Subject: An open discussion list for topics related to the geteduroam service
List archive
- From: Jethro Binks <jethro.binks AT strath.ac.uk>
- To: "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
- Subject: Re: Question about geteduroam on an 'on boarding' VLAN
- Date: Wed, 24 Mar 2021 14:43:29 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=strath.ac.uk; dmarc=pass action=none header.from=strath.ac.uk; dkim=pass header.d=strath.ac.uk; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AYxNQcv3tSr0NC68++PfTcjaMjIZyI3yvtZ2mXVjaJI=; b=jBEPP5ZWfZR6SZRSIwJaW+wpmSWCcKfEr0WLWenPmS1aYP7aqMAXtDBY+6fr//fGhcDG1jsq/G7HPoEZNMaW3Gzc46qdKJGiSJX1ODOk0JxEHaP/WwsZYfFzHoX/E+dqr9w3Z5bDO03rCozuUzmXzfnNa8Vc0CXk81lAuygpHzt8HAYVW7zio+suYhr9i1tf0mLklh0k0zUBddDE2mHkiMs405SAVEZ3U9IjqC7eB+SWF3OTzGt11JjVMtx6K77MO6pPQftnJ8S2/2x3Dw5F/349o8US4zz9kmf2o4EeuLfrO35YpKZQT+zgrPPpqMCAX6VykT62+LCw0IiyLjbm7A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fv+6I6KD/pMMOr2VZk1d4qN1iosdicU3sCAyDgPJQcXA8aUUqjCndfcXzLmn8BsIZQU+Ov6hAIe7nq15ksTsSFDY5QTkAXF5AzAGLxpHSPAIX7UUIPinbelj4EQqjKFk3WmS2pd0J1rYmIPgA57YzCeBkg22CSh8cs4E0YixMqcxNFXtlDW6bvxH8LiDhmKYjhPpoyL9rRHH6HV8/CpnKtSQvwG2Gho87iqkfFlHxQtXhZMoZ5hihfa2qVIhxyG2x4ZB0S9xzPKmBHp2FOIiyLsaD5Kvh4rkyKguLGDb7CPpoLNpaADKkz7TCBEG6xDsVP5AfU9hviqzS95OJCv1Bg==
- Authentication-results: lists.geant.org; dkim=none (message not signed) header.d=none;lists.geant.org; dmarc=none action=none header.from=strath.ac.uk;
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in Scotland, number SC015263.
Sent: 21 March 2021 16:21
To: geteduroam AT lists.geant.org <geteduroam AT lists.geant.org>
Subject: Re: Question about geteduroam on an 'on boarding' VLAN
Done.
Will report back if whatever you did fixes the issue.
Stefan Paetow
Federated Roaming Technical Specialist
eduroam(UK), Jisc
t: +44 (0)1235 822 125
https://community.ja.net/library/janet-services-documentation/eduroam
www.eduroam.ac.uk
Twitter @eduroamuk – for news, information, pictures and fun
Have you heard about eduroam Visitor Access? https://www.jisc.ac.uk/eduroam-visitor-access
In line with government advice, at Jisc we’re now working from home and our offices are currently closed. Read our statement on coronavirus.
When replying to this e-mail is it essential to preserve the (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
From: Paul Dekkers <paul.dekkers AT surf.nl>
Date: Sunday, 21 March 2021 at 16:18
To: eduroamUK <eduroamuk AT jisc.ac.uk>
Cc: "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
Subject: Re: Question about geteduroam on an 'on boarding' VLAN
Hi,
This is because one more hostname was missing from a temporary proxy to fix profiles, but we removed it (since that's no longer necessary with CAT 2.0.4).
Can you (have them) try again?
Regards,
Paul
On 18/03/2021 16:41, eduroamUK wrote:
Hi Paul et al,
Our member at Cardiff has added the discovery.eduroam.app CNAME to his allow list and gets a bit further. The screenshot attached happens next. They only have one profile, so it can’t be a question of multiple profiles.
It looks to me like an unhandled exception in the app. So... any thoughts/suggestions on possibly getting you a debug log?
With Kind Regards
Stefan Paetow
Federated Roaming Technical Specialist
eduroam(UK), Jisc
t: +44 (0)1235 822 125
https://community.ja.net/library/janet-services-documentation/eduroam
Twitter @eduroamuk – for news, information, pictures and fun
Have you heard about eduroam Visitor Access? https://www.jisc.ac.uk/eduroam-visitor-access
In line with government advice, at Jisc we’re now working from home and our offices are currently closed. Read our statement on coronavirus.
