Changes

<!--There are three wireless networks on campus. One network, called VT-Wireless, encrypts all traffic and is secured with [[EAP-TLS]] or PEAP-MSCHAPv2. A second network, CONNECTtoVT-Wireless, is an unencrypted, captive portal wireless network designed to set up connecting to VT-Wireless without offering Internet access. Due to user issues faced during deployment, CONNECTtoVT-Wireless began offering captive portal access to VT users.-->On campus, there are 2 wireless networks. '''Eduroam''' is the preferred method, which uses PEAP-MSCHAPv2 to authenticate to the RADIUS server, while the second SSID, '''VirginiaTech''', provides a captive-portaland allows for guest account creation.

As of January 2015 the [https://www.computing.vt.edu/content/eduroam preferred method] of wireless access at Virginia Tech is through the [https://eduroam.org/ Eduroam] network. Eduroam is a secure wireless access service that was developed for the use of research and educational institutions. One of the advantages of the Eduroam network over the VT-Wireless network is that you will be able to connect to the Internet at any participating institution using your Virginia Tech credentials. The Eduroam-US site provides a [https://www.eduroam.us/technical_overview technical overview] of how the network authenticates you to the Virginia Tech RADIUS servers.

This is a common root CA and should have shipped with your OS. It is likely located in <code>/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem</code>. If you are unable to locate it in your OS, you can get it directly from [https://2029.globalsign.com/ GlobalSign].(This page seems to not be loading correctly at the moment. [https://support.globalsign.com/customer/en/portal/articles/1426602-globalsign-root-certificates Here] is the parent page.)

$ openssl x509 -in VT-Wirelesseduroam.cnsnis.vt.edu.crt -outform der | sha256sum

* In your the list of wireless configuration programnetworks, select "eduroam".Set the following options: * Choose Wi-Fi security: WPA & WPA2 Enterprise* Authentication: Protected EAP (PEAP as the EAP type.)* Choose MSCHAPv2 as the authentication methodAnonymous identity: anonymous@vt.edu* Use PID@Domain: nis.vt.edu and network passphrase as your login credentials* CA certificate: Select <code>/path/to/GlobalSign_Root_CA_-_R3.pem</code> via the file picker* PEAP version: Automatic* Inner authentication: MSCHAPv2* Use anonymousUsername: PID@vt.edu as your Anonymous Identity* '''TODOPassword: YOUR_NETWORK_PASSWORD [[File:''' Certificate verification (Warning, until certificate verification is added, it is ''not'' recommended that you use this method of accessing the networkNm settings.)png]]

Quick and dirty options for validating the eduroam certificate, in order from least secure to most secure:

Eduroam eduroam at Virginia Tech is free for:* VT affiliates with VT-Wireless wireless entitlements (includes students) access and network passwords

* Your wifi probes identify The unencrypted portion of your authentication optionally identifies you as an eduroam user, "anonymous@vt.edu" rather than a VT affiliaterevealing your PID