Wifi

Last modified by Aysegül Omus on 2023/03/07 15:01

WLAN

This article deals with eduroam configuration for various OS. Its focus is mainly on the network settings in TUM's FMI building.

1. General information about Eduroam and CAT Eduroam

Education Roaming (eduroam) is a worldwide Internet access service for educational and research institutions and their staff and students. It enables Internet access at the sites of all participating organisations using their own username and password.

Moreover, eduroam serves as an access to the scientific network for travelling scientists, students and employees of other universities or research facilities that are part of the global roaming.

A lot of systems carry out little to no security checks during setup, which enables attackers to intercept your password at any time. For this purpose they should simply be in the radio range of your device.

To ensure a secure eduroam configuration, it is strongly recommended to set up eduroam using the wizard (CAT tool), which provides an automatic configuration for most operating systems. The process entails a WLAN profile configuration and, if needed, an additional installation of a CA certicate by Deutsche Telekom for use in the WLAN profile.

In order to use the WLAN, Deutsche Telekom's root certificate is required. („T-TeleSec !GlobalRoot Class 2“, valid until 02. Oktober 2033 01:59:59 MESZ) It can be found in the certificate store of most common operating systems or it can be downloaded manually. The root certificate is located under the following link:
https://www.pki.dfn.de/fileadmin/PKI/zertifikate/T-TeleSec_GlobalRoot//Class//2.crt

A manual eduroam configuration holds major security risks and may possibly allow for user data theft. More information on security tips about eduroam in German can be retrieved here.

2.Manuals

1. Windows

2. MacOS

3. Linux

3.1 systemd-networkd

For the eduroam network following should be appended to your wpa_supplicant configuration for the corresponding WLAN interface:

network={
  ssid=eduroam
  key_mgmt=WPA-EAP
  pairwise=CCMP
  group=CCMP TKIP
  eap=PEAP
  ca_cert=/etc/wpa_supplicant/cert/ca.pem
  identity=LRZ-Kennung
  domain_suffix_match=radius.lrz.de
  phase2=auth=MSCHAPV2
  password=password
  anonymous_identity=anonymous@eduroam.mwn.de
}


Now you only need the eduroam certificate, which you can obtain for example from the LRZ website.

5. iOS (iPhone/iPad)

6. Android

6.1.  Android

7. Sources

- https://info.gwdg.de/dokuwiki/doku.php?id=en:services:network_services:eduroam:start

- https://info.gwdg.de/docs/doku.php?id=en:services:network//services:eduroam:linux_ubuntu//14.04

- https://www.uni-bamberg.de/rz/dienstleistungen/netz/wlan/eduroam/

- https://www.anleitungen.rrze.fau.de/internet-zugang/wlan/