Patch for eduroam ru

diff --git a/index.html b/index.html
index 4085507..8991b2d 100644 (file)
--- a/index.html
+++ b/index.html
@@ -171,7 +171,7 @@
 
                <h3>Tutorials or manuals</h3>
                <ul>
-                       <li><a href="nonm.html">Wifi roaming without network manager</a></li>
+                       <li><a href="nonm.html">Wifi roaming without network manager (includes eduroam ru instructions)</a></li>
                        <li><a href="thin.html">Using a HP t5710 thin client as a retro system</a></li>
                        <li><a href="dvorak.html">Dvorak page</a></li>
                </ul>
@@ -196,6 +196,6 @@
                <p>Valid XHTML 1.0 Strict</p>
                <p>Best viewed with a screen resolution &gt;= 640x480 or &gt;=80x24 text mode in one of <a href="https://en.wikipedia.org/wiki/List_of_web_browsers">these browsers.</a></p>
                <p>The source of this website can be found <a href="https://git.martlubbers.net/?p=martlubbers.net.git">here</a></p>
-               <p>Last updated: 2018-10-22</p>
+               <p>Last updated: 2018-11-05</p>
        </body>
 </html>

diff --git a/nonm.html b/nonm.html
index 5baa473..55096e1 100644 (file)
--- a/nonm.html
+++ b/nonm.html
@@ -79,5 +79,44 @@ update_config=1
                Note that it resides by default in <tt>/usr/sbin</tt>.
                <tt>wpa_gui</tt> is a graphical frontend where you can add, remove, diagnose and change wireless networks with <em>almost</em> as much functionality as <tt>wpa_cli</tt>.
                </p>
+
+               <h2><tt>eduroam</tt></h2>
+               <p>
+               Eduroam gives a nice configuration assistant tools nowadays that will generate a <tt>wpa_supplicant.conf</tt> entry for you.
+               Previously you could hash your password using md4 but I haven't tested whether this still works.
+               </p>
+
+               <h3>update: cat broken</h3>
+               The tool worked before&tm; but not anymore on my debian testing version.
+               Therefore I've pasted my config here for later reference.
+               You get the <tt>ca_cert</tt> from the assistant tool.
+               I might upload that here as well.
+               <pre>
+network={
+       ssid="eduroam"
+       proto=RSN
+       key_mgmt=WPA-EAP
+       pairwise=CCMP
+       auth_alg=OPEN
+       eap=PEAP
+       identity="YOURUSERNAME@ru.nl"
+       anonymous_identity="anonymous@ru.nl"
+       password="YOURPASSWORD"
+#      ca_cert="/home/mrl/.cat_installer/ca.pem"
+       domain_suffix_match="authenticatie.ru.nl"
+       phase2="auth=MSCHAPV2"
+}
+               </pre>
+               </p>
+
+               <h2><tt>openssl update</tt></h2>
+               <p>
+               The new version of openssl disables everything lower than TLSv1.2.
+               If you see errors in <tt>/var/log/syslog</tt> about <tt>TLS</tt> you have to allow lower version TLS versions by changing the last two lines in <tt>/etc/ssl/openssl.cnf</tt> to:
+               <pre>
+MinProtocol = TLSv1.0
+CipherString = DEFAULT@SECLEVEL=1
+               </pre>
+               </p>
        </body>
 </html>