Gentoo Instructions


How to connect a Gentoo Linux with WPA_Supplicant to the Eduroam service

The wireless service enables members of the University to connect to the University network and the Internet using their own computers and devices at various locations around the University and Halls of residence. This guide contains instructions to connect a computer to the eduroam wireless service.

We allow the gentoo package management (portage) service to work through our restricted wireless service on SwanseaUni-setup, so you can update your system and any software you need to secure your computer before you connect to the internet and eduraom. YOu have to make use of the gentoo.virginmedia.com on HTTP only.


Step 1 - Configure Eduroam

First of all check that your Wireless card is at least being detected by Linux.
If not then you may need to compile it into the Linux Kernel or probe it using modprobe.
Once you have found a suitable module you should update /etc/modules.autoload.d/kernel-2.6.

If your having problems working out what card you have then use the command lspci to find out.
Note that you will need to have installed the package sys-apps/pciutils.

emerge sys-apps/pci-utils

Once you have a working wireless adapter hopefully it will be visable using “ifconfig wlan0” or similar depending on the name of the package.
If not your dmesg or /var/log/messages to find out what name.
Next you will need wpa_supplicant installed:
Important: You have to have CONFIG_PACKET enabled in your kernel for wpa_supplicant to work.

emerge net-wireless/wpa_supplicant

Once this is installed you can configure /etc/conf.d/net

config_wlan0=(“dhcp”)
module=(“wpa_supplicant”)


Next you should update is /etc/wpa_supplicant/wpa_supplicant.conf

network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
scan_ssid=1
priority=1
eap=PEAP
identity="123456@swansea.ac.uk"
password="Your_Email_Password"
phase1="peapver=0"
phase2="auth=MSCHAPV2"
}

For security you should update the permissions so that only Root can see the file
chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf


Next you should create the symlink required for net.wlan0

ln -s /etc/init.d/net.lo /etc/init.d/net.wlan0

Then you can execute the script

/etc/init.d/net.wlan0 start

Hopefully when you run ifconfig eth0 you should see an IP address being allocated, if not check /var/log/messages.

For a Mini-PCI Intel 4965 AG(N) adapter a firmware file was needed.

We got an error:

“firmware.sh[5134]: Cannot find firmware file 'iwlwifi-4965-2.ucode'”

In this case the package was available in Gentoo portage under net-wireless/iw4965-ucode

Finally if you want your wireless to start on boot you need to add it to a runlevel.

rc-update add net.wlan0 default


Step 2 - Configuring your Browser

If you want to browse the web to reach any web sites outside the University you must configure your browser to use the web proxy.

Firefox



1. Run Firefox.
2. From the Tools drop down menu select Options...
3. In the Options panel click the 'Advanced' icon/tab.
4. Select the 'Network' tab.
5. Click the 'Settings...' button.
6. Tick the Auto-Detect Proxy Settings for this network button.
7. Choose OK and then in the Options panel choose OK again to finish
8. Close and restart the browser.

Install security updates


Any computer connected to the University network and the Internet is a target for unauthorised users who can try to access your system. Intruders could watch all your actions on the computer, cause damage by deleting files or changing your data, or steal valuable information such as passwords or credit adaptor numbers. Alternatively intruders may not be interested in your data and instead want control of your computer so they can use it to launch attacks to disrupt other systems. Some attacks known as worms spread automatically from one vulnerable system to another. Don't think 'an attacker would never be interested in me': an automated worm can infect and disrupt millions of computers.


There are three main ways in which an attack on your computer could be successful:

* New vulnerabilities (holes) are always being discovered in computer software. These holes can be exploited to gain access. Software vendors fix the holes by producing patches or new versions, but it is up to you to obtain and install these fixes.
* You could be enticed to run a trojan or virus. A trojan looks like something else to encourage you to click on it but its real purpose is to open up a back door on your computer. Viruses spread by infecting other legitimate computer programs. Trojans and viruses are often spread through email attachments, file-sharing and messaging, and may appear to come from someone you know who is also infected.
* Some software has settings (sometimes the default settings) that allow other users to access your computer unless you change the settings to be more secure. For example, file-sharing built-in to Windows can allow other users to view, modify or add files on your hard disk, which is an obvious risk unless turned off or configured carefully.

To ensure your computer is not vulnerable to attack you need to:

* Install software patches and new versions to fix known holes.
* Follow advice to change software settings to be more secure, or not run known insecure software at all.
* Don't run unknown files and unsolicited attachments to avoid trojans or viruses.
* Run up-to-date anti-virus software.
* Keep backup copies on disk, CD or a network server of important data.