Connecting to the eduroam network shares some similarities with connecting to UVA's VPN on linux. See VPN Setup for details there.
This guide has been updated as of . You may view previous versions of this guide by looking at the "Page History" information. If something in this guide does not work for you, please comment on the page (with your system version) or suggest an edit to the guide. |
For this tutorial, our example compute ID will be "jjruv4
".
To start, you will need to download your personal/user certificate file.
(Optional) Enter the MAC/hardware address of the wireless network card for your device. If you don't know your MAC address, you can find it by opening a terminal and using the ip
a
command, then finding the interface that corresponds to your wifi network card. It may begin with "wlp" in the ID. Then, the hexadecimal string following "link/ether" will be your MAC address.
Enter a passphrase for your private key.
This is not your netbadge login password, or any other UVA password. This is a unique passphrase used only for this certificate file. |
Make sure to record this passphrase and put it somewhere safe! This passphrase is required to use your certificate, and no one can recover it after the fact, not even UVA ITS. |
.p12
".Set your configuration as follows. Please note that the exact option names may be different on your OS. If a configuration option is not listed here, then it should (most likely) be on its default setting:
Security | WPA/WPA2 Enterprise |
Authentication | TLS |
Identity | <Your compute ID email address in all lower-case letters. Example: "jjruv4@virginia.edu"> |
User Certificate | <The full path to your .p12 file. Use the file selection menu if possible. Otherwise, you may need to prefix the file path with the "file://" URI. Example: "file:///home/jjruv4/.certs/jjruv4.p12"> |
CA Certificate | <Leave Empty> |
Private Key | <The full file path to your private .p12 file. Use the file selection menu if possible. Otherwise, you may need to prefix the file path with the "file://" URI. Example: "file:///home/jjruv4/.certs/jjruv4.p12"> |
Private Key Password | <The password given when you created and downloaded the .p12 file from UVA in Step 2. This is not your UVA netbadge password, nor is it your PEM passphrase.> |
Make sure to uncheck the "All users may connect to this network" option in the "General" tab. This may also be named as "Available to all users", or similar.
Connect to the network. You should now be able to click on the eduroam network and connect! See below for troubleshooting suggestions.
Eduroam networks sometimes rely on deprecated security configurations which may force your system to block connections.This is a pervasive issue with many eduroam networks (not just UVA) that depends on the network configuration, your OS and package versions, network device configuration, and network connection configuration. Here are some suggestions that have worked for others:
nmcli device
and looking at the "STATE" column for your wireless device; if it says "unmanaged", then you must set up Network Manager to manage that device./etc/NetworkManager/system-connections/eduroam.nmconnection
(or something similar) using your favorite text editor (nano, vim, gedit, etc.). Remove the line system-ca-cert=true
. If that line is not present, you may add this field and set it to false by adding the line system-ca-cert=false
.wpa_supplicant
. Basically, some eduroam setups may still be using SHA-1 cryptography, which is blocked by default on many newer systems (like Ubuntu 22.04). There are a couple of methods for unblocking this:wpa_supplicant
(the program that handles WPA/WPA2 networks) configuration. There are several steps, see https://askubuntu.com/a/1405397 for details.wpasupplicant
and libssl
packages (not recommended)libssl
is a core library used in many other security programs in Linux (not just your network connections). Also, many other programs will require newer versions of these packages, which could block you from installing critical updates in the future. Preventing future updates makes all of this even worse.For more information on the WPA2/CA Certificate problems, see:
eduroam.nmconnection
fileBelow I have posted an example eduroam connection config file that does work, as of . This is not guaranteed to work on your setup, but it provides a point of reference. If you are using Network Manager, you should be able to find your connection configuration in /etc/NetworkManager/system-connections/eduroam.nmconnection
. Modify fields as necessary for your system.
[connection] id=eduroam uuid= # your connection UUID type=wifi autoconnect-priority=1 permissions=user:jjruv4:; [wifi] mac-address= #your wireless network card's MAC address mode=infrastructure ssid=eduroam [wifi-security] key-mgmt=wpa-eap [802-1x] client-cert=#path to your .p12 file eap=tls; identity=jjruv4@virginia.edu private-key=#path to your .p12 file private-key-password=#REDACTED. It should be encrypted anyway! [ipv4] method=auto [ipv6] addr-gen-mode=stable-privacy method=auto [proxy] |
Information for this how-to was taken from the UVA Physics site:
http://galileo.phys.virginia.edu/compfac/faq/linux-eduroam.html
Some of their steps did not work for my setup, and were edited accordingly in this write-up. Their configuration may work for you if you are having trouble with this one.
|