What is eduROAM:
EDUROAM (education roaming) is the secure, world-wide roaming access service developed for the international research and education community. Eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop. Having started in Europe (www.eduroam.org), eduroam has gained momentum throughout the research and education community and is now available on over 10000 locations worldwide.
CYNET is the institution that operates the EDUROAM service in Cyprus. CyNet is Cyprus’ National Research and Education Network. It provides a network infrastructure for the Cypriot Research and Education Community. CyNet connects universities and research institutions. The national backbone of CyNet is connected to the European backbone GEANT that is a part of the worldwide community of research and education networks. Through this connection the CyNet backbone is connected to the Global Internet as well.
- University of Cyprus
- The Cyprus Institute
- University of Nicosia
- Open University of Cyprus
- Cyprus University of Technology
Service providers instructions - Technical requirements
Eduroam service providers users must have:
- Functioning Internet connection.
- Wireless network based on access points that support 802.1x protocol with WPA2/AES encryption and remote RADIUS authentication.
- RADIUS server with the appropriate configuration.
Configuration in compliance with eduroam standards
Access points and the RADIUS server must be configured in the following way:
- Access points need to be configured with following parameters:
SSID: eduroam Broadcast SSID: Yes Cipher: WPA2/AES EAP (802.1x): EAP with RADIUS authentication (full) Accounting: Enable authentication using your RADIUS server’s IP address and port (192.168.1.1:1812 – auth, 192.168.1.1:1813 – acct)
- Properly configured RADIUS server with Service Provider functionality. Instructions for Service Providers can be found on page: How to deploy eduroam on-site or on campus.
- Minimal set of open ports allowed on the network for eduroam users:
- Standard IPSec VPN: IP protocols 50 (ESP) and 51 (AH) both egress and ingress; UDP/500 (IKE) egress only
- OpenVPN 2.0: UDP/1194
- IPv6 Tunnel Broker service: IP protocol 41 ingress and egress
- IPsec NAT-Traversal UDP/4500
- Cisco IPSec VPN over UDP/TCP: UDP/TCP 10000
- PPTP VPN: IP protocol 47 (GRE) ingress and egress; TCP/1723 egress only
- SSH: TCP/22 egress only
- HTTP: TCP/80 egress only
- HTTPS: TCP/443 egress only
- IMAP2+4: TCP/143 egress only
- IMAP3: TCP/220 egress only
- IMAPS: TCP/993 egress only
- POP: TCP/110 egress only
- POP3S: TCP/995 egress only
- Passive (S)FTP: TCP/21 egress only
- SMTPS: TCP/465 egress only
- SMTP submit with STARTTLS: TCP/587 egress only
- RDP: TCP/3389 egress only
Registration of the service provider in the eduroam system
- Institution’s authorized person needs to send the info to CYNET
- Send the IP address of RADIUS server to eduroam coordinator at: Email: email@example.com.
- Modify the configuration of the RADIUS server in accordance with instructions received from the CYNET team.
- Send confirmation message to the CYNET team after successful connection to eduroam.
- Add your access locations on the map through administrator web application. Application can be accessed in the future by the following link – Coming Soon.
Additional instructions for home institutions participating in the AAI@xxx.ac.cy system
Home institutions must complete one additional step when setting up eduroam: upload their RADIUS server’s rootCA certificate to the eduroam installer tool. That certificate will be embeded into software and instructions generated by the installer tool, needed for simple and secure connecting to eduroam. Coming Soon.