Skip to Content.

geteduroam - Re: looking for geteduroam beta testers for Android 11

Subject: An open discussion list for topics related to the geteduroam service

List archive


Re: looking for geteduroam beta testers for Android 11


Chronological Thread 
  • From: Paul Dekkers <paul.dekkers AT surf.nl>
  • To: Ralf Paffrath <paffrath AT dfn.de>
  • Cc: geteduroam <geteduroam AT lists.geant.org>
  • Subject: Re: looking for geteduroam beta testers for Android 11
  • Date: Fri, 26 Feb 2021 16:27:16 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DMVlyWwgtIaeXN8Hf29zS4edDWb86HnSnAYY0kZ47fg=; b=PcqBPQ4GG9U3TLfw4qyrxYPVOCy7FUYmM6r1P3s3aNQDWLvgtsaYSEb1ox5DFhvFIarHtfhmH0pjck9Mnx69o65o8P549MKjlSw26OToFhnqIn/LNznMC/BU9l9efdA+Dq7L/2IYzO+7JK8zFmJXpA+XQQvJU7Q1JMrBa9qqddIktP+ozOiXJIHXjaW81m8zczIud7RVENAd4hEGIUuO3KAJAAkGWcXrqePU7iabXFAVNfbnh4gc7B611+bcIt64FuEvNgyxGZFbCQpcxuxA5N0PAgUKoMPfNLTxLtTsSZ4/62+9nYo7WtUKDZ5Rz2+B2w9pXQeijFdcWQrLX6J5Sg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jooW8pjRFfEiJ55YRHV1udK8IDMqijkddsKOuRcinEwrOKnjpZLkJPKAyUN1jh4GHKHzM3qMeNOd6RtweKKpLK4C5/6dOcCu7M1Ma9f9Uw71KPJwQ1//Gc2dFSl0l6a8b/i78QPev/Zgpo9aEmbF7+eekSRii/yuZFhP0xkQmZ/BFXHg14a/2bfHVBMV/Qh7hxpRPIrLzQEZn2wz/LV09TvH7j/uuUAam9bAXguPxu+pUEjqwDBsm6aDvqVFlSmlPnDqIXoUHQjz8Ik8YMkeNYeURd3ZwvS/5sAMdYrGSx/nKLdZ0m2dKpyZb9ci1YULLWRCJuya+GPIT4gK4O8yGQ==
  • Authentication-results: surf.nl; dkim=none (message not signed) header.d=none;surf.nl; dmarc=none action=none header.from=surf.nl;

Hi,

What we did in the beta channel is provide two versions: if you're on Android 10 or lower, you receive 1.0.16, and if you have an Android device that support API 30 or higher (ie. Android >10) you receive version 1.0.18

We *could* release a new version for all, but it means we have to use suggestions on API 29, Android 10 - and that is a really horrible experience.

Google introduced the new WiFi API in a broken state, and deprecated the old at the same time. That's why we're in this mess.

Well, and apparently the OEMs did something so that the suggestions also don't work as expected (or it has to do with certificates, but either way).

Thanks for testing again with your Pixel 3a, good to know it DID work. I understand that's TTLS - could you also try with TLS, maybe just using the geteduroam profile you have for DFN? I would love to know if the Pixel 3a behaves exactly like Pixel 5, ie "it does work". That means the focus can shift to "other vendors".

Regards,
Paul


On 26/02/2021 13:19, Ralf Paffrath wrote:
1CDC3FD7-EBF9-4C84-8723-F726AD3DC7D1 AT dfn.de"> Hi,

@Paul: One question: Does geteduroam 1.0.18 if it is not beta some day still support ANDROID < 11?

Best regards,
Ralf

On 26 Feb 2021, at 11:24, Ralf Paffrath (via geteduroam Mailing List) <geteduroam AT lists.geant.org> wrote:

Hi Paul,

thank you for clarification, now I understand.

Using geteduroam 1.0.18 pixel 3a now works fine ;-). My RADIUS Server certificate ist signed by letsencrypt. CAT is complaining (warning: not supported by WINDOWS Phones 8 or so) about letsencrypt certificates because of missing crl distribution point within certificates, but there is a link for OCSP :-) within letsencrypt certificates. 

I tested against our eduroam-Test Labor DFN-Verein IdP with TTLS-MSCHAPv2 as EAP-Type. In the "Network and Internet" configuration you can see a notice eduroam via geteduroam  
 if eduroam is nearby as you mentioned. When you click on the eduroam notice you get a new notice "eduroam connected via geteduroam" and eduroam is working.
The eduroam network is not configurable any more if you try you get "Operation not permitted, please contact your admin. ;-) haha What can I do as an admin when I can’t see anything anymore.
Hard days for ANDROID”s in eduroam coming up ;-)

Changing the EAP-Type to PEAP, no problem pixel 3a still working fine in eduroam. I had to check the RADIUS server log files because on the client I can’t see anything any more.
It is a TLS1.2 based PEAP authentication, so success ;-).

Best regards,
Ralf 

On 26 Feb 2021, at 09:36, Paul Dekkers <paul.dekkers AT surf.nl> wrote:

Hi,

On 26/02/2021 09:22, Ralf Paffrath wrote:
C43CF779-A9F1-4164-A3A8-83C9486A7A66 AT dfn.de"> Hi,

On 26 Feb 2021, at 08:18, Paul Dekkers <paul.dekkers AT surf.nl> wrote:

Hi,

Thanks for reporting that. That is worrying, I'll wrap this up in a report to Google.

