An open discussion list for topics related to the geteduroam service

[Paul Dekkers <paul.dekkers AT surf.nl>]

Hi,

Ah, this question came up recently on cat-users too:

On 18/03/2021 13:58, eduroamUK wrote:

A0B108FE-587C-4DEE-81F1-1EA8A7EE437B AT jisc.ac.uk">

Hi,

 

One of our members is attempting to use geteduroam, but they find that the setup fails half-way through. The network they are using is a DNS-restricted VLAN, i.e. it is there purely to on-board their students and staff and as such limits access to only Google Play and eduroam CAT (and probably geteduroam).

 

They’ve attempted to add as many locations as possible they can think of, but it fails.

 

Is there any way to get debug logging for geteduroam (which we’ll be happy to get the member to provide), and do you know whether geteduroam uses a CDN per chance, and if so, which subnets of it should be allowed?

 

If you could let us know, that’d be fab! ☺

Of course!

The geteduroam Apps use the 'discovery.eduroam.app' hostname for the CDN/discovery files.

This is a CNAME actually; does that work with the whitelisting in DNS?

Besides this, 'cat.eduroam.org' is required for the CAT profiles.

Ah, I now realize I forgot another host that is still in the path. We should think about making that a prettier one than it currently is (a serverless endpoint, that I wouldn't want people to whitelist), but I'd need to know whether CNAMES work or not. And, well, we fixed some things on the CAT profiles that are no longer required actually since the last CAT 2.0.4 update.

I really didn't think about this way of onboarding/whitelisting, but I understand it's purpose. I thought I remember Stefan (W) wrote at some point that it wasn't the best thing to do with CAT either, but I fully understand why people do this, and don't want to make it impossible either.

Regards,
Paul