Introduction
Introduction Statistics Contact Development Disclaimer Help
tadd au-eduroam post - adamsgaard.dk - my academic webpage
git clone git://src.adamsgaard.dk/adamsgaard.dk
Log
Files
Refs
README
LICENSE
---
commit d39d87607186e35cc48b3d23eb51b2a686b29a45
parent 1e568091cc63d3a16a553772d8b74d8d044a5677
Author: Anders Damsgaard <[email protected]>
Date: Tue, 15 Nov 2022 16:25:55 +0100
add au-eduroam post
Diffstat:
A pages/015-au-eduroam.cfg | 8 ++++++++
A pages/015-au-eduroam.html | 112 +++++++++++++++++++++++++++++…
A pages/015-au-eduroam.txt | 116 ++++++++++++++++++++++++++++++
3 files changed, 236 insertions(+), 0 deletions(-)
---
diff --git a/pages/015-au-eduroam.cfg b/pages/015-au-eduroam.cfg
t@@ -0,0 +1,8 @@
+filename=au-eduroam.html
+title=Connecting to Aarhus University eduroam with wpa_supplicant
+description=Connect to the cross-university wifi-network eduroam from BSD or L…
+id=new-homepage
+tags=linux, openbsd, wifi, eduroam, wpa_supplicant
+created=2022-11-15
+updated=2022-11-15
+#index=0
diff --git a/pages/015-au-eduroam.html b/pages/015-au-eduroam.html
t@@ -0,0 +1,112 @@
+<p><a href="https://en.wikipedia.org/wiki/Eduroam">Eduroam</a> is an internati…
+Aarhus University provides <a href="https://eduroam.au.dk/">instructions on co…
+In this post, I will explain how users of BSD or Linux can set up eduroam conn…
+
+<h2>Preparing the system</h2>
+<p>First, install <a href="https://w1.fi/wpa_supplicant/">wpa_supplicant</a>, …
+Your system might already have it installed for authenticating with ordinary W…
+WPA supplicant supports many different authentication methods, and the configu…
+On Gentoo Linux, install and enable the wpa_supplicant daemon with:
+</p>
+
+<pre><code># pkg_add wpa_supplicant
+# rcctl enable wpa_supplicant</pre></code>
+
+<p>On Gentoo Linux with OpenRC, the equivalent procedure is:
+
+<pre><code># emerge net-wireless/wpa_supplicant
+# rc-update add wpa_supplicant default</pre></code>
+
+<p>Next, save the self-signed Aarhus University PEM certificate to the file
+<a href="https://adamsgaard.dk/tmp/au-eduroam-cert.pem">/etc/ssl/au-eduroam-ce…
+I extracted this key file from the official Python installer.
+</p>
+
+<pre><code>-----BEGIN CERTIFICATE-----
+MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
+MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
+OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
+cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
+4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
+XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
+JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
+M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
+5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
+MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
+r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
+QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
+/soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
+y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
+DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
+FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
+sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
+hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
+MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
+v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
+FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
+fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
+5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
+JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
+Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
+tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
++jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
+-----END CERTIFICATE-----</pre></code>
+
+<h2>Option 1: Configuring wpa_supplicant manually</h2>
+<p>If your system <b>does not</b> use Network Manager, you must configure wpa_…
+Open (or create) /etc/wpa_supplicant/wpa_supplicant.conf.
+At minimum, it should contain the following configuration of the eduroam netwo…
+You can also add other Wi-Fi networks here.</p>
+
+<pre><code>ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+disable_scan_offload=1
+update_config=1
+autoscan=periodic:10
+
+network={
+ ssid="eduroam"
+ key_mgmt=WPA-EAP
+ eap=TTLS PEAP
+ identity="[email protected]"
+ password="YOURPASSWORD"
+ ca_cert="/etc/ssl/au-eduroam-cert.pem"
+ phase2="auth=MSCHAPV2"
+ mesh_fwding=1
+ frequency=5200
+}</pre></code>
+
+<p>The <b>ctrl_interface</b> line may look different on your system.
+Make sure to edit the <b>identity</b> and <b>password</b> values according to …
+
+<p>Next, make sure that other users cannot read the contents of the file:</p>
+
+<pre><code># chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
+# chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf</pre></code>
+
+<p>On OpenBSD, associate wpa_supplicant with the network interface.
