EDUROAM

What is Eduroam:

The service "EDUROAM" allows any member of an institution participating in the project (academic institution or research) to connect to the secure wireless network to any other partner institution, using its original identification (username and password) without any prior administrative approach.

VKI signed the EDUROAM agreement. You can view the list of participating Belgian institutions on the website of EDUROAM. Other European institutions joining the program are listed on a page of their own ISP, available from the General site.

For non-members of VKI:
A member of a higher education institution or research (participating in the project EDUROAM), visiting VKI can access the EDUROAM wireless network using its usual identification parameters, the only difference is that the login must be increased by an institution to its own suffix: prenom.nom@votreinstitution

This suffix is provided by each institution.

In the following you'll find detailed instructions on how to use the eduroam network in VKI. These instructions should be read and possibly stored before coming to VKI. In case you forgot them, there is a special wifi network called eduroam-instructions where we briefly recall them.

The main technical specifications of EDUROAM at VKI are:

  • SSID: Eduroam
  • encryption: WAP2-Enterprise/AES


Sample of configuration for windows 7 :

- Go to "Network and Sharing Center". Click on "Manage Wireless Networks" and click on "Add" button.

- Choose "Manually connect to a wireless network", fill in the fields as follows :

EDUROAM

- Click "Next" button and choose “to edit the connection”.

- In the security tab, select "Microsoft: Protected EAP (PEAP)" as authentication method and click "Settings" button. Uncheck "Validate server certificate".

- Click on "configure" at right of "Secured password (EAP-MSCHAP v2)" and uncheck "automatically use my Windows logon ...".

- Click "Ok".

- In security tab again, click on "Advanced settings", and check "Specify authentication mode".

- Close all windows by clicking on "OK" and try to connect to EDUROAM.

For members of VKI traveling in a partner institution:

They can access the EDUROAM wireless network of the partner institution using their usual login (under the form This email address is being protected from spambots. You need JavaScript enabled to view it.).

From Intranet you can follow the detailed instructions,

Important Remarks for VKI members traveling to other institutions

Each institution that provides the eduroam service is not obliged to use the same authentication mechanism. I.e. different institutions may have a different security protocol or may request the use of a specific software client. Therefore you should always check beforehand from the General Site what are the specific instructions/requirements. 

In VKI there is a special wifi network (eduroam-instructions) where visitors find the connections instructions to use the proper eduroam network. See if other institutions provide the same service, or ask help to someone that has network access and check their eduroam instructions.

WWW services access policies :

All access to websites or external information that is in violation of the Belgian Law in terms of violence, hate speech, drugs, illegal content and so on is forbidden.
All access to websites that put in danger the network security is forbidden.
All access to websites or external information that is not adequate for a scientific educational institution is forbidden.
The list of this content is discretionary in nature and is updated by the IT after informing the direction and obtaining consent.

All access to heavy websites in terms of content (i.e. youtube and similar) may be throttled or completely forbidden however is not work related.

Authorized Services :

The following services (firewall ports) are allowed for EDUROAM visitors:

- E-mail

     IMSP: TCP/406 egress and established.
     IMAP4: TCP/143 egress and established.
     IMAP3: TCP/220 egress and established.
     IMAPS: TCP/993 egress and established.
     POP3: TCP/110 egress and established.
     POP3S: TCP/995 egress and established.
     SMTPS: TCP/465 egress and established.
     Message submission: TCP/587 egress and established.

- Web

     HTTP: TCP/80 egress and established.
     HTTPS: TCP/443 egress and established.

- VPN

     Standard IPSec VPN: IP protocols 50 (ESP) and 51 (AH) , TCP/500 (IKE) egress only.
     IPSec NAT traversal: UDP/4500 egress and established.
     Cisco IPSec NAT traversal: TCP/10000 egress and established.
     PPTP: IP protocol 47 (GRE) egress and established; TCP/1723 egress and established.
     OpenVPN: TCP/5000 TCP/1194 egress and established. *5000

- Remote Desktop

     RDP: TCP/3389 egress and established.
     VNC: TCP/5900 egress and established.
     Citrix: TCP/1494 egress and established.

- Directory Services

     LDAP: TCP/389 egress and established.
     LDAPS: TCP/636 egress and established.

- Secure Shell

     SSH: TCP/22 egress and established.

- File transfer

     Passive (S)FTP: TCP/21 egress and established.

  All other services not explicitly mentioned are forbidden.

 

 

 
Twitter Facebook Subscribe
 

SUPPORTED BY

BELSPO STO
 

VKI, CENTER OF EXCELLENCE

ESA          LEDITH