Internet and Net Access

eduroam with Android

Contents

  1. General Information
  2. Configuration of eduroam

General Information

Due to the large number of Android versions and manufacturer customizations, it is not possible to provide general instructions here. Individual settings may therefore differ from the instructions described here.

Mobile devices using the Android operating system will connect to eduroam without a specific certificate by default.

Configuration of eduroam

1. Open the WLAN settings under SettingsWireless and networkWLAN settings and select eduroam.

2. Configure the connection with the following settings:

EAP method: PEAP

Phase 2 authentication: MSCHAPV2

CA Certificate: System certificate / default

Domain: radius.zdv.uni-mainz.de

Identity: username@uni-mainz.de
Username = username of your JGU account. Make sure that you really use your user name before the @ and not, for example, an email alias that differs from it!

Anonymous identity: leave blank

Password: Password of your JGU account

Click on Safe/Connect.

 

[/rechtespalte]

 

Posted on

New Digital Certificates for Wireless LANs – 2023

New digital certificates for the wireless LANs eduroam and Uni-Mainz were activated on November 24.

What does that mean for you ?For you, not much changes. The new digital certificate will be either - depending on the operating system or device - accepted automatically, or you must confirm upon request that you accept te certificate. Some devices display the name, others a so-called fingerprint of the digital certificate.

The new certificate for the  Wireless LANs for reconciliation

The correct certificate is issued for the server radius.zdv.uni-mainz.de and contains the following information for adjustment, of which only just a part is displayed (againg dependent on the operating system or device):

CN= radius.zdv.uni-mainz.de

O= Johannes Gutenberg University Mainz

S= Rhineland-Palatinate

C= DE

With fingerprint: 58 8c fd 20 66 4b d9 92 bb a6 23 53 06 1a 3c 94 d8 92 c5 18

What are digital certificates?

A digital certificate is proof of authenticity that certifies the identityof a computer or organization. You can compare it with a real-life identity card. Due to legal framework conditins and to prevent misuse, we are obligated to renew te certificates reguarly for these services.


More news from the Data Center → may be found here.

New Digital Certificates for VPN

On 2 march 2023, new digital certificates will be activated for the VPN servers.

What does that mean for you?

Not much will change for you. The new digital certificate is either automatically accepted - depending on the operating system or device - or you have to confirm that you accept the new certificate when asked. Some devices show the name, others a so-called fingerprint of the digital certificate.

The new digital certificate for VPN for comparison

Issued for: vpn.uni-mainz.de
Issued by: GEANT OV RSA CA 4
With fingerprint: 53 ad 5c 66 ea ae f6 b8 9a 05 4c 37 60 18 6e 95 50 c6 22 6b

What are digital certificates?

A digital certificate is an electronic proof of authenticity that certifies the identity of a computer or an organization. You can also compare this to an identity card in real life. Due to the legal framework and to prevent misuse, we are obliged to renew the certificates for these services on a regular basis.


More news from the Data Center → may be found here.

New Digital Certificates for Wireless LANs Eduroam and Uni-Mainz

On October 28, 2022, new digital certificates for wireless LANs eduroam and Uni-Mainz activated.

What does that mean for you ?

For you, not much changes. The new digital certificate will be either - depending on the operating system or device - accepted automatically, or you must confirm upon request that you accept te certificate. Some devices display the name, others a so-called fingerprint of the digital certificate.

The new certificate for the  Wireless LANs for reconciliation

The correct certificate is issued for the server radius.zdv.uni-mainz.de and contains the following information for adjustment, of which only just a part is displayed (againg dependent on the operating system or device):

CN= radius.zdv.uni-mainz.de

O= Johannes Gutenberg University Mainz

L= Mainz

S= Rhineland-Palatinate

C= DE

With fingerprint: ae bc 5d d0 ee 25 02 d1 14 e5 8e 77 45 a4 64 b7 37 73 b9 69

What are digital certificates?

A digital certificate is proof of authenticity that certifies the identityof a computer or organization. You can compare it with a real-life identity card. Due to legal framework conditins and to prevent misuse, we are obligated to renew te certificates reguarly for these services.


More news from the Data Center → may be found here.

SSH Gate

Some servers are only accessible inside the university network. JGU provides an SSH jumphost server you can use to connect to these servers.
For authentication, only → public key authentication is allowed.

First you need to create an SSH key. If you already own an SSH key, you can go to the next step.
A guide on how to create an SSH key can be found → here.

You need to link your SSH key to your user account.
To do so, visit https://account.uni-mainz.de/my-account/add-ssh-key
On this site you find an input field named 'SSH-Key hinzufügen'.

Paste your public key into this input field. The comment of this key must contain SSHGATE. You can edit your key inside the field after you pasted it. An SSH key comment is always at the end of the key. If you want to connect to multiple servers using this authentication you need to separate them using ,.
Example: ... SSHGATE,HPCGATE,HPCLOGIN

💡 The server name declares the servers the key is deployed to.
If the same key should be used on multiple servers all servers must be added to the comment. If multiple keys should be used each key comment must contain the corresponding server name.

When you have finished, click on SSH-Key Speichern.

To connect to a server using SSHGATE as a jumphost use the following command.
ssh -J username@sshgate.zdv.uni-mainz.de loginname@Targetserver
The -J option tells ssh to use the first server as a jumphost.

