 |
tadd au-eduroam post - adamsgaard.dk - my academic webpage |
 |
git clone git://src.adamsgaard.dk/adamsgaard.dk |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
commit d39d87607186e35cc48b3d23eb51b2a686b29a45 |
|
parent 1e568091cc63d3a16a553772d8b74d8d044a5677 |
|
Author: Anders Damsgaard <[email protected]> |
|
Date: Tue, 15 Nov 2022 16:25:55 +0100 |
|
|
|
add au-eduroam post |
|
|
|
Diffstat: |
|
A pages/015-au-eduroam.cfg | 8 ++++++++ |
|
A pages/015-au-eduroam.html | 112 +++++++++++++++++++++++++++++… |
|
A pages/015-au-eduroam.txt | 116 ++++++++++++++++++++++++++++++ |
|
|
|
3 files changed, 236 insertions(+), 0 deletions(-) |
|
--- |
|
diff --git a/pages/015-au-eduroam.cfg b/pages/015-au-eduroam.cfg |
|
t@@ -0,0 +1,8 @@ |
|
+filename=au-eduroam.html |
|
+title=Connecting to Aarhus University eduroam with wpa_supplicant |
|
+description=Connect to the cross-university wifi-network eduroam from BSD or L… |
|
+id=new-homepage |
|
+tags=linux, openbsd, wifi, eduroam, wpa_supplicant |
|
+created=2022-11-15 |
|
+updated=2022-11-15 |
|
+#index=0 |
|
diff --git a/pages/015-au-eduroam.html b/pages/015-au-eduroam.html |
|
t@@ -0,0 +1,112 @@ |
|
+<p><a href="https://en.wikipedia.org/wiki/Eduroam">Eduroam</a> is an internati… |
|
+Aarhus University provides <a href="https://eduroam.au.dk/">instructions on co… |
|
+In this post, I will explain how users of BSD or Linux can set up eduroam conn… |
|
+ |
|
+<h2>Preparing the system</h2> |
|
+<p>First, install <a href="https://w1.fi/wpa_supplicant/">wpa_supplicant</a>, … |
|
+Your system might already have it installed for authenticating with ordinary W… |
|
+WPA supplicant supports many different authentication methods, and the configu… |
|
+On Gentoo Linux, install and enable the wpa_supplicant daemon with: |
|
+</p> |
|
+ |
|
+<pre><code># pkg_add wpa_supplicant |
|
+# rcctl enable wpa_supplicant</pre></code> |
|
+ |
|
+<p>On Gentoo Linux with OpenRC, the equivalent procedure is: |
|
+ |
|
+<pre><code># emerge net-wireless/wpa_supplicant |
|
+# rc-update add wpa_supplicant default</pre></code> |
|
+ |
|
+<p>Next, save the self-signed Aarhus University PEM certificate to the file |
|
+<a href="https://adamsgaard.dk/tmp/au-eduroam-cert.pem">/etc/ssl/au-eduroam-ce… |
|
+I extracted this key file from the official Python installer. |
|
+</p> |
|
+ |
|
+<pre><code>-----BEGIN CERTIFICATE----- |
|
+MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn |
|
+MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy |
|
+OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl |
|
+cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB |
|
+AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC |
|
+4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J |
|
+XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo |
|
+JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H |
|
+M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF |
|
+5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI |
|
+MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd |
|
+r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4 |
|
+QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku |
|
+/soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ |
|
+y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud |
|
+DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig |
|
+FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm |
|
+sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/ |
|
+hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+ |
|
+MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD |
|
+v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR |
|
+FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF |
|
+fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2 |
|
+5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI |
|
+JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5 |
|
+Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox |
|
+tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK |
|
++jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk= |
|
+-----END CERTIFICATE-----</pre></code> |
|
+ |
|
+<h2>Option 1: Configuring wpa_supplicant manually</h2> |
|
+<p>If your system <b>does not</b> use Network Manager, you must configure wpa_… |
|
+Open (or create) /etc/wpa_supplicant/wpa_supplicant.conf. |
|
+At minimum, it should contain the following configuration of the eduroam netwo… |
|
+You can also add other Wi-Fi networks here.</p> |
|
+ |
|
+<pre><code>ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel |
|
+disable_scan_offload=1 |
|
+update_config=1 |
|
+autoscan=periodic:10 |
|
+ |
|
+network={ |
|
+ ssid="eduroam" |
|
+ key_mgmt=WPA-EAP |
|
+ eap=TTLS PEAP |
|
+ identity="[email protected]" |
|
+ password="YOURPASSWORD" |
|
+ ca_cert="/etc/ssl/au-eduroam-cert.pem" |
|
+ phase2="auth=MSCHAPV2" |
|
+ mesh_fwding=1 |
|
+ frequency=5200 |
|
+}</pre></code> |
|
+ |
|
+<p>The <b>ctrl_interface</b> line may look different on your system. |
|
+Make sure to edit the <b>identity</b> and <b>password</b> values according to … |
|
+ |
|
+<p>Next, make sure that other users cannot read the contents of the file:</p> |
|
+ |
|
+<pre><code># chown root:root /etc/wpa_supplicant/wpa_supplicant.conf |
|
+# chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf</pre></code> |
|
+ |
|
+<p>On OpenBSD, associate wpa_supplicant with the network interface. |
|
+In the following command, change "iwm0" to your wifi device name:</p> |
|
+ |
|
+<pre><code># rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplic… |
|
+ |
|
+<p>It is now time to start the wpa_supplicant service:</p> |
|
+ |
|
+<pre><code># rcctl start wpa_supplicant # OpenBSD |
|
+# rc-service wpa_supplicant start # Gentoo (OpenRC)</code></pre> |
|
+ |
|
+<p>You should now be connected to the Aarhus University eduroam network. |
|
