Skip to content

Instantly share code, notes, and snippets.

@varqox

varqox/secure_eduroam.md

Created October 6, 2021 21:30
Show Gist options
  • Save varqox/6e03a96e4eab10fc98feee5c05dc02a7 to your computer and use it in GitHub Desktop.
Save varqox/6e03a96e4eab10fc98feee5c05dc02a7 to your computer and use it in GitHub Desktop.
Download ZIP
How to setup a *secure* eduroam connection for University of Warsaw students on Linux
Raw
secure_eduroam.md

Introduction

This tutorial covers using NetworkManager with either wpa_supplicant or IWD backend. If you did not heard of IWD, it is propbable your NetworkManager uses wpa_supplicant.

wpa_supplicant

  1. Edit connection and set:
  • Authentication to Protected EAP (PEAP)
  • Anonymous identity to [email protected]
  • Domain to eduroam.uw.edu.pl
  • CA certificate to file located at /etc/ssl/certs/Comodo_AAA_Services_root.pem
  • Uncheck No CA certifcate is required
  • PEAP version to Automatic
  • Inner authentication to MSCHAPv2
  • Username to your [email protected]
  • Password to your CAS password

image

  1. Connect to eduroam.

IWD

  1. Create file /var/lib/iwd/eduroam.8021x with contents:
[Security]
EAP-Method=PEAP
[email protected]
EAP-PEAP-CACert=/etc/ssl/certs/Comodo_AAA_Services_root.pem
EAP-PEAP-Phase2-Method=MSCHAPV2
[email protected]
EAP-PEAP-Phase2-Password=
EAP-PEAP-ServerDomainMask=eduroam.uw.edu.pl

[Settings]
Autoconnect=true

Remember to change XXXXXXXXXXX to your PESEL and type your password in plain text after EAP-PEAP-Phase2-Password= e.g. EAP-PEAP-Phase2-Password=tajnehaslo

  1. Connect to eduroam.

FAQ

Why /etc/ssl/certs/Comodo_AAA_Services_root.pem?

Because it is the certificate of the root CA in the UW's certificate chain. And wpa_supplicant accepts only a root CA's certificate i.e. fails with "self-signed certificate" error. IWD works with UW's certificate as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment