
+On Gentoo Linux, install and enable the wpa_supplicant daemon with:
+
+
+
# pkg_add wpa_supplicant
+# rcctl enable wpa_supplicant
+
+
On Gentoo Linux with OpenRC, the equivalent procedure is:
+
+
# emerge net-wireless/wpa_supplicant
+# rc-update add wpa_supplicant default
+
+
Next, save the self-signed Aarhus University PEM certificate to the file
+/etc/ssl/au-eduroam-cert.pem.
+I extracted this key file from the official Python installer.
+
+
+
-----BEGIN CERTIFICATE-----
+MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
+MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
+OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
+cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
+4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
+XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
+JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
+M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
+5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
+MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
+r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
+QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
+/soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
+y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
+DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
+FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
+sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
+hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
+MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
+v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
+FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
+fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
+5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
+JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
+Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
+tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
++jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
+-----END CERTIFICATE-----
+
+
Option 1: Configuring wpa_supplicant manually
+
If your system does not use Network Manager, you must configure wpa_supplicant directly.
+Open (or create) /etc/wpa_supplicant/wpa_supplicant.conf.
+At minimum, it should contain the following configuration of the eduroam network.
+You can also add other Wi-Fi networks here.
+
+
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+disable_scan_offload=1
+update_config=1
+autoscan=periodic:10
+
+network={
+        ssid="eduroam"
+        key_mgmt=WPA-EAP
+        eap=TTLS PEAP
+        identity="auNNNNNN@uni.au.dk"
+        password="YOURPASSWORD"
+        ca_cert="/etc/ssl/au-eduroam-cert.pem"
+        phase2="auth=MSCHAPV2"
+        mesh_fwding=1
+        frequency=5200
+}
+
+
The ctrl_interface line may look different on your system.
+Make sure to edit the identity and password values according to your AU ID.
+
+
Next, make sure that other users cannot read the contents of the file:
+
+
# chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
+# chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf
+
+
On OpenBSD, associate wpa_supplicant with the network interface.
+In the following command, change "iwm0" to your wifi device name:
+
+
# rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant.conf -s -D openbsd -i iwm0
+
+
It is now time to start the wpa_supplicant service:
+
+
# rcctl start wpa_supplicant                # OpenBSD
+# rc-service wpa_supplicant start        # Gentoo (OpenRC)
+
+
You should now be connected to the Aarhus University eduroam network.
+In case of problems, you can stop the wpa_supplicant daemon and manually launch it with debugging messages enabled (-d):
+
+
# wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf
+
+
Option 2: Using Network Manager
+If your system uses Network Manager to configure networking, connect to the eduroam wifi with the following configuration:

+
+

+        
+        
+

diff --git a/pages/015-au-eduroam.txt b/pages/015-au-eduroam.txt

t@@ -0,0 +1,116 @@
+Eduroam is an international Wi-Fi roaming service that provides network
+access to university staff and visitors from other universities.
+Aarhus University provides instructions on connecting to eduroam via
+iOS/Android/Windows/Mac and a Python install script for Linux.  In this
+post, I will explain how users of BSD or Linux can set up eduroam
+connectivity manually.
+
+
+## Preparing the system
+
+First, install wpa_supplicant, which is the only prerequisite.  Your
+system might already have it installed for authenticating with ordinary
+Wi-Fi networks.  WPA supplicant supports many different authentication
+methods, and the configuration must be correct for the connection
+to succeed.  On Gentoo Linux, install and enable the wpa_supplicant
+daemon with:
+
+        # pkg_add wpa_supplicant
+        # rcctl enable wpa_supplicant