add au-eduroam post - adamsgaard.dk

commit d39d87607186e35cc48b3d23eb51b2a686b29a45
parent 1e568091cc63d3a16a553772d8b74d8d044a5677
Author: Anders Damsgaard <anders@adamsgaard.dk>
Date:   Tue, 15 Nov 2022 16:25:55 +0100

add au-eduroam post

Diffstat:
A pages/015-au-eduroam.cfg  | 8 ++++++++
A pages/015-au-eduroam.html  | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A pages/015-au-eduroam.txt  | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

3 files changed, 236 insertions(+), 0 deletions(-)
diff --git a/pages/015-au-eduroam.cfg b/pages/015-au-eduroam.cfg
@@ -0,0 +1,8 @@
+filename=au-eduroam.html
+title=Connecting to Aarhus University eduroam with wpa_supplicant
+description=Connect to the cross-university wifi-network eduroam from BSD or Linux
+id=new-homepage
+tags=linux, openbsd, wifi, eduroam, wpa_supplicant
+created=2022-11-15
+updated=2022-11-15
+#index=0
diff --git a/pages/015-au-eduroam.html b/pages/015-au-eduroam.html
@@ -0,0 +1,112 @@
+<p><a href="https://en.wikipedia.org/wiki/Eduroam">Eduroam</a> is an international Wi-Fi roaming service that provides network access to university staff and visitors from other universities.
+Aarhus University provides <a href="https://eduroam.au.dk/">instructions on connecting</a> to eduroam via iOS/Android/Windows/Mac and a Python install script for Linux.
+In this post, I will explain how users of BSD or Linux can set up eduroam connectivity manually.</p>
+
+<h2>Preparing the system</h2>
+<p>First, install <a href="https://w1.fi/wpa_supplicant/">wpa_supplicant</a>, which is the only prerequisite.
+Your system might already have it installed for authenticating with ordinary Wi-Fi networks.
+WPA supplicant supports many different authentication methods, and the configuration must be correct for the connection to succeed.
+On Gentoo Linux, install and enable the wpa_supplicant daemon with:
+</p>
+
+<pre><code># pkg_add wpa_supplicant
+# rcctl enable wpa_supplicant</pre></code>
+
+<p>On Gentoo Linux with OpenRC, the equivalent procedure is:
+
+<pre><code># emerge net-wireless/wpa_supplicant
+# rc-update add wpa_supplicant default</pre></code>
+
+<p>Next, save the self-signed Aarhus University PEM certificate to the file
+<a href="https://adamsgaard.dk/tmp/au-eduroam-cert.pem">/etc/ssl/au-eduroam-cert.pem</a>.
+I extracted this key file from the official Python installer.
+</p>
+
+<pre><code>-----BEGIN CERTIFICATE-----
+MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
+MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
+OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
+cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
+4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
+XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
+JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
+M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
+5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
+MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
+r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
+QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
+/soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
+y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
+DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
+FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
+sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
+hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
+MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
+v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
+FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
+fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
+5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
+JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
+Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
+tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
++jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
+-----END CERTIFICATE-----</pre></code>
+
+<h2>Option 1: Configuring wpa_supplicant manually</h2>
+<p>If your system <b>does not</b> use Network Manager, you must configure wpa_supplicant directly.
+Open (or create) /etc/wpa_supplicant/wpa_supplicant.conf.
+At minimum, it should contain the following configuration of the eduroam network.
+You can also add other Wi-Fi networks here.</p>
+
+<pre><code>ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+disable_scan_offload=1
+update_config=1
+autoscan=periodic:10
+
+network={
+	ssid="eduroam"
+	key_mgmt=WPA-EAP
+	eap=TTLS PEAP
+	identity="auNNNNNN@uni.au.dk"
+	password="YOURPASSWORD"
+	ca_cert="/etc/ssl/au-eduroam-cert.pem"
+	phase2="auth=MSCHAPV2"
+	mesh_fwding=1
+	frequency=5200
+}</pre></code>
+
+<p>The <b>ctrl_interface</b> line may look different on your system.
+Make sure to edit the <b>identity</b> and <b>password</b> values according to your AU ID.</p>
+
+<p>Next, make sure that other users cannot read the contents of the file:</p>
+
+<pre><code># chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
+# chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf</pre></code>
+
+<p>On OpenBSD, associate wpa_supplicant with the network interface.
+In the following command, change "iwm0" to your wifi device name:</p>
+
+<pre><code># rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant.conf -s -D openbsd -i iwm0</code></pre>
+
+<p>It is now time to start the wpa_supplicant service:</p>
+
+<pre><code># rcctl start wpa_supplicant		# OpenBSD
+# rc-service wpa_supplicant start	# Gentoo (OpenRC)</code></pre>
+
+<p>You should now be connected to the Aarhus University eduroam network.
+In case of problems, you can stop the wpa_supplicant daemon and manually launch it with debugging messages enabled (-d):</p>
+
