Eduroam Hints

Willie WY Wong
Last updated on 5 min read non-math

The eduroam service provides WiFi connectivity for students and researchers when they are travelling between campuses. Access used to be limited to academic institutions, but recently I've seen eduroam hotspots available at airports and train stations in Europe.

So it is somewhat useful to have on my work laptop.

Unfortunately MSU IT's instructions for configuring eduroam only offers instructions for Android, iOS, MacOS, and Windows. My two main working computers run other operation systems. So here are some set-up notes for future reference.

ChromeOS

For Chromebooks, the following the set-up link one would be directed to download the "SecureW2 JoinNow extension" for the Chrome browser. The extension will then direct you to sign-in to the MSU SSO, after which an ONC Configuration file will be downloaded by the extension.

The extension will then give you the information on how to import the configuration file into ChromeOS.

(That is, some additional amount of manual intervention is required, but the extension provides all required information for you to complete this. So overall fairly painless.)

Linux

For Linux the situation is somewhat worse. The main issue is that the company behind the SecureW2 application makes certain assumptions about your linux system which is not always met. So here are some hints:

  • You will need to have a working version of python; SecureW2 provides a shell script to run, but the actual heavy-lifting is performed by a Python script that the shell script unpacks and runs on your computer.
    • The script may complain about missing dependencies, just install them using pip or your OS package manager. In my case I needed to add the Python dbus package.
    • The script should be run not as root. It is entirely user land, which makes sense, as eduroam wants per-user authentication.
  • Most importantly, however, you need to be using NetworkManager to manage your connections. This is standard on most Ubuntu and Fedora installs, but was not my top choice when I originally configured my Linux laptop (using iwd is much simpler for initial set-up).
    • The extremely annoying thing is that it is almost impossible to find this information. The Python script just exits with an opaque error that says that it failed to configure the network.
    • It took a bit of effort for me to trace through the Python script to figure out why it isn't working.
    • Then removing iwd and systemd-networkd and replacing it with NetworkManager also took some time.
    • After all that I finally got it to "just work".
  • Oh, and it is much more convenient to run the script when you have a GUI. It loads the SSO sign-on page using your system browser, which is a bit annoying if you happened to be on Terminal.

reMarkable Tablet

In May of 2026, reMarkable released version 3.27 of their software; one of the new features that I am most excited about is that they've updated their WebApp to work with Screen Sharing. Screen sharing previously required running either the Windows or the Mac versions of the Desktop Application, and I had to rely on goMarkableStream to share my tablet with my Chromebook or my Linux computer. With the new update I now have an incentive to get Wifi (specifically eduroam) working on the reMarkable.

The reMarkable's built-in interface for Wifi is not built for advanced configuration, so one would have to do a little bit more work. While reMarkable runs Linux under the hood, it does not use NetworkManager and so you cannot just follow the linux instructions above. Here are some notes on how I got it to work.

Important! Since I run a Linux computer, I have access to the NetworkManager configurations that the SecureW2 script generated, as well as the certificates that it downloaded. On Windwows or Macs you will have to figure out how to get those parameters yourself. The instructions below assume you have access to a Linux computer that is already set-up with eduroam using SecureW2's application.

  1. First, find the eduroam configuration. The SecureW2 application drops it in /etc/NetworkManager/eduroam [XXXXXXXX].nmconnection, where the XXXXXXXX is a hexadecimal string. The file should look something like (I've masked with asterisks private info.)

    [connection]
id=eduroam [*******]
uuid=**********
type=wifi
autoconnect-priority=20

[wifi]
mode=infrastructure
ssid=eduroam

[wifi-security]
auth-alg=open
group=ccmp;
key-mgmt=wpa-eap
pairwise=ccmp;
pmf=2

[802-1x]
ca-cert=/home/******/.joinnow/******.pem
client-cert=/home/******/.joinnow/tls-client-certs/sw2-joinnow-client-cert-*****************.crt
domain-suffix-match=*******
eap=tls;
identity=******
private-key=/home/*****/.joinnow/tls-client-certs/sw2-joinnow-client-cert-*****.p12
private-key-password=**********************

[ipv4]
method=auto

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

  2. Make a copy of the certificate files listed under ca-cert, client-cert, and private-key (you can just make a copy of the .joinnow folder in your home directory, preserving the directory structure).

  3. Create a wpa_supplicant compatible network configuration:

    network={
	ssid="eduroam"
	scan_ssid=1
	key_mgmt=WPA-EAP
	pairwise=CCMP
	group=CCMP
	eap=TLS
	domain_suffix_match="****"
	identity="******"
	ca_cert=/home/root/joinnow/*******.pem
	client_cert=/home/root/joinnow/tls-client-certs/sw2-joinnow-client-cert-************.crt
	private_key=/home/root/joinnow/tls-client-certs/sw2-joinnow-client-cert-************.p12
	private_key_passwd="*****"
}

    Note the following:

    • The wpa_supplicant configuration keys are mostly the same as the corresponding ones in NetworkManager, except that dashes are replaced by underscores.
    • One exception is that private_key_passwd is abbreviated.
    • The lines with the asterisks in them in the listing above should be replaced by the lines you found in the NetworkManager configuration file; note however that I've changed the directories to be based at /home/root/joinnow; this is to match the directory structure on the reMarkable tablet.

  4. Plug-in your reMarkable tablet to your computer. Open up Settings -> Help -> Copyrights and licenses. This activates the ssh server built in your reMarkable.

  5. Using the ssh password and ip address shown, use scp to copy the wpa_supplicant config file you made to the reMarkable

    scp <supplicant.conf> root@xx.xx.xx.xx:./

    and copy the joinnow directory (with the certificates)

    scp -r <joinnow-dir/> root@xx.xx.xx.xx:./

  6. Using ssh root@xx.xx.xx.xx get shell access on your reMarkable.

  7. Rename, if necessary, the directory containing the certificates to joinnow/ (this would sit in /home/root; this directory is untouched by software updates, whereas configs in /etc are overwritten). Check that the paths of the certificates agrees now with what you've entered in the network configuration file you prepared.

  8. Go to ~/.config/remarkable/ and find the file wifi_networks.conf. Remove from the file any old eduroam configurations. Append to this file the new configurations you created.

  9. Restart wifi (systemctl restart wpa_supplicant).

  10. At this point the wifi should connect. You can check the logs with journalctl to check.

software
Avatar
Willie WY Wong
Associate Professor

My research interests include partial differential equations, geometric analysis, fluid dynamics, and general relativity.

Related