Virginia Tech Wifi (OLD)

From the Linux and Unix Users Group at Virginia Teck Wiki
Revision as of 16:51, 2 February 2015 by imported>Mjh (Mjh moved page VT-Wireless to Virginia Tech Wifi: Move to cover eduroam too)
Jump to: navigation, search

Since the fall of 2008, there have been two wireless networks on campus. One network, called VT-Wireless, encrypts all traffic and is secured with EAP-TLS or PEAP-MSCHAPv2. The other network, called VT_WLAN. In July, 2013 VT_WLAN was superseded by CONNECTtoVT-Wireless, is an unencrypted, captive portal wireless network designed to set up connecting to VT-Wireless. Internet access is not available on it. Connections to VT-Wireless are secure by default, and has one of two different methods to connect.

Fall 2013 Wifi Issues

As of September 16th, there is an issue present in the Cisco wireless controllers that Virginia Tech uses which causes 802.11n connections to fail for many users, including Linux users on Intel wireless chipsets. Disabling 802.11n is a workaround until it is fixed. This can be done in Arch Linux and Ubuntu by running: 

echo "options iwlwifi 11n_disable=1" >> /etc/modprobe.d/intel-802.11n.conf

as root.

The ath9k driver may require compiling with this patch.

Spring 2014 update: If you have trouble with connection dropping, and you can't disable 802.11n, PEAP/TLS helps, but in Lavery/Surge, you might need a 802.11g nic. How much trouble you have will depend on your chipset and which APs are used in the building. Also, there is apparently a theoretical Network Manager implication regarding certs, to be investigated, and certain known issues regarding frame aggregation on Aruba APs (non-exhaustive list of possible causes.)

Select a connection method

Network Authentication Encrypted Setup Support
VT-Wireless Strong (EAP-TLS) Yes Involved Many devices (Laptops and Android devices)
VT-Wireless None to Medium (PEAP-MSCHAPv2) Yes Simple Most devices
CONNECTtoVT-Wireless None (Captive portal) No Simplest All devices with HTTP

The best option is EAP-TLS, which provides strong, two-way authentication to ensure that neither you or the authentication server can be impersonated. Unfortunately, setting up EAP-TLS can be somewhat involved because it requires a certificate to be installed on the device.

Using PEAP-MSCHAPv2 is less secure as the authentication method can be broken with sufficient resources in a short ammount of time. However the authentication is encrypted and the encryption key is authenticated and it is significantly simpler to set up and use.

CONNECTtoVT-Wireless is an unsecured captive portal wireless network. It is used for setting up VT-Wireless on your device. This is entirely optional and the instructional pages for PEAP-MSCHAPv2 and EAP-TLS do not use it. There have been some reports that using this method causes problems, possibly related to the software it uses. The network is locked down to only allow access to pages that help connect the user to VT-Wireless. It uses XpressConnect.

Select a method for setup instructions
EAP-TLS PEAP-MSCHAPv2

Network Information Sources

Retrieved from "https://vtluug.org/w/index.php?title=Virginia_Tech_Wifi_(OLD)&oldid=382"