19
edits
Changes
m
As of January 2015 the [https://4help.vt.edu/sp?id=kb_article&sys_id=3886a7206f7721003fbcb03f5d3ee42f preferred method] of wireless access at Virginia Tech is through the [https://Because '''eduroam.org/ eduroam] network. eduroam is ''''s credentials are federated, it means that a secure wireless access service that was developed for the use of research and educational institutions. One of the advantages of the eduroam network VT user is that you will be able to automatically connect to the Internet at any participating institution using your Virginia Tech credentialsinstitutions. The eduroam-US site provides a [https://www.eduroam.us/technical_overview technical overview] of how the network authenticates you to the Virginia Tech RADIUS serversauthentication system.
#THIS HASH IS OUT OF DATE, PLEASE FOLLOW INSTRUCTIONS ABOVE # if you prefer to pin the certificate, follow the instructions above to generate a hash ca_cert="hash://server/sha256/216c5f2568c6e84860b12535efe93500623ccee999306b84260f951bcbd57b1a0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff"
On [[OpenBSD]], the process is a little more complicated:
# ifconfig wlan0 nwid eduroam wpa wpaakms 802.1x up
# /usr/local/sbin/wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf
# dhclient wlan0
# ifconfig wlan0 inet6 autoconf
On campus, there are 2 wireless networks. :* '''eduroam''' : uses federated credentials and is the preferred method, which uses PEAP-MSCHAPv2 to authenticate to the RADIUS server, while the second SSID, .* '''VirginiaTech''', provides a captive-portal : for guests and allows for guest account creationdevices that cannot use the authentication method of '''eduroam'''.Any remotely modern/complete Linux or Unix system will be able to connect to eduroam without any issues.
==General Connection Information==
printf 'YOUR-NETW-ORKP-SSWD' \
| iconv -f ASCII -t UTF-16LE \
| openssl dgst -md4 \
| cut -d ' ' -f 2
</pre>
If you are using OpenSSL 3, you will need to specify the legacy provider:
<pre>
| openssl dgst -md4 -provider legacy \
</pre>
phase2="auth=MSCHAPV2"
anonymous_identity="anonymous@vt.edu"
# if you prefer to dynamically validate the certificate by its cryptographic attributes
ca_cert="/path/to/USERTrust_RSA_Certification_Authority.pem"
domain_match="eduroam.nis.vt.edu"
identity="YourPidHerePID@vt.edu" password="YourNetworkPasswordHereYOUR_NETWORK_PASSWORD"
}
$ sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/eduroam.conf
$ sudo dhcpcd wlan0
Alternate config options, besides domain_match are as follows (obviously not correct):
More thorough documentation is available at [https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf]
===OpenBSD Instructions===
Since the [[OpenBSD]] network stack doesn't support 802.1x authentication, wpa_supplicant is needed to connect. wpa_supplicant on OpenBSD is different from its Linux counterpart in that it is only capable of 802.1x authentication and nothing more. First, install wpa_supplicant from ports if it is not already installed. After that, add just the <code>network={ .. }</code> portion of the above configuration to <code>/etc/wpa_supplicant.conf</code>. The wpa_supplicant service can be enabled with (where iwm0 is your wireless interface):
$ rcctl enable wpa_supplicant
$ rcctl set wpa_supplicant flags -c /etc/wpa_supplicant.conf -s -D openbsd -i iwm0
$ rcctl start wpa_supplicant
Finally, connect to the network with (again, replacing iwm0 with your wireless interface):
$ ifconfig iwm0 join eduroam wpa wpaakms 802.1x up
$ dhclient iwm0
$ ifconfig iwm0 inet6 autoconf
==netctl Instructions==
