67 lines
2.9 KiB
Markdown
67 lines
2.9 KiB
Markdown
---
|
|
title: UCLA Network Guide
|
|
date: 2024-04-03
|
|
author: Mustafa
|
|
---
|
|
|
|
Eduroam is an international roaming service for students, based on WPA2
|
|
Enterprise. Along with UCLA_WEB, it is a highly available network on campus.
|
|
|
|
## Connecting to eduroam
|
|
[NetworkManager](https://wiki.archlinux.org/title/Networkmanager) fully supports
|
|
WPA2. The simplest way to connect is to use a graphical frontend for
|
|
NetworkManager. A minimalist option is to install `nm-applet` and
|
|
`nm-connection-editor` , then fill in the following settings:
|
|
|
|
| Setting | Value |
|
|
| -------------------- | --------------------- |
|
|
| Security | WPA & WPA2 Enterprise |
|
|
| Authentication | Protected EAP (PEAP) |
|
|
| PEAP version | Automatic |
|
|
| Inner authentication | MSCHAPv2 |
|
|
| Username | *USERNAME*@ucla.edu |
|
|
| Password | your UCLA password |
|
|
|
|
Note that setting "Do not require CA certificate" can be a security risk. If
|
|
an attacker is impersonating UCLA eduroam, then he can steal your UCLA
|
|
credentials. For added security, follow the guide on [UCLA KB](https://ucla.service-now.com/support?id=kb_article&sys_id=KB0010959), and manually check the certificate:
|
|
|
|
```
|
|
Certificate Serial Number: 00 9F 1E 08 E5 C2 D9 F5 1D FC 52 66 9C 40 48 5D 90
|
|
SHA-256 Fingerprint of the Key: D8 62 DB 03 27 45 D1 AC 2E 36 0F 47 CA 9F 98 87 8F 30 6D A1 A5 31 AD 16 67 01 87 99 45 0D A0 D4
|
|
SHA1 Fingerprint of the Key: A3 11 21 86 DB 31 24 B2 56 0D 8F FB 86 47 C9 0A 8F 36 5D 78
|
|
```
|
|
|
|
For more information, see [UCLA IT page](https://it.ucla.edu/support-training/tutorials/connecting-campus-wireless-network),
|
|
and for a more advanced setup, see the [Arch Wiki](https://wiki.archlinux.org/title/Network_configuration/Wireless#eduroam).
|
|
|
|
For other networks (like UCLA_SECURE_RES), going to the following website:
|
|
http://nmcheck.gnome.org/ should bring up the "Accept terms and conditions"
|
|
page.
|
|
|
|
## Connecting to UCLA VPN
|
|
The UCLA VPN allows you to access campus resources as even when you are away from
|
|
campus. This is useful for downloading scientific journals, for example.
|
|
|
|
Open `nm-connection-editor` or a NetworkManager frontend from your desktop
|
|
environment, and add a Cisco AnyConnect VPN connection with the following
|
|
settings:
|
|
|
|
| Setting | Value |
|
|
| -------------------- | --------------------- |
|
|
| VPN Protocol | Cisco AnyConnect or OpenConnect|
|
|
| Gateway | ssl.vpn.ucla.edu |
|
|
| User Agent | AnyConnect Linux_64 4.10.07061 |
|
|
| CA certificate | None |
|
|
|
|
The same note about the security risk applies when you set CA certificate to
|
|
none. After adding the VPN entry, launch `nm-applet`, connect to the VPN, and
|
|
set the following
|
|
```
|
|
username: USERNAME
|
|
password: YOUR_PASSWORD/DUO_OTP
|
|
```
|
|
|
|
Note that you should append to your password after typing it a forward slash and
|
|
the two factor authentication code from your DUO OTP.
|