Beavernet Configuration for Linux

Note:If you are experiencing computer freezes when connecting to BeaverNet, there is a known issue with Ubuntu. Please visit the Troubleshooting Page for more information.

Connecting to Caltech BeaverNet with Linux

Most recent versions of Linux come with a graphical network manager tool that can be used to connect to the Caltech wireless networks. There were some earlier versions of the network manager that did not work reliably but this issue has been resolved with the most recent versions of Linux. There may be situations where a command line approach is preferable, but users are strongly encouraged to use the graphical tools whenever possible. The complexities of wireless networking are greatly simplified that way.

Command line instructions are here if you need them:
Command line instructions using Ubuntu as an example
Command line instructions using RedHat Enterprise Linux as an example

Connecting to Caltech BeaverNet with the Graphical Network Manager

To configure Linux for wireless, first locate the Network Manager icon. It will usually be located in the task bar of your desktop. Consult your distribution's user guide if you need the specific location.

Clicking on the Network Manager icon should bring up a menu with the available wireless networks, as in the illustration below.



You should see the Caltech wireless networks, and perhaps some others. If you don't see Caltech BeaverNet, try the "More networks" item and see if it is there. Once you have located Caltech BeaverNet, choose that item from the menu. You should see a dialog like this:



The Network Manager will fill in some of the fields with an initial value: these may or may not be correct for BeaverNet. In the illustration above, the item Wireless security shows WPA & WPA2 Enterprise. This is the correct value. If the entry is different, click on the drop-down menu and choose WPA & WPA2 Enterprise.

For the next field, Authentication, the Network Manager chose "Tunneled TLS". This is incorrect. Click on the drop-down, and choose Protected EAP (PEAP). You'll see an additional field added to the dialog, as in the illustration below.



The Anonymous identity field should be left blank, as it is not used for BeaverNet.

The CA_certificate field must be filled in correctly to successfully authenticate to BeaverNet. Click on the Browse icon at the right of the CA_certificate field. You should see a standard file browsing dialog as in the illustration below.



You'll need to locate the folder where the server root certificates are located.

/etc/ssl/certs

is a fairly standard location. If you don't find the certificate folder there, you may need to check your package management system to find it. Look for a packaged named ca-certificatesor something similar.

Once you have located the root certificates folder, look for a file named ca-bundle.crt. Click on the line to highlight it and click the Open button. The CA_certificate field should now show the ca-certificate as in the illustration below.



The field Peap version should indicate Automatic. If necessary, click on the drop-down to change it. The Inner authentication field should indicate MSCHAPv2. If it doesn't, click on the drop-down to change it. Enter your access.caltech credentials in the Username and Password fields, and click on the Connect button.

If your connection is successful, you should see a brief message indicating you are connected to BeaverNet.



When you want to disconnect from BeaverNet, choose the Disconnect item under Caltech BeaverNet in the Network Manager menu.



You should see a brief message indicating that you have successfully disconnected.

Connecting to BeaverNet via command line

Verify essential packages

wpasupplicant

wpagui

openssl

ca-certificates

Use your package management system to see if these packages are installed, and install them if they aren't.

Create the configuration file for wpa_supplicant:

Before connecting to BeaverNet for the first time, you'll need the following configuration in a file /etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
update_config=0

network={ 	
ssid="Caltech BeaverNet"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP
eap=PEAP
identity=""
password=""
ca_cert="/etc/ssl/certs/ca-certificates.crt"
}

You can retrieve the file here. Depending on your browser settings, the file may be saved in a default location such as your Desktop folder, or you may be prompted to save the file.

The location of the security certificates file may be different than the one in the sample. The path shown will be correct for Ubuntu Linux. For RedHat Enterprise and Fedora, the path is /etc/pki/tls/certs/ca-bundle.crt. You may need to use your package management system to list the contents of either the ca-certificates or the openssl package to get the location of the security certificates file. If your package has a file named Thawte_Premium_Server_CA you can use that as well.

Don't enter your username and password in the provided fields of the wpa_supplicant.conf file. It is a huge security risk to do so. There should be two double quotes with no space between. You'll enter your credentials as part of the login process.

Once you have the wpa_supplicant.conf file on your computer, copy it to the correct location:

sudo cp wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant.conf

Connect to the wireless network When you're ready to connect to BeaverNet, there are two and possibly three steps you'll need to do each time.

Establish the connection to BeaverNet

You use the wpa_supplicant program to connect to the network. Once you're connected you can log in and begin to use the connection. To establish the network connection type:sudo wpa_supplicant -d -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

-d displays continuously scrolling output in the terminal window. You can move the window but don't close it.

-i tells wpa_supplicant which interface to use. wlan0 is common, but yours may be different.

-c tells wpa_supplicant which configuration file to use.

Once wpa_supplicant has been started, it will complain that it can't connect to a network. This is normal.

Log into the wireless network

You use the wpa_gui program to enter your access.caltech login credentials and log into the wireless network. To begin type:

sudo wpa_gui

There will be a window like the one below.

At this point, even though the dialog indicates an association to BeaverNet, the process is not yet complete. The IP address field will be filled in but most likely be incorrect.

Click on File-->Edit Network. You should see a window like the one below.

Type your access.caltech user name in the Identity field. The password field will have a series of asterisks in it. Delete those and enter your password. The rest of the information will be taken from the wpa_supplicant.conf file and should be correct. Note that CCMP uses AES as the encryption algorithm.

Click Save to return to the previous dialog.

After about a minute the wpa_gui panel should look like the one below. (It will take a minute to acquire the correct access point.)

If the status field indicates COMPLETED, you should now be connected to the Caltech BeaverNet. Open Firefox or your preferred web browser and browse to a web page.

Refresh the DHCP lease

If the status field alternates between COMPLETED, ASSOCIATED and DISCONNECTED, you will likely need to refresh your DHCP lease in order to get a valid IP address. To do that, open a new terminal window and type:

sudo dhclient wlan0

This will request a new IP address from the wireless network. The status field in the dialog will now indicate COMPLETED. The IP address field will indicate the correct IP address.