I forgot to add: with the new Android 11 way of dealing with networks, you don't get a "user network" configured: no way to manage it or see it from there. So you will see you have an eduroam or Passpoint connection when you are in reach only, and it will display the network and a subtext "Connected via geteduroam”.



Is that because of ANDROID 11 or of geteduroam? On my ANDROID 11 pixel 3a I can still see all the configured WLAN SSID’s on 
my pixel and I can manage them.


You can see and manage your own networks. And if "legacy" apps using API 28 still work, you can see those as well. These are called "User Networks".

Android 11 has the concept of "User Networks", "Subscriptions" and "Suggestions".

Only Users can add User Networks, and there is an API to do it from Apps but that is broken for Enterprise networks and consequence is that they can no longer be managed from the Apps either. In Android 10 this wasn't present.

Apps like geteduroam are supposed to configure Suggestions (this is what 1.0.18 does); these were broken in Android 10, and work somewhat in Android 11 - I say somewhat because it worked flawlessly on a Pixel 5, but apparently not so well on your Pixel 3a and on Samsungs.

Subscriptions are not so useful for us. A device doesn't connect to a subscription automatically, only when you click on it. The built-in OpenRoaming in Android uses this mechanism.

If suggestions don't work well, we can try to see if those User Network actions are no longer buggy for Enterprise networks, but I fear that the bugs are still present in some devices.

C43CF779-A9F1-4164-A3A8-83C9486A7A66 AT dfn.de">
I will test it again. Ysterday I added a fully functional eduroam SP  to  my home office setting.    Let’s have a look ;-)

If you indeed had no coverage, that is a useful test!

Also; it's interesting to know if a PEAP or TTLS account with a *public* certificate works using 1.0.18 - ie. from eVA, if you wish I send you an account for testing. (There is a half baked hypothesis that TLS doesn't work well on Android 11, because we use self-signed client-certificates. But I'm not sure.)

Many of these things aren't geteduroam specific, but shows a bit how diverse the Android ecosystem is I'm afraid. (Tried to phrase that politely ;-))

Regards,
Paul


C43CF779-A9F1-4164-A3A8-83C9486A7A66 AT dfn.de">
Regards,
Ralf

In your case I expect you to have eduroam whereever you test it, but in general this may be relevant in case you wonder "if it did something".

Regards,
Paul


On 25/02/2021 22:28, Ralf Paffrath wrote:
E113238E-C01D-4754-B267-7999F6DF348B AT dfn.de"> Hi Paul,

on ANDROID 11 model pixel 3a 1.0.18 doesn’t work. No network has been configured. 
1.0.16 still work. 

Greetings,
Ralf
On 25 Feb 2021, at 21:35, Paul Dekkers (via geteduroam Mailing List) <geteduroam AT lists.geant.org> wrote:

Hi,

If you have an Android 11 device, I would love to get some feedback on geteduroam version 1.0.18 that is in the beta channel, which you can join via:
https://play.google.com/store/apps/details?id=app.eduroam.geteduroam from Android, or
https://play.google.com/apps/testing/app.eduroam.geteduroam from the web

If you test, please make sure that geteduroam works for you with the 1.0.16 version, deinstall the App and remove the configured WiFi networks, and try the configuration using 1.0.18. It doesn't matter what kind of profile you use, a psuedo-account or the typical CAT profile.

Any kind of result or feedback is appreciated,

Regards,
Paul

P.S. We are aware of issues with some Samsung Android 11 builds (eg. Galaxy S20); those aren't even geteduroam specific: reports are still welcome, though I already have some guineapigs for that platform.



-- 
Dipl. Inform. Ralf Paffrath
Phone: Tel.: 030 884299-0 (DFN-GS Berlin: Sekretariat)
Mail: paffrath AT dfn.de
Fax: 030 88 42 99 370 | http://www.dfn.de

Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1, D - 10178 Berlin
Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729NZ | USt.-ID. DE 1366/23822


-- 
Dipl. Inform. Ralf Paffrath
Phone: Tel.: 030 884299-0 (DFN-GS Berlin: Sekretariat) Mail: paffrath AT dfn.de Fax: 030 88 42 99 370 | http://www.dfn.de
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1, D - 10178 Berlin
Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729NZ | USt.-ID. DE 1366/23822

-- 
Dipl. Inform. Ralf Paffrath
Phone: Tel.: 030 884299-0 (DFN-GS Berlin: Sekretariat) Mail: paffrath AT dfn.de Fax: 030 88 42 99 370 | http://www.dfn.de
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1, D - 10178 Berlin
Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729NZ | USt.-ID. DE 1366/23822

-- 
Dipl. Inform. Ralf Paffrath
Phone: Tel.: 030 884299-0 (DFN-GS Berlin: Sekretariat) Mail: paffrath AT dfn.de Fax: 030 88 42 99 370 | http://www.dfn.de
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1, D - 10178 Berlin
Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729NZ | USt.-ID. DE 1366/23822



Archive powered by MHonArc 2.6.19.

Top of Page