imported>Ram |
|
| (2 intermediate revisions by one other user not shown) |
| Line 1: |
Line 1: |
| − | Since the fall of 2008, there have been two wireless networks on campus. One network, called '''VT-Wireless''', encrypts all traffic and is secured with EAP-TLS or PEAP-MSCHAPv2. The other network, called [[VT_WLAN]] was an unencrypted network captive portal using PID authentication. In July, 2013 VT_WLAN was superseded by CONNECTtoVT-Wireless, an unencrypted, captive portal wireless network designed to set up connecting to VT-Wireless without offering Internet access. Due to user issues faced during deployment, CONNECTtoVT-Wireless began offering captive portal access to VT users. In January 2015, '''eduroam''' access was enabled, allowing members of any eduroam-affiliated institution to use wifi at any other institution. Connections to VT-Wireless and eduroam are secure by default, and has one of two different methods to connect.
| + | #REDIRECT [[Virginia Tech Wifi]] |
| − | | |
| − | As of January 2015 the [https://www.computing.vt.edu/content/eduroam preferred method] of wireless access at Virginia Tech is through the [https://eduroam.org/ Eduroam] network. Eduroam is a wireless access service that was developed for the use of research and educational institutions. One of the advantages of the Eduroam network over the VT-Wireless network is that you will be able to connect to the Internet at any participating institution using your Virginia Tech credentials. The Eduroam-US site provides a [https://eduroam.us/technical_overview technical overview] of how the network authenticates you to the Virginia Tech RADIUS servers.
| |
| − | | |
| − | == Select a connection method ==
| |
| − | | |
| − | {| class="wikitable"
| |
| − | |-
| |
| − | ! Network
| |
| − | ! Authentication
| |
| − | ! Encrypted
| |
| − | ! Setup
| |
| − | ! Support
| |
| − | |-
| |
| − | | VT-Wireless
| |
| − | | Strong ([[EAP-TLS]])
| |
| − | | Yes
| |
| − | | Involved
| |
| − | | Many devices (Laptops and [[Android]] devices)
| |
| − | |-
| |
| − | | VT-Wireless
| |
| − | | None to Medium ([[PEAP-MSCHAPv2]])
| |
| − | | Yes
| |
| − | | Simple
| |
| − | | Most devices
| |
| − | |-
| |
| − | | eduroam
| |
| − | | None to Medium ([[PEAP-MSCHAPv2]])
| |
| − | | Yes
| |
| − | | Simple
| |
| − | | Most devices
| |
| − | |-
| |
| − | | CONNECTtoVT-Wireless
| |
| − | | None (Captive portal)
| |
| − | | No
| |
| − | | Simplest
| |
| − | | All devices with HTTP
| |
| − | |}
| |
| − | | |
| − | The use of eduroam is recommended because:
| |
| − | * Wifi access is available at not just Virginia Tech, but also many other universities.
| |
| − | * Wifi beacons sent out do not reveal you are a VT affiliate
| |
| − | * It is possible to use an anonymous identity, making your identity hidden from the access point operator (but visible to the RADIUS server operator)
| |
| − | | |
| − | The best option is [[EAP-TLS]], which provides strong, two-way authentication to ensure that neither you or the authentication server can be impersonated. Unfortunately, setting up EAP-TLS can be somewhat involved because it requires a certificate to be installed on the device. Virginia Tech has planned to deprecate certificates in June 2015.
| |
| − | | |
| − | Using [[PEAP-MSCHAPv2]] is less secure as the authentication method can be broken with sufficient resources in a short amount of time. However the authentication is encrypted and the encryption key is authenticated and it is significantly simpler to set up and use.
| |
| − | | |
| − | CONNECTtoVT-Wireless is an unsecured captive portal wireless network. It is used for setting up VT-Wireless on your device. This is entirely optional and the instructional pages for [[PEAP-MSCHAPv2]] and [[EAP-TLS]] do not use it. There have been some reports that using this method causes problems, possibly related to the software it uses. The network is locked down to only allow access to pages that help connect the user to VT-Wireless. It uses [[XpressConnect]].
| |
| − | | |
| − | {| class='wikitable' width='40%'
| |
| − | ! colspan="2" | Select a method for setup instructions
| |
| − | |-
| |
| − | | style="font-size:1.5em;text-align:center" width='50%' | [[EAP-TLS]]
| |
| − | | style="font-size:1.5em;text-align:center" width='50%' | [[PEAP-MSCHAPv2]]
| |
| − | |}
| |
| − | | |
| − | ==A word of caution==
| |
| − | Although you can verify that you are connecting to the eduroam network and validating your connection against the Virginia Tech RADIUS servers you must keep in mind that you are connecting to a network that you do not control. It is possible that there are network monitors in place which can record and potentially modify traffic.
| |
| − | | |
| − | We encourage you to take precautions against network eavesdropping and mischief (on the Eduroam network, and in general). Potential countermeasures that one might want to employ include using [https://www.eff.org/HTTPS-EVERYWHERE HTTPS when connecting to sites], using a [https://www.computing.vt.edu/content/virtual-private-network VPN], or using the [https://www.torproject.org/ Tor Browser Bundle].
| |
| − | | |
| − | For general tips on improving your security while using the network, consider reading reading the EFF's [https://ssd.eff.org/ Surveillance Self-Defense] tips and/or contacting the [https://security.vt.edu/ Virginia Tech Information Security Office].
| |
| − | | |
| − | ==Known Issues==
| |
| − | ===Fall 2013===
| |
| − | As of September 16th, there is an issue present in the Cisco wireless controllers that Virginia Tech uses which causes 802.11n connections to fail for many users, including Linux users on Intel wireless chipsets. Disabling 802.11n is a workaround until it is fixed. This can be done in Arch Linux and Ubuntu by running:
| |
| − | <pre>echo "options iwlwifi 11n_disable=1" >> /etc/modprobe.d/intel-802.11n.conf</pre> as root.
| |
| − | | |
| − | The ath9k driver may require [http://www.mail-archive.com/ath9k-devel@lists.ath9k.org/msg06226.html compiling with this patch].
| |
| − | | |
| − | ===Spring 2014===
| |
| − | If you have trouble with connection dropping, and you can't disable 802.11n, PEAP/TLS helps, but in Lavery/Surge, you might need a 802.11g nic. How much trouble you have will depend on your chipset and which APs are used in the building. Also, there is apparently a theoretical Network Manager implication regarding certs, to be investigated, and certain known issues regarding frame aggregation on Aruba APs (non-exhaustive list of possible causes.)
| |
| − | | |
| − | ===Roaming===
| |
| − | As of February 2015, you may encounter issues roaming between access points when using netctl-auto due to different access points being on different subnets. A workaround is to request a new DHCP lease if you are unable to connect but have an IP address and route.
| |
| − | | |
| − | ===eduroam and EAP-TLS===
| |
| − | As of February 2015, multiple users have reported issues using EAP-TLS on eduroam, despite the fact that eduroam as a service supports this method of authentication. Your mileage may vary.
| |
| − | | |
| − | ==Network Information Sources==
| |
| − | * [http://www.cns.vt.edu/html/wireless/wlan/index.html Communications Network Services: Wireless LAN]
| |
| − | * [http://computing.vt.edu/internet_and_web/internet_access/ipaddresses.html Virginia Tech IP Addresses]
| |
| − | | |
| − | [[Category:Howtos]]
| |
| − | [[Category:Campus computing resources]]
| |
| − | [[Category:Round 2 migration]]
| |
