noxz.tech/articles/manual-eduroam-connection/index.www
1This article is based somewhat on a similar
2.URL https://adamsgaard.dk/au-eduroam.html text
3written by
4.URL https://adamsgaard.dk "Anders Damsgaard" ,
5but has been generalized to fit various universities that use the
6.URL "https://en.wikipedia.org/wiki/Eduroam" eduroam
7roaming service. Although eduroam provides a solution for connection using
8Linux, it is only written for Linux and not *nix systems in general, and it
9relies somewhat on certain prerequisites that all *nix users may not have. The
10solution I will discuss only relies on the
11.ICD wpa_supplicant .
12
13Provided that you have
14.ICD wpa_supplicant
15installed, you need to extract the certificate that your university uses to
16authorize connectivity to the roaming service. Start by browsing
17.URL https://cat.eduroam.org/ https://cat.eduroam.org/
18using your favorite web browser. I would recommend using
19.URL /software/adji/ adji .
20Once there, click the button that says something like "Click here to download
21your eduroam installer". You should then be asked to select your university.
22Select the university you are affiliated with. Depending on your browser's user
23agent, an operating system will be suggested to you. If
24.I Linux
25is not suggested, click the link that says "Choose another installer to
26download" and click "Linux." An installer script will be downloaded to your
27client. Within this script, there exists a configuration section that contains
28one or multiple PEM certificates.
29
30You can extract the PEM certificate either manually or by using sed, for example
31like so (replacing
32.I installer.py
33with the name of the installer script you've downloaded):
34
35.CDS
36.COS
37echo -----BEGIN CERTIFICATE-----; \\
38sed -n '/^Config.CA = """/,/"""/{/^Config.CA = """/!{/"""/!p;};}' installer.py
39.COE
40.CDE
41
42The extracted PEM certificates should begin with
43.ICD "-----BEGIN CERTIFICATE-----"
44and end with
45.ICD "-----END CERTIFICATE-----" .
46
47Now, save the extracted PEM certificate to a place that your
48.I wpa_supplicant
49have access. Such a place could be
50.ICD "/etc/ssl/certs/my_eduroam_cert.pem" .
51What you name the file is up to you, but in this example, I will use the name
52.ICD "my_eduroam_cert.pem" .
53
54Depending on your current
55.I wpa_supplicant
56configuration, the file
57.ICD "/etc/wpa_supplicant/wpa_supplicant.conf"
58may be empty or populated with known networks. In either case, append the
59following lines to that file:
60
61.CDS
62.COS
63network={
64 ssid="eduroam"
65 key_mgmt=WPA-EAP
66 eap=TTLS PEAP
67 identity="<your eduroam username>"
68 password="<your eduroam password>"
69 ca_cert="/etc/ssl/certs/my_eduroam_cert.pem"
70 phase2="auth=MSCHAPV2"
71 mesh_fwding=1
72 frequency=5200
73}
74.COE
75.CDE
76
77You will, of course, have to change the strings
78.I "<your eduroam ...>"
79to match your eduroam identity that is registered with your university. That's
80it. The next time you use
81.ICD wpa_supplicant
82to connect to the wireless network at your university, you should be connected
83to the eduroam roaming service.
84
85.DIVS note
86Keep in mind that you should always treat public networks as insecure and
87consider any data you transmit through them as potentially collected by
88unauthorized parties, including the network owner. This can compromise your
89privacy and safety. To protect your data, consider using Tor or even better, a
90personally owned and controlled proxy instead of consumerized VPNs, which pose
91the same trust issues as a public network.
92.DIVE