+In case of problems, you can stop the wpa_supplicant daemon and manually launc… |
|
+ |
|
+<pre><code># wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf</cod… |
|
+ |
|
+<h2>Option 2: Using Network Manager</h2> |
|
+If your system uses Network Manager to configure networking, connect to the ed… |
|
+ |
|
+<figure class="pagefigure"> |
|
+ <img src="img/eduroam-network-manager.png" |
|
+ alt="Aarhus University eduroam configuration in Network Manage… |
|
+ class="pageimg"/> |
|
+ <figcaption> |
|
+ Fig. 1: Aarhus University eduroam configuration in Network Man… |
|
+ </figcaption> |
|
+</figure> |
|
diff --git a/pages/015-au-eduroam.txt b/pages/015-au-eduroam.txt |
|
t@@ -0,0 +1,116 @@ |
|
+Eduroam is an international Wi-Fi roaming service that provides network |
|
+access to university staff and visitors from other universities. |
|
+Aarhus University provides instructions on connecting to eduroam via |
|
+iOS/Android/Windows/Mac and a Python install script for Linux. In this |
|
+post, I will explain how users of BSD or Linux can set up eduroam |
|
+connectivity manually. |
|
+ |
|
+ |
|
+## Preparing the system |
|
+ |
|
+First, install wpa_supplicant, which is the only prerequisite. Your |
|
+system might already have it installed for authenticating with ordinary |
|
+Wi-Fi networks. WPA supplicant supports many different authentication |
|
+methods, and the configuration must be correct for the connection |
|
+to succeed. On Gentoo Linux, install and enable the wpa_supplicant |
|
+daemon with: |
|
+ |
|
+ # pkg_add wpa_supplicant |
|
+ # rcctl enable wpa_supplicant</pre></code> |
|
+ |
|
+On Gentoo Linux with OpenRC, the equivalent procedure is: |
|
+ |
|
+ # emerge net-wireless/wpa_supplicant |
|
+ # rc-update add wpa_supplicant default |
|
+ |
|
+Next, save the self-signed Aarhus University PEM certificate to the |
|
+file /etc/ssl/au-eduroam-cert.pem. I extracted this key file from the |
|
+official Python installer. |
|
+ |
|
+ -----BEGIN CERTIFICATE----- |
|
+ MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn |
|
+ MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy |
|
+ OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl |
|
+ cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB |
|
+ AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC |
|
+ 4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J |
|
+ XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo |
|
+ JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H |
|
+ M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF |
|
+ 5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI |
|
+ MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd |
|
+ r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4 |
|
+ QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku |
|
+ /soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ |
|
+ y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud |
|
+ DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig |
|
+ FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm |
|
+ sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/ |
|
+ hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+ |
|
+ MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD |
|
+ v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR |
|
+ FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF |
|
+ fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2 |
|
+ 5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI |
|
+ JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5 |
|
+ Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox |
|
+ tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK |
|
+ +jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk= |
|
+ -----END CERTIFICATE----- |
|
+ |
|
+ |
|
+## Option 1: Configuring wpa_supplicant manually |
|
+ |
|
+If your system <b>does not</b> use Network Manager, you |
|
+must configure wpa_supplicant directly. Open (or create) |
|
+/etc/wpa_supplicant/wpa_supplicant.conf. At minimum, it should contain |
|
+the following configuration of the eduroam network. You can also add |
|
+other Wi-Fi networks here. |
|
+ |
|
+ ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel |
|
+ disable_scan_offload=1 |
|
+ update_config=1 |
|
+ autoscan=periodic:10 |
|
+ network={ |
|
+ ssid="eduroam" |
|
+ key_mgmt=WPA-EAP |
|
+ eap=TTLS PEAP |
|
+ identity="[email protected]" |
|
+ password="YOURPASSWORD" |
|
+ ca_cert="/etc/ssl/au-eduroam-cert.pem" |
|
+ phase2="auth=MSCHAPV2" |
|
+ mesh_fwding=1 |
|
+ frequency=5200 |
|
+ } |
|
+ |
|
+The ctrl_interface line may look different on your system. Make sure |
|
+to edit the identity and password values according to your AU ID. |
|
+ |
|
+Next, make sure that other users cannot read the contents of the file: |
|
+ |
|
+ # chown root:root /etc/wpa_supplicant/wpa_supplicant.conf |
|
+ # chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf |
|
+ |
|
+On OpenBSD, associate wpa_supplicant with the network interface. In the |
|
+following command, change "iwm0" to your wifi device name: |
|
+ |
|
+ # rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant… |
|
+ |
|
+It is now time to start the wpa_supplicant service: |
|
+ |
|
+ # rcctl start wpa_supplicant # OpenBSD |
|
+ # rc-service wpa_supplicant start # Gentoo (OpenRC) |
|
+ |
|
+You should now be connected to the Aarhus University eduroam network. |
|
+In case of problems, you can stop the wpa_supplicant daemon and manually |
|
+launch it with debugging messages enabled (-d): |
|
+ |
|
+ # wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf |
|
+ |
|
+ |
|
+## Option 2: Using Network Manager |
|
+ |
|
+If your system uses Network Manager to configure networking, connect to |
|
+the eduroam wifi with the following configuration: |
|
+ |
|
+ gopher://adamsgaard.dk/tmp/eduroam-network-manager.png |
