tadd au-eduroam post - adamsgaard.dk - my academic webpage | |
git clone git://src.adamsgaard.dk/adamsgaard.dk | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit d39d87607186e35cc48b3d23eb51b2a686b29a45 | |
parent 1e568091cc63d3a16a553772d8b74d8d044a5677 | |
Author: Anders Damsgaard <[email protected]> | |
Date: Tue, 15 Nov 2022 16:25:55 +0100 | |
add au-eduroam post | |
Diffstat: | |
A pages/015-au-eduroam.cfg | 8 ++++++++ | |
A pages/015-au-eduroam.html | 112 +++++++++++++++++++++++++++++… | |
A pages/015-au-eduroam.txt | 116 ++++++++++++++++++++++++++++++ | |
3 files changed, 236 insertions(+), 0 deletions(-) | |
--- | |
diff --git a/pages/015-au-eduroam.cfg b/pages/015-au-eduroam.cfg | |
t@@ -0,0 +1,8 @@ | |
+filename=au-eduroam.html | |
+title=Connecting to Aarhus University eduroam with wpa_supplicant | |
+description=Connect to the cross-university wifi-network eduroam from BSD or L… | |
+id=new-homepage | |
+tags=linux, openbsd, wifi, eduroam, wpa_supplicant | |
+created=2022-11-15 | |
+updated=2022-11-15 | |
+#index=0 | |
diff --git a/pages/015-au-eduroam.html b/pages/015-au-eduroam.html | |
t@@ -0,0 +1,112 @@ | |
+<p><a href="https://en.wikipedia.org/wiki/Eduroam">Eduroam</a> is an internati… | |
+Aarhus University provides <a href="https://eduroam.au.dk/">instructions on co… | |
+In this post, I will explain how users of BSD or Linux can set up eduroam conn… | |
+ | |
+<h2>Preparing the system</h2> | |
+<p>First, install <a href="https://w1.fi/wpa_supplicant/">wpa_supplicant</a>, … | |
+Your system might already have it installed for authenticating with ordinary W… | |
+WPA supplicant supports many different authentication methods, and the configu… | |
+On Gentoo Linux, install and enable the wpa_supplicant daemon with: | |
+</p> | |
+ | |
+<pre><code># pkg_add wpa_supplicant | |
+# rcctl enable wpa_supplicant</pre></code> | |
+ | |
+<p>On Gentoo Linux with OpenRC, the equivalent procedure is: | |
+ | |
+<pre><code># emerge net-wireless/wpa_supplicant | |
+# rc-update add wpa_supplicant default</pre></code> | |
+ | |
+<p>Next, save the self-signed Aarhus University PEM certificate to the file | |
+<a href="https://adamsgaard.dk/tmp/au-eduroam-cert.pem">/etc/ssl/au-eduroam-ce… | |
+I extracted this key file from the official Python installer. | |
+</p> | |
+ | |
+<pre><code>-----BEGIN CERTIFICATE----- | |
+MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn | |
+MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy | |
+OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl | |
+cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB | |
+AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC | |
+4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J | |
+XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo | |
+JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H | |
+M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF | |
+5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI | |
+MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd | |
+r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4 | |
+QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku | |
+/soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ | |
+y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud | |
+DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig | |
+FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm | |
+sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/ | |
+hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+ | |
+MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD | |
+v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR | |
+FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF | |
+fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2 | |
+5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI | |
+JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5 | |
+Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox | |
+tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK | |
++jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk= | |
+-----END CERTIFICATE-----</pre></code> | |
+ | |
+<h2>Option 1: Configuring wpa_supplicant manually</h2> | |
+<p>If your system <b>does not</b> use Network Manager, you must configure wpa_… | |
+Open (or create) /etc/wpa_supplicant/wpa_supplicant.conf. | |
+At minimum, it should contain the following configuration of the eduroam netwo… | |
+You can also add other Wi-Fi networks here.</p> | |
+ | |
+<pre><code>ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel | |
+disable_scan_offload=1 | |
+update_config=1 | |
+autoscan=periodic:10 | |
+ | |
+network={ | |
+ ssid="eduroam" | |
+ key_mgmt=WPA-EAP | |
+ eap=TTLS PEAP | |
+ identity="[email protected]" | |
+ password="YOURPASSWORD" | |
+ ca_cert="/etc/ssl/au-eduroam-cert.pem" | |
+ phase2="auth=MSCHAPV2" | |
+ mesh_fwding=1 | |
+ frequency=5200 | |
+}</pre></code> | |
+ | |
+<p>The <b>ctrl_interface</b> line may look different on your system. | |
+Make sure to edit the <b>identity</b> and <b>password</b> values according to … | |
+ | |
+<p>Next, make sure that other users cannot read the contents of the file:</p> | |
+ | |
+<pre><code># chown root:root /etc/wpa_supplicant/wpa_supplicant.conf | |
+# chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf</pre></code> | |
+ | |
+<p>On OpenBSD, associate wpa_supplicant with the network interface. | |
+In the following command, change "iwm0" to your wifi device name:</p> | |
+ | |
+<pre><code># rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplic… | |
+ | |
+<p>It is now time to start the wpa_supplicant service:</p> | |
+ | |
+<pre><code># rcctl start wpa_supplicant # OpenBSD | |
+# rc-service wpa_supplicant start # Gentoo (OpenRC)</code></pre> | |
+ | |
+<p>You should now be connected to the Aarhus University eduroam network. | |
