RESTENA eduroam access - Setup Instructions (generic)

Configuration interfaces of devices vary between equipment vendors. Therefore, we can only give generic advice on which protocol options need to be set. The terminologies used here may or may not be the same on your device.

Network name (SSID)

The main network name is eduroam. There is also a secondary name, eduroam-school. If your device allows for it, we suggest that you configure both.

Wireless Encryption

Almost all eduroam hotspots in Luxembourg support WPA2/AES. You should select WPA2/AES. If your equipment allows you to setup a profile for multiple encryption schemes, you should set it up to allow both WPA2/AES and its predecessor, WPA/TKIP.

Authentication

eduroam uses IEEE 802.1X authentication exclusively. Some vendors use terms like "WPA Enterprise" for this standard.

Authentication type

You can use either PEAP (also often called EAP-PEAP or PEAP-MSCHAPv2) or TTLS (also called TTLS/PAP). Both will work and are supported by RESTENA. If you can choose between both, we suggest PEAP.

PEAP and TTLS details

The following parameters are relevant:

  • acceptable Certification Authority:
    RESTENA Services CA (download and install here)
  • server name:
    eduroam.restena.lu (if your device allows for it, select "exact match")
  • User name:
    Your RESTENA e-mail address
  • Password
    Your RESTENA password

Optional settings

These settings are not strictly necessary, but help streamline the login process. If your device has an option for

  • "Anonymous Roaming Identity": set to "@education.lu"
  • "Posture Validation" or "Quarantine checks": disable
  • "Fast Re-authentication": enable
  • "Authenticate as computer": disable
  • "Require Cryptobinding TLV": disable