You can add the SSHGATE server to your ssh config file. This way the connection can be called with a shortcut.
To add a shortcut you need to edit the file ~/.ssh/config.
You need to add the following lines.
After the file is edited you can call the shortcut with ssh ShortcutName.

Posted on

Connect to eduroam with Linux

1. Check Certificate

To establish a secure connection with eduroam you need to use a certificate.
This certificate comes preinstalled on most Linux Distros. Please check if it is already installed on your System. You can find it in the folder /etc/ssl/certs/ . The name is USERTrust_RSA_Certification_Authority.pem.
If this certificate is already installed, go to step 2.

https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates
The required certificate is called: Root Certificates: SHA-2 Root : USERTrust RSA Certification Authority

Download the certificate, and remember where you saved it. You need this certificate each time you connect to eduroam, so it's good practice to save it somewhere else than your downloads folder. Otherwise it may get deleted accidentally.

 

2. Delete existing eduroam profiles

To avoid any issues setting up eduroam, make sure no other eduroam profiles exist and delete them if needed.

3. Create a new connection

Select eduroam inside your network manager.

A window with connection settings will open.

Edit the fallowing entries:

Wi-Fi Security: WPA & WPA2 Enterprise

Authentication: Protected EAP (PEAP)

Anonymous identity: can be blank

CA certificate: Here, you need to select the certificate from step 1.
If the certificate is already installed, select /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem.
Otherwise select the certificate you downloaded.

PEAP version: Automatic

Inner authentication: MSCHAPv2

Username: Username@uni-mainz.de

Password: Your Password

Click on Connect, you should then get connected to eduroam.

Posted on

eduroam for Windows 10

1. Click on the wireless symbol in the lower right of the task bar: 

2. All available networks will be shown. Choose the network eduroam and then click on Verbinden.

3. You will be asked to enter your login data.


Important: enter your user name as follows:

username@uni-mainz.de (users of other institutions participating in eduroam may use the equivalent login data of their institution, for example: mustermann@uni-frankfurt.de)

Passwort: your password for this institutional account.

Please make sure to enter your user name before the @ and not, for example your mail alias which may be different!

4. The message "Die Identität des Servers kann nicht überprüft werden" will be displayed. You may get the details of the certificate to be displayed.

From 2 March 2023, 11.00, you will find the following finger print in the details of the certificate:

53 ad 5c 66 ea ae f6 b8 9a 05 4c 37 60 18 6e 95 50 c6 22 6b

Then click on Verbinden, to estalbish the connection.

In case this does not work ...

... and you receive the message "Verbindung zum Netzwerk kann nicht hergestellt werden" then the required certificate is probably not installed on your computer. The solution: while you are connected to another network (Winulum, for example), visit any https page (for example: OWA → https://mail.uni-mainz.de, or JoguStINe → https://jogustine.uni-mainz.de) within Internet-Explorer (do not use chrome, Opera, Firefox ... for this, as these will not automatically do the following) - when you do this with Internet Explorer, the required certificate will be installed and will subsequently be availabe for all wireless connections using eduroam or uni-mainz.

Posted on

Configuration of VPN for Android

Android does not yet support the VPN type „IKEv2“. To be able to use this type, you can download the app  StrongSwan from the Google Play Store.

1. Tip at Profil hinzufügen.

2. Enter the following data:
Server: vpn.uni-mainz.de
VPN-Typ (usually pre-selected): IKEv2 EAP (Benutzername/Passwort)
Benutzername: your JGU account user name (without @uni-mainz.de)
​Passwort: your JGU account password

​3. Tip at Speichern. Now you should be able to connect.

If you do not want to use an additional app, you may use the VPN type „PPTP“ instead. However, we recommend the type „IKEv2“ because of its higher security level.

Here's an example confiuguration for Android 4.0 Ice Cream Sandwich:

Open up Einstellungen. Below Drahtlos & Netzwerke tip at „Mehr…“:

Below Drahtlos & Netzwerke tip at VPN:

Then configure a new VPN connection by tipping at VPN hinzufügen:

Fill in the fields as follows:

Name: VPN Uni Mainz (your choice - this is arbitrary)
Typ: PPTP
Serveradresse: vpn.uni-mainz.de
IPSec-ID: secure-all
Vorinstallierter IPSec-Schlüssel: public

After that, go back to the previous interface. The connection will be shown.
Tip at it.

Enter your access data for your JGU account into the following pop-up window:

Nutzername: Your JGU account user name (without @uni-mainz.de)
Passwort: Your password

Posted on

Configuration of VPN for iPad/iPhone

This procedure ist identical for iPad and iPhone:

  1. Open Einstellungen -> VPN.
  2. Tip at VPN hinzufügen (if you already have a VPN configuration for the campus network, please deletet it).
  3. The following window will be shown:

Enter the following data into these input fields:

Typ: IKEv2

Beschreibung: an arbitrary name chosen by you, for example 'Uni-VPN'

Serveradresse und entfernte ID:
for both: vpn.uni-mainz.de
The input field 'Lokale ID' must remain empty.
Authentifizierung:

Benutzerauthentifizierung: Benutzername
Enter your JGU account user name here, followed by @uni-mainz.de: tester@uni-mainz.de (Please note: this is not quite the same as your mail address)
Passwort: your JGU account password

Proxy: aus

Now the VPN connection is established. Tip at Fertig.

Now you may use VPN in addition to your normal internet connection.

To do that, tip at Einstellungen -> VPN and push the Regler next to Status to the right.

Posted on