tadd au-eduroam post - adamsgaard.dk - my academic webpage
(HTM) git clone git://src.adamsgaard.dk/adamsgaard.dk
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit d39d87607186e35cc48b3d23eb51b2a686b29a45
(DIR) parent 1e568091cc63d3a16a553772d8b74d8d044a5677
(HTM) Author: Anders Damsgaard <anders@adamsgaard.dk>
Date: Tue, 15 Nov 2022 16:25:55 +0100
add au-eduroam post
Diffstat:
A pages/015-au-eduroam.cfg | 8 ++++++++
A pages/015-au-eduroam.html | 112 +++++++++++++++++++++++++++++++
A pages/015-au-eduroam.txt | 116 ++++++++++++++++++++++++++++++
3 files changed, 236 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/pages/015-au-eduroam.cfg b/pages/015-au-eduroam.cfg
t@@ -0,0 +1,8 @@
+filename=au-eduroam.html
+title=Connecting to Aarhus University eduroam with wpa_supplicant
+description=Connect to the cross-university wifi-network eduroam from BSD or Linux
+id=new-homepage
+tags=linux, openbsd, wifi, eduroam, wpa_supplicant
+created=2022-11-15
+updated=2022-11-15
+#index=0
(DIR) diff --git a/pages/015-au-eduroam.html b/pages/015-au-eduroam.html
t@@ -0,0 +1,112 @@
+<p><a href="https://en.wikipedia.org/wiki/Eduroam">Eduroam</a> is an international Wi-Fi roaming service that provides network access to university staff and visitors from other universities.
+Aarhus University provides <a href="https://eduroam.au.dk/">instructions on connecting</a> to eduroam via iOS/Android/Windows/Mac and a Python install script for Linux.
+In this post, I will explain how users of BSD or Linux can set up eduroam connectivity manually.</p>
+
+<h2>Preparing the system</h2>
+<p>First, install <a href="https://w1.fi/wpa_supplicant/">wpa_supplicant</a>, which is the only prerequisite.
+Your system might already have it installed for authenticating with ordinary Wi-Fi networks.
+WPA supplicant supports many different authentication methods, and the configuration must be correct for the connection to succeed.
+On Gentoo Linux, install and enable the wpa_supplicant daemon with:
+</p>
+
+<pre><code># pkg_add wpa_supplicant
+# rcctl enable wpa_supplicant</pre></code>
+
+<p>On Gentoo Linux with OpenRC, the equivalent procedure is:
+
+<pre><code># emerge net-wireless/wpa_supplicant
+# rc-update add wpa_supplicant default</pre></code>
+
+<p>Next, save the self-signed Aarhus University PEM certificate to the file
+<a href="https://adamsgaard.dk/tmp/au-eduroam-cert.pem">/etc/ssl/au-eduroam-cert.pem</a>.
+I extracted this key file from the official Python installer.
+</p>
+
+<pre><code>-----BEGIN CERTIFICATE-----
+MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
+MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
+OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
+cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
+4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
+XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
+JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
+M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
+5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
+MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
+r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
+QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
+/soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
+y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
+DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
+FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
+sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
+hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
+MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
+v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
+FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
+fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
+5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
+JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
+Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
+tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
++jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
+-----END CERTIFICATE-----</pre></code>
+
+<h2>Option 1: Configuring wpa_supplicant manually</h2>
+<p>If your system <b>does not</b> use Network Manager, you must configure wpa_supplicant directly.
+Open (or create) /etc/wpa_supplicant/wpa_supplicant.conf.
+At minimum, it should contain the following configuration of the eduroam network.
+You can also add other Wi-Fi networks here.</p>
+
+<pre><code>ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+disable_scan_offload=1
+update_config=1
+autoscan=periodic:10
+
+network={
+ ssid="eduroam"
+ key_mgmt=WPA-EAP
+ eap=TTLS PEAP
+ identity="auNNNNNN@uni.au.dk"
+ password="YOURPASSWORD"
+ ca_cert="/etc/ssl/au-eduroam-cert.pem"
+ phase2="auth=MSCHAPV2"
+ mesh_fwding=1
+ frequency=5200
+}</pre></code>
+
+<p>The <b>ctrl_interface</b> line may look different on your system.
+Make sure to edit the <b>identity</b> and <b>password</b> values according to your AU ID.</p>
+
+<p>Next, make sure that other users cannot read the contents of the file:</p>
+
+<pre><code># chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
+# chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf</pre></code>
+
+<p>On OpenBSD, associate wpa_supplicant with the network interface.
