Connecting to Eduroam wifi

M0BPQ2 · October 18, 2021, 2:10pm

Hi everyone.

I have built a live train display following

and it woks just fine on my home network. I want to run it at my UK university workplace which uses Eduroam, but I cant get it to connect to the work wifi. I followed the Eduroam instructions at

And my network admins say that the CA-Cert should equal “Do not validate”. I wonder if this is where I am making my error as I dont know which, if any words, should be in caps? Are spaces allowed? Some other apps state it should be “Don’t validate”.

Any ideas what I am doing wrong?
Thanks so much
Steve

mpous · October 19, 2021, 2:28pm

Hello @M0BPQ2 welcome to the balena community!

Could you please share with us your wifi configuration file (hidding the private parts)?

Thanks

mpous · October 19, 2021, 2:43pm

BTW find here another example of eduroam by a balena colleague to give you some ideas → BalenaOS - Connecting to Eduroam

Let me know if that works

M0BPQ2 · October 20, 2021, 12:31pm

Thanks @mpous. Google helped me find the link you provided and I used that as my base config

My config is

ipv6]
method=ignore
ip6-privacy=0

[connection]
id=eduroam
type=802-11-wireless

[802-11-wireless-security]
key-mgmt=wpa-eap

[802-11-wireless]
ssid=eduroam
mode=infrastructure
security=802-11-wireless-security

[802-1x]
eap=peap;
identity=12345@kcl.ac.uk
ca-cert=none
phase2-auth=mschapv2
password=VeryCleverPassword
private-key-password-flags=1
phase2-private-key-password-flags=1

[ipv4]
method=auto
may-fail=false

The guide says that you need to contact the sys admins about the ca-cert and their reply was “pick do not validate”. I have tried, “none”, and variations of “Do Not Validate” ( with/without caps, hypens instead of spaces) but no luck, and here I am to solve the puzzle.

I’d appreciate any thoughts…

mpous · October 20, 2021, 1:26pm

Thank you very much @M0BPQ2 for publishing your solution for connecting your balena device over an Eduroam WiFi.

Let us know if we can help you with anything else

M0BPQ2 · October 20, 2021, 3:13pm

I’m afraid that isn’t the solution @mpous, just my current non-working config!

I think the issue is with the CA-CERT line. what format should I enter “DO NOT VALIDATE”? Is there is standard format that I should use?

Thanks
Steve

mpous · October 21, 2021, 10:03am

Apologizes @M0BPQ2 i didn’t read the end of your message!

I asked to a colleague with more experience on the NetworkManager and he mentioned that sometimes there are these type of issues with certificates for enterprise/university on WiFi authentication.

First of all you can take a look at the ca-cert section here 802-1x: NetworkManager Reference Manual to find out more information on how you can embed a certificate if needed.

When your admin says that the certificate should equal Do not validate, he probably means that the NetworkManager should not validate some server certificate (like a browser does not allow that for expired certificates and displays an error page). We do not see any fields in the NetworkManager docs for ignoring validation though.

Usually it is the network administrators that provide NetworkManager complete profiles for accessing their networks, so you may need to communicate this with the admins of your University.

M0BPQ2 · January 31, 2024, 10:12am

For the sake of completion, I have worked out how to connect to Eduroam when no CA-Cert is required:

[ipv6]
method=ignore
ip6-privacy=0

[connection]
id=eduroam
type=802-11-wireless

[802-11-wireless-security]
key-mgmt=wpa-eap

[802-11-wireless]
ssid=eduroam
mode=infrastructure
security=802-11-wireless-security

[802-1x]
eap=peap;
identity=12345@kcl.ac.uk
phase2-auth=mschapv2
password=VeryCleverPassword
private-key-password-flags=1
phase2-private-key-password-flags=1

[ipv4]
method=auto
may-fail=false

Compared to my earlier post - I have removed the CA-cert line altogether. This works on Eduroam at KCL and UCL in London.