2.9 KiB
| title | date | author |
|---|---|---|
| UCLA Network Guide | 2024-04-03 | Mustafa |
Eduroam is an international roaming service for students, based on WPA2 Enterprise. Along with UCLA_WEB, it is a highly available network on campus.
Connecting to eduroam
NetworkManager fully supports
WPA2. The simplest way to connect is to use a graphical frontend for
NetworkManager. A minimalist option is to install nm-applet and
nm-connection-editor , then fill in the following settings:
| Setting | Value |
|---|---|
| Security | WPA & WPA2 Enterprise |
| Authentication | Protected EAP (PEAP) |
| PEAP version | Automatic |
| Inner authentication | MSCHAPv2 |
| Username | USERNAME@ucla.edu |
| Password | your UCLA password |
Note that setting "Do not require CA certificate" can be a security risk. If an attacker is impersonating UCLA eduroam, then he can steal your UCLA credentials. For added security, follow the guide on UCLA KB, and manually check the certificate:
Certificate Serial Number: 00 9F 1E 08 E5 C2 D9 F5 1D FC 52 66 9C 40 48 5D 90
SHA-256 Fingerprint of the Key: D8 62 DB 03 27 45 D1 AC 2E 36 0F 47 CA 9F 98 87 8F 30 6D A1 A5 31 AD 16 67 01 87 99 45 0D A0 D4
SHA1 Fingerprint of the Key: A3 11 21 86 DB 31 24 B2 56 0D 8F FB 86 47 C9 0A 8F 36 5D 78
For more information, see UCLA IT page, and for a more advanced setup, see the Arch Wiki.
For other networks (like UCLA_SECURE_RES), going to the following website: http://nmcheck.gnome.org/ should bring up the "Accept terms and conditions" page.
Connecting to UCLA VPN
The UCLA VPN allows you to access campus resources as even when you are away from campus. This is useful for downloading scientific journals, for example.
Open nm-connection-editor or a NetworkManager frontend from your desktop
environment, and add a Cisco AnyConnect VPN connection with the following
settings:
| Setting | Value |
|---|---|
| VPN Protocol | Cisco AnyConnect or OpenConnect |
| Gateway | ssl.vpn.ucla.edu |
| User Agent | AnyConnect Linux_64 4.10.07061 |
| CA certificate | None |
The same note about the security risk applies when you set CA certificate to
none. After adding the VPN entry, launch nm-applet, connect to the VPN, and
set the following
username: USERNAME
password: YOUR_PASSWORD/DUO_OTP
Note that you should append to your password after typing it a forward slash and the two factor authentication code from your DUO OTP.