Open main menu

Linux and Unix Users Group at Virginia Teck Wiki β

Virginia Tech Wifi (OLD)

Revision as of 19:48, 2 February 2015 by imported>Mjh

Since the fall of 2008, there have been two wireless networks on campus. One network, called VT-Wireless, encrypts all traffic and is secured with EAP-TLS or PEAP-MSCHAPv2. The other network, called VT_WLAN was an unencrypted network captive portal using PID authentication. In July, 2013 VT_WLAN was superseded by CONNECTtoVT-Wireless, an unencrypted, captive portal wireless network designed to set up connecting to VT-Wireless without offering Internet access. Due to user issues faced during deployment, CONNECTtoVT-Wireless began offering captive portal access to VT users. In January 2015, eduroam access was enabled, allowing members of any eduroam-affiliated institution to use wifi at any other institution. Connections to VT-Wireless and eduroam are secure by default, and has one of two different methods to connect.


Contents

Select a connection method

Network Authentication Encrypted Setup Support
VT-Wireless Strong (EAP-TLS) Yes Involved Many devices (Laptops and Android devices)
VT-Wireless None to Medium (PEAP-MSCHAPv2) Yes Simple Most devices
eduroam None to Medium (PEAP-MSCHAPv2) Yes Simple Most devices
CONNECTtoVT-Wireless None (Captive portal) No Simplest All devices with HTTP

The use of eduroam is recommended because:

  • Wifi access is available at not just Virginia Tech, but also many other universities.
  • Wifi beacons sent out do not reveal you are a VT affiliate
  • It is possible to use an anonymous identity, making your identity hidden from the access point operator (but visible to the RADIUS server operator)

The best option is EAP-TLS, which provides strong, two-way authentication to ensure that neither you or the authentication server can be impersonated. Unfortunately, setting up EAP-TLS can be somewhat involved because it requires a certificate to be installed on the device. Virginia Tech has planned to deprecate certificates in June 2015.

Using PEAP-MSCHAPv2 is less secure as the authentication method can be broken with sufficient resources in a short amount of time. However the authentication is encrypted and the encryption key is authenticated and it is significantly simpler to set up and use.

CONNECTtoVT-Wireless is an unsecured captive portal wireless network. It is used for setting up VT-Wireless on your device. This is entirely optional and the instructional pages for PEAP-MSCHAPv2 and EAP-TLS do not use it. There have been some reports that using this method causes problems, possibly related to the software it uses. The network is locked down to only allow access to pages that help connect the user to VT-Wireless. It uses XpressConnect.

Select a method for setup instructions
EAP-TLS PEAP-MSCHAPv2

Known Issues

Fall 2013

As of September 16th, there is an issue present in the Cisco wireless controllers that Virginia Tech uses which causes 802.11n connections to fail for many users, including Linux users on Intel wireless chipsets. Disabling 802.11n is a workaround until it is fixed. This can be done in Arch Linux and Ubuntu by running:

echo "options iwlwifi 11n_disable=1" >> /etc/modprobe.d/intel-802.11n.conf

as root.

The ath9k driver may require compiling with this patch.

Spring 2014

If you have trouble with connection dropping, and you can't disable 802.11n, PEAP/TLS helps, but in Lavery/Surge, you might need a 802.11g nic. How much trouble you have will depend on your chipset and which APs are used in the building. Also, there is apparently a theoretical Network Manager implication regarding certs, to be investigated, and certain known issues regarding frame aggregation on Aruba APs (non-exhaustive list of possible causes.)

Roaming

As of February 2015, you may encounter issues roaming between access points when using netctl-auto due to different access points being on different subnets. A workaround is to request a new DHCP lease if you are unable to connect but have an IP address and route.

eduroam and EAP-TLS

As of February 2015, multiple users have reported issues using EAP-TLS on eduroam, despite the fact that eduroam as a service supports this method of authentication. Your mileage may vary.

Network Information Sources