68 lines
		
	
	
		
			3.1 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			68 lines
		
	
	
		
			3.1 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | |
| title: UCLA Network Guide
 | |
| date: 2024-04-03
 | |
| author: Mustafa
 | |
| description: "Eduroam is an international roaming service for students, based on WPA2 Enterprise. Along with UCLA_WEB, it is a highly available network on campus.…"
 | |
| ---
 | |
| 
 | |
| Eduroam is an international roaming service for students, based on WPA2
 | |
| Enterprise. Along with UCLA_WEB, it is a highly available network on campus.
 | |
| 
 | |
| ## Connecting to eduroam
 | |
| [NetworkManager](https://wiki.archlinux.org/title/Networkmanager) fully supports
 | |
| WPA2. The simplest way to connect is to use a graphical frontend for
 | |
| NetworkManager. A minimalist option is to install `nm-applet` and
 | |
| `nm-connection-editor` , then fill in the following settings:
 | |
| 
 | |
| | Setting              | Value                 |
 | |
| | -------------------- | --------------------- |
 | |
| | Security             | WPA & WPA2 Enterprise |
 | |
| | Authentication       | Protected EAP (PEAP)  |
 | |
| | PEAP version         | Automatic             |
 | |
| | Inner authentication | MSCHAPv2              |
 | |
| | Username             | *USERNAME*@ucla.edu   |
 | |
| | Password             | your UCLA password    |
 | |
| 
 | |
| Note that setting "Do not require CA certificate" can be a security risk. If
 | |
| an attacker is impersonating UCLA eduroam, then he can steal your UCLA
 | |
| credentials. For added security, follow the guide on [UCLA KB](https://ucla.service-now.com/support?id=kb_article&sys_id=KB0010959), and manually check the certificate:
 | |
| 
 | |
| ```
 | |
| Certificate Serial Number: 00 9F 1E 08 E5 C2 D9 F5 1D FC 52 66 9C 40 48 5D 90
 | |
| SHA-256 Fingerprint of the Key: D8 62 DB 03 27 45 D1 AC 2E 36 0F 47 CA 9F 98 87 8F 30 6D A1 A5 31 AD 16 67 01 87 99 45 0D A0 D4
 | |
| SHA1 Fingerprint of the Key: A3 11 21 86 DB 31 24 B2 56 0D 8F FB 86 47 C9 0A 8F 36 5D 78
 | |
| ```
 | |
| 
 | |
| For more information, see [UCLA IT page](https://it.ucla.edu/support-training/tutorials/connecting-campus-wireless-network),
 | |
| and for a more advanced setup, see the [Arch Wiki](https://wiki.archlinux.org/title/Network_configuration/Wireless#eduroam).
 | |
| 
 | |
| For other networks (like UCLA_SECURE_RES), going to the following website:
 | |
| http://nmcheck.gnome.org/ should bring up the "Accept terms and conditions"
 | |
| page.
 | |
| 
 | |
| ## Connecting to UCLA VPN
 | |
| The UCLA VPN allows you to access campus resources as even when you are away from
 | |
| campus. This is useful for downloading scientific journals, for example.
 | |
| 
 | |
| Open `nm-connection-editor` or a NetworkManager frontend from your desktop
 | |
| environment, and add a Cisco AnyConnect VPN connection with the following
 | |
| settings:
 | |
| 
 | |
| | Setting              | Value                 |
 | |
| | -------------------- | --------------------- |
 | |
| | VPN Protocol             | Cisco AnyConnect or OpenConnect|
 | |
| | Gateway             | ssl.vpn.ucla.edu |
 | |
| | User Agent             | AnyConnect Linux_64 4.10.07061 |
 | |
| | CA certificate             | None |
 | |
| 
 | |
| The same note about the security risk applies when you set CA certificate to
 | |
| none. After adding the VPN entry, launch `nm-applet`, connect to the VPN, and
 | |
| set the following
 | |
| ```
 | |
| username: USERNAME
 | |
| password: YOUR_PASSWORD/DUO_OTP
 | |
| ```
 | |
| 
 | |
| Note that you should append to your password after typing it a forward slash and
 | |
| the two factor authentication code from your DUO OTP.
 |