Raspberry Pi 4B Setup 3 - Connecting Pi to Eduroam, An Enterprise Wi-Fi
This post guides you on how to connect the Raspberry Pi to Eduroam, an Enterprise Wi-Fi.
This document is based on:
- Raspberry Pi 4 Model B 4GB
- Raspberry Pi OS (legacy, 64-bit)
- PuTTY v0.81 64-bit x86 Windows
Introduction
Eduroam is one of the enterprise Wi-Fi networks that requires individual credentials (username and password) for authentication. It is a credential-based network that relies on user-specific credentials, typically provided by the home institution. To connect the Raspberry Pi to Wi-Fi in universities or research institutes, some manual configurations of the network settings are needed, unlike home Wi-Fi.
1. Setup before configurations
It is recommended to turn off the wireless network interfaces on the Raspberry Pi before making modifications to the configuration file.
- Log in to the Raspberry Pi using SSH.
- Type
iwlist wlan0 scanto check if Eduroam is detected. The name of the Wi-Fi will be printed asESSID: "eduroam". - Type
sudo suto elevate to superuser mode. Type
ifdown wlan0, thenifdown eth0to shut down all network interfaces.What are
wlan0andeth0?
These are network interfaces:wlan0is the Wi-Fi interface.eth0is the Ethernet interface.
- Type
killall wpa_supplicantto terminate any process associated withwpa_supplicant.conf.
2. Modify Wi-Fi Network Configuration File
Now, it is safe to modify the configuration file wpa_supplicant.conf.
Open
/etc/wpa_supplicant/wpa_supplicant.confusing nano:1
nano /etc/wpa_supplicant/wpa_supplicant.conf
Scroll to the bottom of the file and add the following network information. Replace the identity and password values with your own credentials.
For typical Eduroam (PEAP with MSCHAPv2):
1 2 3 4 5 6 7 8 9
network={ ssid="eduroam" key_mgmt=WPA-EAP eap=PEAP identity="your_username@institution.edu" password="your_password" phase2="auth=MSCHAPV2" ca_cert="/etc/ssl/certs/ca-certificates.crt" # optional }
For Eduroam with certificate validation (EAP-TLS):
1 2 3 4 5 6 7 8 9 10
network={ ssid="eduroam" key_mgmt=WPA-EAP eap=TLS identity="your_username@institution.edu" client_cert="/path/to/client-cert.pem" private_key="/path/to/private-key.pem" ca_cert="/path/to/ca-certificate.pem" private_key_passwd="your_key_password" }
For anonymous identity to enhance privacy:
1 2 3 4 5 6 7 8 9 10
network={ ssid="eduroam" key_mgmt=WPA-EAP eap=PEAP identity="your_username@institution.edu" anonymous_identity="anonymous@institution.edu" password="your_password" phase2="auth=MSCHAPV2" ca_cert="/etc/ssl/certs/ca-certificates.crt" }
What do these values mean?
For more information about common values used in network configurations, refer to Section A.1.Once finished, save and exit by pressing Ctrl + X, followed by Y to confirm saving.
Restart the
wpa_supplicantservice to apply the changes:1
systemctl restart wpa_supplicant
Initialize the
wpa_supplicant.conffile:1
wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
3. Check Connectivity
Now that the modifications to the Wi-Fi network configuration file are complete, let’s check the connectivity.
- Type
ifup wlan0followed byifup eth0to bring the network interfaces back online. - Use
iwconfigto verify that thewlan0network interface is connected toESSID:"eduroam". Ping
www.google.comto confirm data transmission:1
ping -c 3 www.google.com
A. Appendix
A.1. Common values in the Wi-Fi network configuration file
ssidis the name of the Wi-Fi network.key_mgmtspecifies the key management protocol used.WPA-EAPfor WPA2/WPA3 EnterpriseIEEE8021Xfor older 802.1X networks
eapspecifies the Extensible Authentication Protocol (EAP) type. Common values:PEAP: Protected EAP, commonly used with MSCHAPv2 for username/password authentication.TLS: EAP-TLS, used for certificate-based authentication (requires client certificates).TTLS: EAP-TTLS, similar to PEAP but supports more inner authentication methods.PWD: EAP-PWD, password-based without certificates.FAST: EAP-FAST, uses a Protected Access Credential (PAC) instead of certificates.
identityis the username or email address used to authenticate.passwordis the user’s passwordphase1specifies the outer authentication method used in WPA2/WPA3 Enterprise networks. It is not required for most standard Eduroam setups using PEAP with MSCHAPv2, as default values often work without it.- Use
phase1="peaplabel=1"if your institution uses PEAP with specific requirements for phase 1. - Use
phase1="include_tls_length=1"for EAP-TLS, which is rarely required.
- Use
phase2specifies the inner authentication method for EAP.auth=MSCHAPV2for PEAP, the most common method for Eduroamauth=PAP,auth=CHAP, orauth=GTCused less frequently
ca_certspecifies the path to Certificate Authority (CA) certificate file, required for validating the server certificate.1
ca_cert="/path/to/ca-certificate.pem"
client certspecifies the path to the client certificate file, required for EAP-TLS.1
client_cert="/path/to/client-cert.pem"
private_keyspecifies the path to the private key file, used for EAP-TLS.1
private_key="/path/to/private-key.pem"
private_key_passwordis the password for the private key.anonymous_identityspecifies an anonymous identity sent in the first EAP request, protecting the actual username from being revealed during the initial authentication phase.prioritydetermines the priority of this network compared to others when connecting. Higher values mean higher priority to connect.protospecifies the Wi-Fi protocol.RSNfor WPA2/WPA3WPAfor older WPA1
Useful Links
Connecting to eduroam wifi network
Connecting Linux based Raspberry Pi devices to eduroam
