2021-11-25
eduroam with iwd
Update 2022-10-18
If you have trouble with iwd randomly dropping the connection, try
setting EnableNetworkConfiguration=false in your
/etc/iwd/main.conf.
Update 2022-05-03
Today I was made aware of the fact, that after a brief phase of popularity I never knew anything about, my article here has been obsoleted by a section in the GWDG Wiki. I recommend using that as a guide, since it's official.
It was suggested to me that the Wiki section may be directly copied
inspired by this article. You're welcome.
This is a super short blog post I am writing as a "celebration" of sorts for having solved probably the single most persistent issue I had with my Linux installations in the past two or three years.
The problem: Connecting to my universities WLAN.
I use iwd for wireless networks, because frankly it is superior to wpasupplicant in every single way. Did you ever notice how long some Linux systems take to connect to WLAN? That is wpasupplicant snailing along. With iwd, connecting is pretty much instant. Also the connection, once established, is a lot more stable, although that might just be my anecdotal experience.
My university uses eduroam. For those unaware, eduroam basically is a system that unifies the WLAN access for universities, libraries and other scientific institutions all over the world, at least in theory. In practice pretty much every institution configures their eduroam access points differently. So even though other people have figured out how to make iwd connect to their eduroam at their institutions, I could not just copy their configuration.
Every eduroam related documentation as well as the semi-official setup script assume you are either using NetworkManager or wpasupplicant standalone. And converting those configurations to iwd was not as trivial as one would assume, mostly because iwd requires a bit more networky configuration that you simply do not know when you have only superficial knowledge of how networking works. iwctl has a setup dialog that is pretty good at guessing the correct settings, but it only works for home setups (WPA2), not for "enterprise" configurations like the one eduroam uses.
Before the pandemic I struggled a lot to get my laptop to connect to
eduroam, without success. But then I could suddenly ignore the problem
for some time, as everything was now suddenly online; I have not been
at campus for about two years, which prevented me from networking
there (both kinds). But this new semester a few events and lectures
optionally allowed for live attendence, which I was pretty keen on. So
in between two events, I sat down and after lots and lots of
trial-and-error, reading journalctl -u iwd and wiggling values in
the connection file, I finally got it to work.
So here is the iwd configuration for my institution, the university of Göttingen. It is known to work in the LSG and physics department (did I mention that sometimes the eduroam configuration even varies between buildings of the same institution?).
[Security]
EAP-Method=PEAP
EAP-Identity=eduroam@gwdg.de
EAP-PEAP-CACert=/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=user-name@stud.uni-goettingen.de
EAP-PEAP-Phase2-Password=password
EAP-PEAP-ServerDomainMask=*.gwdg.de
Insert your user account name, your password, save as eduroam.8021x
in /var/lib/iwd/ and you should be good to go.
Yes, your password is stored as plain text. Yes, you should set the permissions of the file accordingly and encrypt your drive.
Unless you are at a different institution, then you will probably have to tinker your way into the WiFi yourself. Good luck…