+<pre><code># wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf</code></pre>
+
+<h2>Option 2: Using Network Manager</h2>
+If your system uses Network Manager to configure networking, connect to the eduroam wifi with the following configuration:</p>
+
+<figure class="pagefigure">
+	<img src="img/eduroam-network-manager.png"
+		alt="Aarhus University eduroam configuration in Network Manager"
+		class="pageimg"/>
+	<figcaption>
+		Fig. 1: Aarhus University eduroam configuration in Network Manager.
+	</figcaption>
+</figure>
diff --git a/pages/015-au-eduroam.txt b/pages/015-au-eduroam.txt
@@ -0,0 +1,116 @@
+Eduroam is an international Wi-Fi roaming service that provides network
+access to university staff and visitors from other universities.
+Aarhus University provides instructions on connecting to eduroam via
+iOS/Android/Windows/Mac and a Python install script for Linux.  In this
+post, I will explain how users of BSD or Linux can set up eduroam
+connectivity manually.
+
+
+## Preparing the system
+
+First, install wpa_supplicant, which is the only prerequisite.  Your
+system might already have it installed for authenticating with ordinary
+Wi-Fi networks.  WPA supplicant supports many different authentication
+methods, and the configuration must be correct for the connection
+to succeed.  On Gentoo Linux, install and enable the wpa_supplicant
+daemon with:
+
+	# pkg_add wpa_supplicant
+	# rcctl enable wpa_supplicant</pre></code>
+
+On Gentoo Linux with OpenRC, the equivalent procedure is:
+
+	# emerge net-wireless/wpa_supplicant
+	# rc-update add wpa_supplicant default
+
+Next, save the self-signed Aarhus University PEM certificate to the
+file /etc/ssl/au-eduroam-cert.pem.  I extracted this key file from the
+official Python installer.
+
+	-----BEGIN CERTIFICATE-----
+	MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
+	MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
+	OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
+	cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+	AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
+	4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
+	XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
+	JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
+	M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
+	5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
+	MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
+	r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
+	QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
+	/soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
+	y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
+	DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
+	FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
+	sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
+	hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
+	MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
+	v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
+	FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
+	fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
+	5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
+	JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
+	Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
+	tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
+	+jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
+	-----END CERTIFICATE-----
+
+
+## Option 1: Configuring wpa_supplicant manually
+
+If your system <b>does not</b> use Network Manager, you
+must configure wpa_supplicant directly.  Open (or create)
+/etc/wpa_supplicant/wpa_supplicant.conf.  At minimum, it should contain
+the following configuration of the eduroam network.  You can also add
+other Wi-Fi networks here.
+
+	ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+	disable_scan_offload=1
+	update_config=1
+	autoscan=periodic:10
+	network={
+		ssid="eduroam"
+		key_mgmt=WPA-EAP
+		eap=TTLS PEAP
+		identity="auNNNNNN@uni.au.dk"
+		password="YOURPASSWORD"
+		ca_cert="/etc/ssl/au-eduroam-cert.pem"
+		phase2="auth=MSCHAPV2"
+		mesh_fwding=1
+		frequency=5200
+	}
+
+The ctrl_interface line may look different on your system.  Make sure
+to edit the identity and password values according to your AU ID.
+
+Next, make sure that other users cannot read the contents of the file:
+
+	# chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
+	# chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf
+
+On OpenBSD, associate wpa_supplicant with the network interface.  In the
+following command, change "iwm0" to your wifi device name:
+
+	# rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant.conf -s -D openbsd -i iwm0
+
+It is now time to start the wpa_supplicant service:
+
+	# rcctl start wpa_supplicant		# OpenBSD
+	# rc-service wpa_supplicant start	# Gentoo (OpenRC)
+
+You should now be connected to the Aarhus University eduroam network.
+In case of problems, you can stop the wpa_supplicant daemon and manually
+launch it with debugging messages enabled (-d):
+
+	# wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf
+
+
+## Option 2: Using Network Manager
+
+If your system uses Network Manager to configure networking, connect to
+the eduroam wifi with the following configuration:
+
+	gopher://adamsgaard.dk/tmp/eduroam-network-manager.png

	adamsgaard.dk my academic webpage
	git clone git://src.adamsgaard.dk/adamsgaard.dk # fast git clone https://src.adamsgaard.dk/adamsgaard.dk.git # slow
	Log \| Files \| Refs \| README \| LICENSE	Back to index

A	pages/015-au-eduroam.cfg	\|	8	++++++++
A	pages/015-au-eduroam.html	\|	112	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A	pages/015-au-eduroam.txt	\|	116	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++