site/content/wiki/ucla-network.md

---
title: UCLA Network Guide
date: 2024-04-03
author: Mustafa
---

Eduroam is an international roaming service for students, based on WPA2
Enterprise. Along with UCLA_WEB, it is a highly available network on campus.

## Connecting to eduroam
[NetworkManager](https://wiki.archlinux.org/title/Networkmanager) fully supports
WPA2. The simplest way to connect is to use a graphical frontend for
NetworkManager. A minimalist option is to install `nm-applet` and
`nm-connection-editor` , then fill in the following settings:

| Setting              | Value                 |
| -------------------- | --------------------- |
| Security             | WPA & WPA2 Enterprise |
| Authentication       | Protected EAP (PEAP)  |
| PEAP version         | Automatic             |
| Inner authentication | MSCHAPv2              |
| Username             | *USERNAME*@ucla.edu   |
| Password             | your UCLA password    |

Note that setting "Do not require CA certificate" can be a security risk. If
an attacker is impersonating UCLA eduroam, then he can steal your UCLA
credentials. For added security, follow the guide on [UCLA KB](https://ucla.service-now.com/support?id=kb_article&sys_id=KB0010959), and manually check the certificate:

```
Certificate Serial Number: 00 9F 1E 08 E5 C2 D9 F5 1D FC 52 66 9C 40 48 5D 90
SHA-256 Fingerprint of the Key: D8 62 DB 03 27 45 D1 AC 2E 36 0F 47 CA 9F 98 87 8F 30 6D A1 A5 31 AD 16 67 01 87 99 45 0D A0 D4
SHA1 Fingerprint of the Key: A3 11 21 86 DB 31 24 B2 56 0D 8F FB 86 47 C9 0A 8F 36 5D 78
```

For more information, see [UCLA IT page](https://it.ucla.edu/support-training/tutorials/connecting-campus-wireless-network),
and for a more advanced setup, see the [Arch Wiki](https://wiki.archlinux.org/title/Network_configuration/Wireless#eduroam).

For other networks (like UCLA_SECURE_RES), going to the following website:
http://nmcheck.gnome.org/ should bring up the "Accept terms and conditions"
page.

## Connecting to UCLA VPN
The UCLA VPN allows you to access campus resources as even when you are away from
campus. This is useful for downloading scientific journals, for example.

Open `nm-connection-editor` or a NetworkManager frontend from your desktop
environment, and add a Cisco AnyConnect VPN connection with the following
settings:

| Setting              | Value                 |
| -------------------- | --------------------- |
| VPN Protocol             | Cisco AnyConnect or OpenConnect|
| Gateway             | ssl.vpn.ucla.edu |
| User Agent             | AnyConnect Linux_64 4.10.07061 |
| CA certificate             | None |

The same note about the security risk applies when you set CA certificate to
none. After adding the VPN entry, launch `nm-applet`, connect to the VPN, and
set the following
```
username: USERNAME
password: YOUR_PASSWORD/DUO_OTP
```

Note that you should append to your password after typing it a forward slash and
the two factor authentication code from your DUO OTP.
Add UCLA Networking guide 2024-04-03 22:37:33 -07:00			`---`
			`title: UCLA Network Guide`
			`date: 2024-04-03`
			`author: Mustafa`
			`---`

			`Eduroam is an international roaming service for students, based on WPA2`
			`Enterprise. Along with UCLA_WEB, it is a highly available network on campus.`

			`## Connecting to eduroam`
			`[NetworkManager](https://wiki.archlinux.org/title/Networkmanager) fully supports`
			`WPA2. The simplest way to connect is to use a graphical frontend for`
			NetworkManager. A minimalist option is to install `nm-applet` and
			`nm-connection-editor` , then fill in the following settings:

			`\| Setting \| Value \|`
			`\| -------------------- \| --------------------- \|`
			`\| Security \| WPA & WPA2 Enterprise \|`
			`\| Authentication \| Protected EAP (PEAP) \|`
			`\| PEAP version \| Automatic \|`
			`\| Inner authentication \| MSCHAPv2 \|`
			`\| Username \| USERNAME@ucla.edu \|`
			`\| Password \| your UCLA password \|`

			`Note that setting "Do not require CA certificate" can be a security risk. If`
			`an attacker is impersonating UCLA eduroam, then he can steal your UCLA`
			`credentials. For added security, follow the guide on [UCLA KB](https://ucla.service-now.com/support?id=kb_article&sys_id=KB0010959), and manually check the certificate:`

			```
			`Certificate Serial Number: 00 9F 1E 08 E5 C2 D9 F5 1D FC 52 66 9C 40 48 5D 90`
			`SHA-256 Fingerprint of the Key: D8 62 DB 03 27 45 D1 AC 2E 36 0F 47 CA 9F 98 87 8F 30 6D A1 A5 31 AD 16 67 01 87 99 45 0D A0 D4`
			`SHA1 Fingerprint of the Key: A3 11 21 86 DB 31 24 B2 56 0D 8F FB 86 47 C9 0A 8F 36 5D 78`
			```

			`For more information, see [UCLA IT page](https://it.ucla.edu/support-training/tutorials/connecting-campus-wireless-network),`
			`and for a more advanced setup, see the [Arch Wiki](https://wiki.archlinux.org/title/Network_configuration/Wireless#eduroam).`

			`For other networks (like UCLA_SECURE_RES), going to the following website:`
			`http://nmcheck.gnome.org/ should bring up the "Accept terms and conditions"`
			`page.`

			`## Connecting to UCLA VPN`
			`The UCLA VPN allows you to access campus resources as even when you are away from`
			`campus. This is useful for downloading scientific journals, for example.`

			Open `nm-connection-editor` or a NetworkManager frontend from your desktop
			`environment, and add a Cisco AnyConnect VPN connection with the following`
			`settings:`

			`\| Setting \| Value \|`
			`\| -------------------- \| --------------------- \|`
			`\| VPN Protocol \| Cisco AnyConnect or OpenConnect\|`
			`\| Gateway \| ssl.vpn.ucla.edu \|`
			`\| User Agent \| AnyConnect Linux_64 4.10.07061 \|`
			`\| CA certificate \| None \|`

			`The same note about the security risk applies when you set CA certificate to`
			none. After adding the VPN entry, launch `nm-applet`, connect to the VPN, and
			`set the following`
			```
			`username: USERNAME`
			`password: YOUR_PASSWORD/DUO_OTP`
			```

			`Note that you should append to your password after typing it a forward slash and`
			`the two factor authentication code from your DUO OTP.`