Eduroam (Education Roaming) is an international project that uses the access data of the home network to access the WLAN infrastructure at numerous domestic and foreign educational institutions.
Authentication takes place on the basis of a so-called RADIUS service, which checks the user name (of the form USER@tuwien.ac.at or eXXXXXXX@student.tuwien.ac.at) and the corresponding password.
The essential parameters are:
- Network Authentication: WPA2
- Data encryption: AES
- EAP type: Protected EAP (PEAP)
- Authentication method: EAP-MSCHAPv2
You should either check the certificate of the RADIUS server for each connection (even before you enter your password) or (better) only connect to the defined RADIUS servers (odo.kom.tuwien.ac.at or nog.kom.tuwien.ac.at) (if this is permitted by the software or the operating system)!
See WLAN certificates,
On Android, you define this by assigning the certificate installed above (see the beginning of this chapter) to the eduroam profile (see details in the following section).
Setting a certificate for a WLAN connection increases security at least to the extent that other access point cannot present themselves with certificates from other CAs (certificate authority) or self-signed certificates as “eduroam” or “tunet”. Unfortunately this is not completely secure, depending on the device, because only the root certificate can be deposited (at least with Android). Should a bad access point operator also use a certificate with the same CA (which is signed by the same root certificate), Android can no longer recognise a “fake”.
But this is still better than taking no actions at all and is sufficient in most cases.
When using Android you should absolutely go to “Settings [-> Accounts] -> Backup & reset” and deactivate “Back up my data” because otherwise all your WLAN passwords are stored in plain text on Google!
With Windows 10 (Mobile) and Windows Phone 8.1, you should under no circumstances activate the “Share network for contacts” option for SSID eduroam/tunet; otherwise your network access password will be transmitted to your contacts!
Install the root certificate called “DigiCert Assured ID Root CA” which has been valid since 17/02/2016.
Download, opens an external URL in a new window it from the provider DigiCert.
Important at least for Android:
Save it as a certificate for “WLAN”; otherwise, you cannot select it later!
If you already need an Internet connection for this (if there is no mobile network from a telephone company), then please use the network of the Vienna University of Technology, ie TUnet and do not use an outside network under any circumstances.
Especially for Android devices:
If you are using an older version of Android, and if the certificate is *not* automatically installed, go to the section “Settings -> Options -> Security -> Install from SD card” (or analogue) after the download.
The certificate must still be assigned to the eduroam profile after installation (generally occurs in the same window as the rest of the settings, such as the username and password and the EAP method). However, the certificate must have been previously saved as belonging to “WLAN”!
Students of participating universities are granted access to the TU WLAN by using the credentials of their home institution.
Students and Employees of the TUW can use their "Network Account".
|Access:||via the WLAN hotspots of the Vienna University of Technology|
|Login authentication:||exclusively via 802.1x (With User ID@realm and password)|
|Encryption:||802.1x, WPA2/AES or WPA/TKIP, PEAP (MSCHAPv2), TTLS|
|IP address:|| |
dynamic IP address assignment via DHCP required
© TU Wien
Ticketsystem Online Portal, opens an external URL in a new window
Hotline 01 588 01 42002
1040 Wien, Operngasse 11, EG
The Service Center can be reached digitally from 8 a.m. to 4 p.m. on Mondays to Fridays and will also be in person from 8 a.m. to 12 p.m. on weekdays.