Changes
→wpa_supplicant Instructions: openbsd-specific instructions
As of January 2015 the [https://www.computing.vt.edu/content/eduroam preferred method] of wireless access at Virginia Tech is through the [https://eduroam.org/ Eduroam] network. Eduroam is a secure wireless access service that was developed for the use of research and educational institutions. One of the advantages of the Eduroam network over the VT-Wireless network is that you will be able to connect to the Internet at any participating institution using your Virginia Tech credentials. The Eduroam-US site provides a [https://www.eduroam.us/technical_overview technical overview] of how the network authenticates you to the Virginia Tech RADIUS servers.
==General Connection Information==
''Subject:'' OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
This is a common root CA and should have shipped with your OS. It is likely located in <code>/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem</code>. If you are unable to locate it in your OS, you can get it directly from [https://2029.globalsign.com/ GlobalSign].(This page seems to not be loading correctly at the moment. [https://support.globalsign.com/customer/en/portal/articles/1426602-globalsign-root-certificates Here] is the parent page.)
====Trusted Root CA SHA256 G2====
Validate the certificate (see above) then generate the sha256 hash:
$ openssl x509 -in VT-Wirelesseduroam.cnsnis.vt.edu.crt -outform der | sha256sum
9b5163a3360f07b2dce2fd1e958c541687cf4c5360bb8adc87fa821c1c969910 -
==NetworkManager Instructions==
==wpa_supplicant Instructions==
$ sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/eduroam.conf
$ sudo dhcpcd wlan0
On [[OpenBSD]], the process is a little more complicated:
# ifconfig wlan0 nwid edoroam wpa wpaakms 802.1x up
# /usr/local/sbin/wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf
# dhclient wlan0
# ifconfig iwm0 inet6 autoconf
Alternate config options, besides domain_match are as follows (obviously not correct):
'''TODO:''' Android certificate validation
Quick and dirty options for validating the eduroam certificate, in order from least secure to most secure:
# Do not validate: you will get online, but consider your connection to be as secure as a public hotspot
==Frequently Asked Questions==
===Is eduroam free?===
* Users at other participating institutions
===Why is eduroam the preferred SSID?===
Using eduroam has several advantages:
* Your wifi probes identify The unencrypted portion of your authentication optionally identifies you as an eduroam user, "anonymous@vt.edu" rather than a VT affiliaterevealing your PID
* You have access to seamless roaming if you ever travel to another participating college campus
* The anonymous identity feature separates RADIUS authentication logs from the network access provider's logs
===Does eduroam support EAP-TLS?===
Currently, the Virginia Tech eduroam RADIUS servers are not configured for EAP-TLS.
==References==
[[Category:Howtos]]
[[Category:Campus computing resources]]
[[Category:Needs restoration]]