When replying to this e-mail is it essential to preserve the (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
From: Paul Dekkers <paul.dekkers AT surf.nl>
Date: Thursday, 18 March 2021 at 14:12
To: eduroamUK <eduroamuk AT jisc.ac.uk>
Cc: "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
Subject: Re: Question about geteduroam on an 'on boarding' VLAN
Hi,
Currently cloudfront (the CNAME lookup will tell you that) but I'd rather keep the ability to change this over time.
If their DNS whitelisting would require whitelisting of what the CNAME points to, I'd create "alias" records instead on a different record.
If they do lookups for IP-addresses and whitelist those in the firewall instead of DNS, I'm not sure that would be sustainable.
Regards,
Paul
On 18/03/2021 14:53, eduroamUK wrote:
Hi Paul,
Knowing which CDN you’re using for discovery.eduroam.app could certainly be useful, but yeah... I don’t know if CNAME entries will work or not.
I since also noticed the thread between yourselves, Cambridge, York and Strathclyde. You can add Cardiff to the list of those universities that use an on-boarding network.
With Kind Regards
Stefan Paetow
Federated Roaming Technical Specialist
eduroam(UK), Jisc
t: +44 (0)1235 822 125
https://community.ja.net/library/janet-services-documentation/eduroam
Twitter @eduroamuk – for news, information, pictures and fun
Have you heard about eduroam Visitor Access? https://www.jisc.ac.uk/eduroam-visitor-access
In line with government advice, at Jisc we’re now working from home and our offices are currently closed. Read our statement on coronavirus.
When replying to this e-mail is it essential to preserve the (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
From: <geteduroam-request AT lists.geant.org> on behalf of "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
Reply to: Paul Dekkers <paul.dekkers AT surf.nl>
Date: Thursday, 18 March 2021 at 13:37
To: eduroamUK <eduroamuk AT jisc.ac.uk>
Cc: "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
Subject: Re: Question about geteduroam on an 'on boarding' VLAN
Hi,
Ah, this question came up recently on cat-users too:
On 18/03/2021 13:58, eduroamUK wrote:
Hi,
One of our members is attempting to use geteduroam, but they find that the setup fails half-way through. The network they are using is a DNS-restricted VLAN, i.e. it is there purely to on-board their students and staff and as such limits access to only Google Play and eduroam CAT (and probably geteduroam).
They’ve attempted to add as many locations as possible they can think of, but it fails.
Is there any way to get debug logging for geteduroam (which we’ll be happy to get the member to provide), and do you know whether geteduroam uses a CDN per chance, and if so, which subnets of it should be allowed?
If you could let us know, that’d be fab! ☺
Of course!
The geteduroam Apps use the 'discovery.eduroam.app' hostname for the CDN/discovery files.
This is a CNAME actually; does that work with the whitelisting in DNS?
Besides this, 'cat.eduroam.org' is required for the CAT profiles.
Ah, I now realize I forgot another host that is still in the path. We should think about making that a prettier one than it currently is (a serverless endpoint, that I wouldn't want people to whitelist), but I'd need to know whether CNAMES work or not. And, well, we fixed some things on the CAT profiles that are no longer required actually since the last CAT 2.0.4 update.
I really didn't think about this way of onboarding/whitelisting, but I understand it's purpose. I thought I remember Stefan (W) wrote at some point that it wasn't the best thing to do with CAT either, but I fully understand why people do this, and don't want to make it impossible either.
Regards,
Paul
- Question about geteduroam on an 'on boarding' VLAN, eduroamUK, 03/18/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, Paul Dekkers, 03/18/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, eduroamUK, 03/18/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, Paul Dekkers, 03/18/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, eduroamUK, 03/18/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, Jethro Binks, 03/18/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, eduroamUK, 03/18/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, Paul Dekkers, 03/21/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, eduroamUK, 03/21/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, eduroamUK, 03/23/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, Jethro Binks, 03/24/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, Jethro Binks, 03/24/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, eduroamUK, 03/21/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, Paul Dekkers, 03/21/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, Paul Dekkers, 03/18/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, eduroamUK, 03/18/2021
- Re: Question about geteduroam on an 'on boarding' VLAN, Paul Dekkers, 03/18/2021
Archive powered by MHonArc 2.6.19.