One of the WiFi networks available for students and staff at TELECOM SudParis (France) is Eduroam. Since I’m not always in the office, I need a WiFi connection for occasional email checking/sending. So, I decided to give Eduroam a go on my Nokia n900.

Before the firmware update (version 3.2010.02-8) released on Feb 16th, it was impossible to connect to this network. However, things have changed now.

Prior to today, the connection settings I was using were WPA-EAP with EAP mode: TTLS and EAP method: MSCHAPv2. The output from dmsg on the n900 showed that the authentication was always successful, but I was always getting disconnected by ‘local choice’: wlan0: deauthenticating by local choice (reason=3)

So…I decided to test other EAP methods. For TTLS, the n900 only supports 3 methods: EAP GTC, EAP MSCHAPv2 and MSCHAPv2. Since 2 out of 3 use MSCHAP, I tried EAP GTC. What do you know, it actually worked! I suspect some of the issues were partially caused by the lack of proper certificates. I fixed it by downloading the CA cert of TELECOM SudParis from here, transforming it into standard PEM format, and then importing it into the list of certificates on the n900.

Note: Unless the certificate is in PEM format and has the CA bit set, the certificate manager on the n900 will not provide you with the option to install it! The certificate you download is in standard x509 DER format. In order to export it into PEM, you need to use openssl. Here are the two commands you can use:

openssl x509 -in input.crt -out input.der -outform DER

openssl x509 -in input.der -inform DER -out output.pem -outform PEM

I hope this helps, since it took me a while to get a working connection.

Andrei~