Connecting to School WiFi With iwd

I’ve recently been going to campus more, which involved setting up WiFi again. Alas, since I have been on campus I have switched from wpa_supplicant to iwd and I believe the campus WiFi changed how authentication works as well. It’s often a little less obvious how to configure these enterprise WiFi networks on Linux, so hopefully this post will help point you in the right direction if you’re in a similar situation.

AirPennNet

At the University of Pennsylvania the WiFi network for students is called “AirPennNet”. To connect we’ll need to create a /var/lib/iwd/AirPennNet.8021x file. This file should only be readable by root, as we’re going to put a password in it. The contents of this file are as follows:

[Security]
EAP-Method=TTLS
EAP-Identity=anonymous@upenn.edu
EAP-TTLS-Phase2-Method=Tunneled-PAP
EAP-TTLS-Phase2-Identity=<username>
EAP-TTLS-Phase2-Password=<password>
EAP-TTLS-CACert=/var/lib/iwd/airpennnet.cer

[Settings]
AutoConnect=true

We will use TTLS with tunneled PAP to authenticate, which basically sends the username and password over TLS to authenticate your connection to the network. In my case the username was simply the unique part of my e-mail address, and the password was my usual Penn password. You will likely have to change the EAP-Identity field to the one matching your institution.

Additionally we will need to add the /var/lib/iwd/airpennnet.cer file, which is the certificate used to verify that we are actually sending our username and password to the correct access point, and not just any router pretending to be AirPennNet.

I got the institution specific information and certificate from here:

And in particular this eventually led me to some general information about connecting to AirPennNet:

Hopefully this helps any weary Linux users at Penn get connected to the network.

References

Copyright © 2023 Calvin Beck