Adam Sampson

Using Kent services with Linux

Skip navigation

• Home
• Code
• Publications
• Ideas
• Books
• Chords
• Music
• Recipes
• Wishlist
• Contact

The University of Kent's Computing Service provide a number of useful facilities for students and staff. This page shows how to use some of them from Linux.

The specific instructions here are for Ubuntu, although it should be trivial to adapt them for other Debian-based Linux distributions, and fairly straightforward to use them on other Unix-ish operating systems.

• General advice
• Using the VPN
• JANET Roaming on Debian/Ubuntu
• JANET Roaming on Maemo (Nokia 770)
• JANET Roaming on other systems

General advice

In all the following examples, my username is ats1, and I'll pretend my password is YourPasswordHere. My wireless card is eth1. Change as appropriate.

The terms of service say that you're not allowed to store the password, so you've got a few options: either edit the configuration files each time (and remove the password again afterwards), write a wrapper script that does that for you, or keep the appropriate file on a password-protected encrypted filesystem.

Ubuntu ships with MPPE support in its kernel (the module's called ppp_mppe_mppc.ko), but if you need a patch for other 2.6 kernels there's one here.

You'll need to install the pptp-linux and iproute packages on Ubuntu — run:

apt-get install pptp-linux iproute

For other operating systems, the pptp program is available from the pptpclient project on Sourceforge.

Since MPPE operates over IP protocol 47 (rather than something sensible like UDP), you'll need to make sure that you allow that protocol through your firewall. This is easy with iptables, but might be more awkward if you're using a dedicated router appliance.

Using the VPN

In /etc/ppp/peers/kentvpn:

pty "pptp venus.kent.ac.uk --nolaunchpppd"
name UKC\\ats1
remotename kentvpn
lock
noauth
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
require-mppe-128
ipparam kentvpn

In /etc/ppp/chap-secrets:

UKC\\ats1 kentvpn YourPasswordHere *

In /etc/ppp/ip-up.d/kentvpn (which should be mode 755; note that you won't see the output from this script if it breaks):

#!/bin/sh
[ "$PPP_IPPARAM" != "kentvpn" ] && exit
defroute="`ip route | grep ^default | sed 's/^default//'`"
ip route add 129.12.254.0/24 $defroute
ip route add 129.12.0.0/16 via $PPP_REMOTE

You can then either start it in the background with:

pon kentvpn

or run it in the foreground with:

pppd call kentvpn nodetach

JANET Roaming on Debian/Ubuntu

This is the service formerly known as "JANET Location Independent Networking"; see JANET's Roaming page for more details. I haven't tried it at other universities yet, but in theory it should just work.

This uses WPA authentication, so you need to use wpa_supplicant. With Ubuntu 6.06 and later, you can just put this in /etc/network/interfaces:

iface eth1-lin inet dhcp
  wpa-driver wext
  wpa-ssid eduroam
  wpa-key-mgmt WPA-EAP
  wpa-identity ats1@kent.ac.uk
  wpa-password YourPasswordHere

(You might need to change wext if you're using an unusual Ethernet driver; do wpa_supplicant --help to list the drivers available. wext should work for most cards, though.)

Then do:

ifup eth1=eth1-lin

JANET Roaming on Maemo (Nokia 770)

If you're using Maemo, you can configure Eduroam using the GUI. These instructions are thanks to ben.

First, download ukerna-chain.pem, which contains the certificates you'll need in an appropriate format for Maemo. In the "Certificate Manager" control panel, first "Import" that file, then go to the "Authorities" tab and set both "GTE CyberTrust Global Root" and "Cybertrust Educational CA" to be trusted for use with WLAN. (It'll only ask about one of them when you import the file; you need to make sure both are trusted to stop it complaining each time you connect.)

Now go to the "Connectivity" control panel and click "Connections". Add a new connection with the following parameters:

• Connection name: Eduroam
• Connection type: WLAN
• Network name (SSID): eduroam
• Network is hidden: no
• Network mode: Infrastructure
• Security method: WPA with EAP
• EAP type: PEAP
• Select certificate: None
• EAP method: MSCHAPv2
• User name: ats1 (note: not ats1@kent.ac.uk)
• Prompt password: yes

Then click on the "Advanced" button, and on the "EAP" tab, set:

• Use manual user name: yes
• Manual user name: ats1
• Require client authentication: no

This works for me on a Nokia 770 with OS version 3.2006.49-2 at Kent; I haven't tried it anywhere else.

JANET Roaming on other systems

If you'd prefer to configure wpa_supplicant by hand, then you can put this in a config file for it:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0

network=
    ssid="eduroam"
    key_mgmt=WPA-EAP IEEE8021X NONE
    pairwise=TKIP CCMP
    group=TKIP CCMP WEP104 WEP40
    eap=PEAP TTLS TLS
    identity="ats1@kent.ac.uk"
    password="YourPasswordHere"

Contact: <ats@offog.org>

Copyright © 1997-2011 Adam Sampson