eduroam

From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a stub. Please help out by expanding it - how to get started.

eduroam (education roaming) is an international Wi-Fi service based on 802.1x for users at many educational institutions.[1] This article will describe how to configure Gentoo to connect to eduroam. There is a map available to see where eduroam networks exist.[2]

Configuration

Configuration assistant tool

The eduroam Configuration Assistant Tool (CAT) collects information about RADIUS/EAP deployments and generates secure installation programs for a range of popular PC and smartphone platforms.[3] The installer can be downloaded at cat.eduroam.org. On Linux, it supports PEAP-MSCHAPv2, TLS, TTLS-MSCHAPv2, TTLS-PAP, and Managed IdP.[4] Not all organizations may have a profile on CAT.

NetworkManager (nmcli)

Important
Be careful about storing passwords in configuration files, especially on multi-user systems. Follow standard best practices and don't reuse passwords.

nmcli can be used to manually establish eduroam connections with NetworkManager. The connection-specific configuration files are stored in /etc/NetworkManager/system-connections/.

FILE eduroam-setup.sh
#!/bin/bash
 
CONNAME="eduroam"
USERNAME="firstname.surname@tuni.fi"
PASSWORD=""
 
nmcli connection add type wifi con-name $CONNAME        \
        connection.permissions $LOGNAME                 \
        802-11-wireless.ssid $CONNAME                   \
        802-11-wireless-security.key-mgmt wpa-eap       \
        802-11-wireless-security.group ccmp,tkip        \
        802-11-wireless-security.pairwise ccmp          \
        802-11-wireless-security.proto rsn              \
        802-1x.altsubject-matches DNS:wifi.tuni.fi      \
        802-1x.anonymous-identity anonymous@tuni.fi     \
        802-1x.eap peap                                 \
        802-1x.identity $USERNAME                       \
        802-1x.password $PASSWORD                       \
        802-1x.phase2-auth mschapv2                     \
        ipv4.method auto                                \
        ipv6.addr-gen-mode stable-privacy               \
        ipv6.method auto

The above is specific to Tampere University in Finland. Configuration may differ across institutions, especially parameters like 802-1x.altsubject-matches DNS:wifi.tuni.fi and 802-1x.anonymous-identity anonymous@tuni.fi.

University of Bristol

The University of Bristol has pages on configuring eduroam using NetworkManager, wpa_supplicant, and netctl.[5]

Troubleshooting

On systemd profiles, a conflict may arise between NetworkManager and systemd-networkd.service which results in eduroam connections continually disconnecting after a short time and then reconnecting. In order to ensure that only NetworkManager is managing the eduroam connection, run

root #systemctl stop systemd-networkd.service

and

root #systemctl disable systemd-networkd.service

unless this service is needed for something else.

Roam.fi

https://www.roam.fi/ is a similar networking project like eduroam in Finland. The above script works also for roam.fi, only the SSID is different. Please set the variable CONNAME="roam.fi".

KDE Plasma settings

Below are screenshots from KDE Plasma desktop environment system settings for eduroam wi-fi configuration.

See also

External resources

References