Skip to Content.

geteduroam - Re: Question about geteduroam on an 'on boarding' VLAN

Subject: An open discussion list for topics related to the geteduroam service

List archive


Re: Question about geteduroam on an 'on boarding' VLAN


Chronological Thread 
  • From: Paul Dekkers <paul.dekkers AT surf.nl>
  • To: eduroamUK <eduroamuk AT jisc.ac.uk>
  • Cc: "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
  • Subject: Re: Question about geteduroam on an 'on boarding' VLAN
  • Date: Thu, 18 Mar 2021 14:36:55 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HQAOBjCmuuCFDY8JMPCe1QTtDlwrZEJlfGKENu1F4rg=; b=AlC6rG7CljAltHPYZgoZdQlxoXeoIZoUQsqz5LZOHYIYEO0K7xQR8WIPziMPhVWLIGvT1w74b0SYnKN9ZUMZIBkiniRanonC7oRYGjIRyZtyFApZ6fcVVKlbFd1mjWUm6FQu3HHEIvP1+1puguif4bEv8S/zgXK6PVMDAo3RIDUJ2eGIcrYW7aaij6we2Q2ipzhmVpAIKSLVy45CMX2ZsWDbLScbMi+j9GIm1TgDfdPfX7lv+XN/bX7IrYVvbwiWLf5iEGSdejylK+CXsplJmwOB97OHszQFHUoeJt60190muwsex4CilT2T5RLe60JNXl/Dvr6AjFv2J3bDmwulNw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U7r7R2odYVfntLDxWeyFZyubQ4cTXLDvXAsXpBByrORY1R30YfzGqJRYD1y6YzX8zbqkVlV1hRHUwegoeZkv1ioINSUMqjfLYWxm7flSAbeW0qjylbTjwX2yl6rcaGDvpAk+1Q/rLOEXvGJVNh2mwUoWsp4kv8IVvAKJkaCj9MH7Zk5BY9e2bvcRRBN2UqQjrf2GJ3G2D91qTrYmb3/Dh2h9cXgvMBwlSDvnkosZUw7p5N75D3J6qvyKNwJmuVWIvjIfGC/l5qENNJYFxd+SOb/UidFYJPdCO10R0TIZrWt872xVtxNPfmSNfnkoamci/MucqR6m2XFJAIpGtQZVSg==
  • Authentication-results: surf.nl; dkim=none (message not signed) header.d=none;surf.nl; dmarc=none action=none header.from=surf.nl;

Hi,

Ah, this question came up recently on cat-users too:

On 18/03/2021 13:58, eduroamUK wrote:
A0B108FE-587C-4DEE-81F1-1EA8A7EE437B AT jisc.ac.uk">

Hi,

 

One of our members is attempting to use geteduroam, but they find that the setup fails half-way through. The network they are using is a DNS-restricted VLAN, i.e. it is there purely to on-board their students and staff and as such limits access to only Google Play and eduroam CAT (and probably geteduroam).

 

They’ve attempted to add as many locations as possible they can think of, but it fails.

 

Is there any way to get debug logging for geteduroam (which we’ll be happy to get the member to provide), and do you know whether geteduroam uses a CDN per chance, and if so, which subnets of it should be allowed?

 

If you could let us know, that’d be fab!

Of course!

The geteduroam Apps use the 'discovery.eduroam.app' hostname for the CDN/discovery files.

This is a CNAME actually; does that work with the whitelisting in DNS?

Besides this, 'cat.eduroam.org' is required for the CAT profiles.

Ah, I now realize I forgot another host that is still in the path. We should think about making that a prettier one than it currently is (a serverless endpoint, that I wouldn't want people to whitelist), but I'd need to know whether CNAMES work or not. And, well, we fixed some things on the CAT profiles that are no longer required actually since the last CAT 2.0.4 update.

I really didn't think about this way of onboarding/whitelisting, but I understand it's purpose. I thought I remember Stefan (W) wrote at some point that it wasn't the best thing to do with CAT either, but I fully understand why people do this, and don't want to make it impossible either.

Regards,
Paul





Archive powered by MHonArc 2.6.19.

Top of Page