+In the following command, change "iwm0" to your wifi device name:</p>
+
+<pre><code># rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant.conf -s -D openbsd -i iwm0</code></pre>
+
+<p>It is now time to start the wpa_supplicant service:</p>
+
+<pre><code># rcctl start wpa_supplicant # OpenBSD
+# rc-service wpa_supplicant start # Gentoo (OpenRC)</code></pre>
+
+<p>You should now be connected to the Aarhus University eduroam network.
+In case of problems, you can stop the wpa_supplicant daemon and manually launch it with debugging messages enabled (-d):</p>
+
+<pre><code># wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf</code></pre>
+
+<h2>Option 2: Using Network Manager</h2>
+If your system uses Network Manager to configure networking, connect to the eduroam wifi with the following configuration:</p>
+
+<figure class="pagefigure">
+ <img src="img/eduroam-network-manager.png"
+ alt="Aarhus University eduroam configuration in Network Manager"
+ class="pageimg"/>
+ <figcaption>
+ Fig. 1: Aarhus University eduroam configuration in Network Manager.
+ </figcaption>
+</figure>
(DIR) diff --git a/pages/015-au-eduroam.txt b/pages/015-au-eduroam.txt
t@@ -0,0 +1,116 @@
+Eduroam is an international Wi-Fi roaming service that provides network
+access to university staff and visitors from other universities.
+Aarhus University provides instructions on connecting to eduroam via
+iOS/Android/Windows/Mac and a Python install script for Linux. In this
+post, I will explain how users of BSD or Linux can set up eduroam
+connectivity manually.
+
+
+## Preparing the system
+
+First, install wpa_supplicant, which is the only prerequisite. Your
+system might already have it installed for authenticating with ordinary
+Wi-Fi networks. WPA supplicant supports many different authentication
+methods, and the configuration must be correct for the connection
+to succeed. On Gentoo Linux, install and enable the wpa_supplicant
+daemon with:
+
+ # pkg_add wpa_supplicant
+ # rcctl enable wpa_supplicant</pre></code>
+
+On Gentoo Linux with OpenRC, the equivalent procedure is:
+
+ # emerge net-wireless/wpa_supplicant
+ # rc-update add wpa_supplicant default
+
+Next, save the self-signed Aarhus University PEM certificate to the
+file /etc/ssl/au-eduroam-cert.pem. I extracted this key file from the
+official Python installer.
+
+ -----BEGIN CERTIFICATE-----
+ MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
+ MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
+ OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
+ cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+ AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
+ 4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
+ XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
+ JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
+ M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
+ 5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
+ MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
+ r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
+ QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
+ /soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
+ y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
+ DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
+ FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
+ sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
+ hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
+ MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
+ v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
+ FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
+ fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
+ 5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
+ JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
+ Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
+ tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
+ +jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
+ -----END CERTIFICATE-----
+
+
+## Option 1: Configuring wpa_supplicant manually
+
+If your system <b>does not</b> use Network Manager, you
+must configure wpa_supplicant directly. Open (or create)
+/etc/wpa_supplicant/wpa_supplicant.conf. At minimum, it should contain
+the following configuration of the eduroam network. You can also add
+other Wi-Fi networks here.
+
+ ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+ disable_scan_offload=1
+ update_config=1
+ autoscan=periodic:10
+ network={
+ ssid="eduroam"
+ key_mgmt=WPA-EAP
+ eap=TTLS PEAP
+ identity="auNNNNNN@uni.au.dk"
+ password="YOURPASSWORD"
+ ca_cert="/etc/ssl/au-eduroam-cert.pem"
+ phase2="auth=MSCHAPV2"
+ mesh_fwding=1
+ frequency=5200
+ }
+
+The ctrl_interface line may look different on your system. Make sure
+to edit the identity and password values according to your AU ID.
+
+Next, make sure that other users cannot read the contents of the file:
+
+ # chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
+ # chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf
+
+On OpenBSD, associate wpa_supplicant with the network interface. In the
+following command, change "iwm0" to your wifi device name:
+
+ # rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant.conf -s -D openbsd -i iwm0
+
+It is now time to start the wpa_supplicant service:
+
+ # rcctl start wpa_supplicant # OpenBSD
+ # rc-service wpa_supplicant start # Gentoo (OpenRC)
+
+You should now be connected to the Aarhus University eduroam network.
+In case of problems, you can stop the wpa_supplicant daemon and manually
+launch it with debugging messages enabled (-d):
+
+ # wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf
+
+
+## Option 2: Using Network Manager
+
+If your system uses Network Manager to configure networking, connect to
+the eduroam wifi with the following configuration:
+
+ gopher://adamsgaard.dk/tmp/eduroam-network-manager.png