+In the following command, change "iwm0" to your wifi device name:</p>
+
+<pre><code># rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplic…
+
+<p>It is now time to start the wpa_supplicant service:</p>
+
+<pre><code># rcctl start wpa_supplicant # OpenBSD
+# rc-service wpa_supplicant start # Gentoo (OpenRC)</code></pre>
+
+<p>You should now be connected to the Aarhus University eduroam network.
+In case of problems, you can stop the wpa_supplicant daemon and manually launc…
+
+<pre><code># wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf</cod…
+
+<h2>Option 2: Using Network Manager</h2>
+If your system uses Network Manager to configure networking, connect to the ed…
+
+<figure class="pagefigure">
+ <img src="img/eduroam-network-manager.png"
+ alt="Aarhus University eduroam configuration in Network Manage…
+ class="pageimg"/>
+ <figcaption>
+ Fig. 1: Aarhus University eduroam configuration in Network Man…
+ </figcaption>
+</figure>
diff --git a/pages/015-au-eduroam.txt b/pages/015-au-eduroam.txt
t@@ -0,0 +1,116 @@
+Eduroam is an international Wi-Fi roaming service that provides network
+access to university staff and visitors from other universities.
+Aarhus University provides instructions on connecting to eduroam via
+iOS/Android/Windows/Mac and a Python install script for Linux. In this
+post, I will explain how users of BSD or Linux can set up eduroam
+connectivity manually.
+
+
+## Preparing the system
+
+First, install wpa_supplicant, which is the only prerequisite. Your
+system might already have it installed for authenticating with ordinary
+Wi-Fi networks. WPA supplicant supports many different authentication
+methods, and the configuration must be correct for the connection
+to succeed. On Gentoo Linux, install and enable the wpa_supplicant
+daemon with:
+
+ # pkg_add wpa_supplicant
+ # rcctl enable wpa_supplicant</pre></code>
+
+On Gentoo Linux with OpenRC, the equivalent procedure is:
+
+ # emerge net-wireless/wpa_supplicant
+ # rc-update add wpa_supplicant default
+
+Next, save the self-signed Aarhus University PEM certificate to the
+file /etc/ssl/au-eduroam-cert.pem. I extracted this key file from the
+official Python installer.
+
+ -----BEGIN CERTIFICATE-----
+ MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
+ MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
+ OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
+ cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+ AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
+ 4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
+ XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
+ JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
+ M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
+ 5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
+ MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
+ r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
+ QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
+ /soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
+ y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
+ DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
+ FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
+ sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
+ hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
+ MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
+ v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
+ FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
+ fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
+ 5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
+ JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
+ Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
+ tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
+ +jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
+ -----END CERTIFICATE-----
+
+
+## Option 1: Configuring wpa_supplicant manually
+
+If your system <b>does not</b> use Network Manager, you
+must configure wpa_supplicant directly. Open (or create)
+/etc/wpa_supplicant/wpa_supplicant.conf. At minimum, it should contain
+the following configuration of the eduroam network. You can also add
+other Wi-Fi networks here.
+
+ ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+ disable_scan_offload=1
+ update_config=1
+ autoscan=periodic:10
+ network={
+ ssid="eduroam"
+ key_mgmt=WPA-EAP
+ eap=TTLS PEAP
+ identity="[email protected]"
+ password="YOURPASSWORD"
+ ca_cert="/etc/ssl/au-eduroam-cert.pem"
+ phase2="auth=MSCHAPV2"
+ mesh_fwding=1
+ frequency=5200
+ }
+
+The ctrl_interface line may look different on your system. Make sure
+to edit the identity and password values according to your AU ID.
+
+Next, make sure that other users cannot read the contents of the file:
+
+ # chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
+ # chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf
+
+On OpenBSD, associate wpa_supplicant with the network interface. In the
+following command, change "iwm0" to your wifi device name:
+
+ # rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant…
+
+It is now time to start the wpa_supplicant service:
+
+ # rcctl start wpa_supplicant # OpenBSD
+ # rc-service wpa_supplicant start # Gentoo (OpenRC)
+
+You should now be connected to the Aarhus University eduroam network.
+In case of problems, you can stop the wpa_supplicant daemon and manually
+launch it with debugging messages enabled (-d):
+
+ # wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf
+
+
+## Option 2: Using Network Manager
+
+If your system uses Network Manager to configure networking, connect to
+the eduroam wifi with the following configuration:
+
+ gopher://adamsgaard.dk/tmp/eduroam-network-manager.png
You are viewing proxied material from mx1.adamsgaard.dk. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.