+In case of problems, you can stop the wpa_supplicant daemon and manually launc… | |
+ | |
+<pre><code># wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf</cod… | |
+ | |
+<h2>Option 2: Using Network Manager</h2> | |
+If your system uses Network Manager to configure networking, connect to the ed… | |
+ | |
+<figure class="pagefigure"> | |
+ <img src="img/eduroam-network-manager.png" | |
+ alt="Aarhus University eduroam configuration in Network Manage… | |
+ class="pageimg"/> | |
+ <figcaption> | |
+ Fig. 1: Aarhus University eduroam configuration in Network Man… | |
+ </figcaption> | |
+</figure> | |
diff --git a/pages/015-au-eduroam.txt b/pages/015-au-eduroam.txt | |
t@@ -0,0 +1,116 @@ | |
+Eduroam is an international Wi-Fi roaming service that provides network | |
+access to university staff and visitors from other universities. | |
+Aarhus University provides instructions on connecting to eduroam via | |
+iOS/Android/Windows/Mac and a Python install script for Linux. In this | |
+post, I will explain how users of BSD or Linux can set up eduroam | |
+connectivity manually. | |
+ | |
+ | |
+## Preparing the system | |
+ | |
+First, install wpa_supplicant, which is the only prerequisite. Your | |
+system might already have it installed for authenticating with ordinary | |
+Wi-Fi networks. WPA supplicant supports many different authentication | |
+methods, and the configuration must be correct for the connection | |
+to succeed. On Gentoo Linux, install and enable the wpa_supplicant | |
+daemon with: | |
+ | |
+ # pkg_add wpa_supplicant | |
+ # rcctl enable wpa_supplicant</pre></code> | |
+ | |
+On Gentoo Linux with OpenRC, the equivalent procedure is: | |
+ | |
+ # emerge net-wireless/wpa_supplicant | |
+ # rc-update add wpa_supplicant default | |
+ | |
+Next, save the self-signed Aarhus University PEM certificate to the | |
+file /etc/ssl/au-eduroam-cert.pem. I extracted this key file from the | |
+official Python installer. | |
+ | |
+ -----BEGIN CERTIFICATE----- | |
+ MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn | |
+ MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy | |
+ OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl | |
+ cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB | |
+ AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC | |
+ 4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J | |
+ XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo | |
+ JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H | |
+ M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF | |
+ 5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI | |
+ MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd | |
+ r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4 | |
+ QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku | |
+ /soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ | |
+ y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud | |
+ DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig | |
+ FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm | |
+ sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/ | |
+ hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+ | |
+ MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD | |
+ v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR | |
+ FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF | |
+ fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2 | |
+ 5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI | |
+ JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5 | |
+ Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox | |
+ tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK | |
+ +jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk= | |
+ -----END CERTIFICATE----- | |
+ | |
+ | |
+## Option 1: Configuring wpa_supplicant manually | |
+ | |
+If your system <b>does not</b> use Network Manager, you | |
+must configure wpa_supplicant directly. Open (or create) | |
+/etc/wpa_supplicant/wpa_supplicant.conf. At minimum, it should contain | |
+the following configuration of the eduroam network. You can also add | |
+other Wi-Fi networks here. | |
+ | |
+ ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel | |
+ disable_scan_offload=1 | |
+ update_config=1 | |
+ autoscan=periodic:10 | |
+ network={ | |
+ ssid="eduroam" | |
+ key_mgmt=WPA-EAP | |
+ eap=TTLS PEAP | |
+ identity="[email protected]" | |
+ password="YOURPASSWORD" | |
+ ca_cert="/etc/ssl/au-eduroam-cert.pem" | |
+ phase2="auth=MSCHAPV2" | |
+ mesh_fwding=1 | |
+ frequency=5200 | |
+ } | |
+ | |
+The ctrl_interface line may look different on your system. Make sure | |
+to edit the identity and password values according to your AU ID. | |
+ | |
+Next, make sure that other users cannot read the contents of the file: | |
+ | |
+ # chown root:root /etc/wpa_supplicant/wpa_supplicant.conf | |
+ # chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf | |
+ | |
+On OpenBSD, associate wpa_supplicant with the network interface. In the | |
+following command, change "iwm0" to your wifi device name: | |
+ | |
+ # rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant… | |
+ | |
+It is now time to start the wpa_supplicant service: | |
+ | |
+ # rcctl start wpa_supplicant # OpenBSD | |
+ # rc-service wpa_supplicant start # Gentoo (OpenRC) | |
+ | |
+You should now be connected to the Aarhus University eduroam network. | |
+In case of problems, you can stop the wpa_supplicant daemon and manually | |
+launch it with debugging messages enabled (-d): | |
+ | |
+ # wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf | |
+ | |
+ | |
+## Option 2: Using Network Manager | |
+ | |
+If your system uses Network Manager to configure networking, connect to | |
+the eduroam wifi with the following configuration: | |
+ | |
+ gopher://adamsgaard.dk/tmp/eduroam-network-manager.png |