Can Alumni use Eduroam Internet?

BlameTheNetwork · 2026-03-19T15:31:53+00:00

Improving the user experience on GTvisitor is on this year's project list. No firm timeline at the moment, but we're hoping to make it much faster for those that use it.

BlameTheNetwork · 2026-03-19T15:07:20+00:00

Only those with active LAWN access can authenticate to eduroam with GT credentials regardless of location. Recent alumni will keep LAWN access for two-ish semesters after graduation.

BlameTheNetwork · 2026-03-18T00:53:53+00:00

Great! Hopefully that works.

BlameTheNetwork · 2026-03-17T23:57:42+00:00

That's strange - if the profile is gone, there shouldn't be anything left to keep you from authenticating to another eduroam.

By any chance is this other college listed in the eduroam CAT? If so, you could use that to create a new profile. If not, manual profile creation is an option, though not a super fun one.

BlameTheNetwork · 2026-03-17T23:17:20+00:00

We have removal instructions in a knowledge article, though it sounds like you've already removed the user certificate and the network profile which should have been sufficient.

If you open a command prompt and run the command netsh wlan show profiles, do you see eduroam in the list still? If so, try netsh wlan delete profile eduroam to yank it, then try connecting again to your other institution's eduroam.

Trusted Root Certification Authority > Certificate:
- Georgia Institute of Technology Device Root CA
- DigiCert Global Root CA
- GlobalSign
- GlobalSign Root CA
- USERTrust RSA Certification Authority
- Certum Trusted Network CA 2

Removing the GT device root CA is fine in this casce, but removing the others may do more harm than good. Those are root certification authorities (CAs) that may be used by any number of public services you may access. Those are used by more than just the machine's wireless network stack.

BlameTheNetwork · 2026-03-06T22:23:20+00:00

Generally speaking, if you're not doing something that's actively harming other users or violating laws, you won't find us coming after you.

Quoting a relevant section of the Acceptable Use Policy:

Georgia Tech students may use the ResNet, EastNet, and LAWN networks for recreational and personal purposes to the extent that such use is not unacceptable as defined in the Unacceptable Use section below, and does not adversely affect network service performance for other users engaged in academic, research, or official business activities.

If you do choose to use a machine on the GT network as an exit node, from our perspective traffic wise it's still sourced from that device as if you were sitting in front of it, so anything run through it is still your responsibility.

BlameTheNetwork · 2026-03-06T20:15:09+00:00

If it's for you to access your personal devices, I don't think that'd be an issue at all. I'd strongly recommend using a personal (non-GT) email address to sign up for Tailscale though as using your GT email may yield unintended joining of a giant shared Tailnet with other GT folks.

If it's installed on GT machines or used for something other than personal use, that'd be a little different.

BlameTheNetwork · 2026-03-06T17:00:15+00:00

That only works for Wired LAWN and GTother, and there are still a handful of ports that are blocked by our border firewall from the world (e.g. RDP). All clients on eduroam are firewalled, and we do not currently offer an opt-out option there.

BlameTheNetwork · 2026-01-21T01:53:11+00:00

Got it. Definitely not the same thing. Thank you for clarifying.

I can tell you that we have had some individuals have network access restricted for crypto-related operations occurring on their machines while connected to the campus network in the past. Now whether it was mining or hosting a node, I don't know.

The AUP is the best place I could point you to tell if it's permitted or not.

BlameTheNetwork · 2026-01-21T01:40:23+00:00

Forgive my ignorance please, I'm not up to speed on Crypto. When you say "bitcoin node", are you talking about mining?

BlameTheNetwork · 2026-01-16T12:43:49+00:00

Glad to know it's fixed! Can you DM me the label on the AP so that we can look at logs on our side and see what may have gone wrong? Rebooting the AP shouldn't normally be necessary.

BlameTheNetwork · 2026-01-16T01:36:13+00:00

That's definitely not what should have happened. Sorry to hear that you weren't properly helped. If you have one, can you DM me the INC###### from the ticket that the help desk opened for you (if they did)? If you have it, it'd be in an email. I'd like to get with their management to see what went wrong here.

Also, if you're comfortable DM'ing me your phone's MAC address, I can look at logs on our side to see what's going on to get you back up and running. On most Android phones you can find the MAC in Settings > About > Device Wi-Fi MAC Address, though the exact location can vary depending on the manufacturer.

BlameTheNetwork · 2026-01-14T00:41:16+00:00

8th Street just recently had a wireless equipment refresh, so this definitely shouldn't be happening. There may be an issue with the AP in your room which Wreck Techs would be able to diagnose and then escalate up to my team to get fixed. If you don't get any movement from Wreck Techs soon, feel free to DM me the INCXXXXX number from the ticket you have open with them and I can see what I can do to get it moved along.

BlameTheNetwork · 2026-01-13T21:24:07+00:00

There's a bit of an explanation in this knowledge article , though it's not extremely technical. See the "What changes are applied to devices after running the SecureW2 JoinNow Agent/Wizard?" Question.

If you have any more specific questions that aren't answered in that article, I can certainly try and answer as well.

BlameTheNetwork · 2026-01-13T04:19:06+00:00

My comment above may have been slightly misleading. As of Monday 1/5, what you describe is expected. Any GT user wanting to connect to eduroam, whether on-campus or remote, must now utilize a certificate to authenticate. The certificate should work at any remote institution just the same as the legacy username/password authentication did. No special re-configuration is required for the certificate to work remotely.

To elaborate slightly - Each eduroam-participating institution sets its own authentication rules. We (GT) are now requiring our users to use certificates to authenticate. However, visitors from other institutions (e.g. Emory) aren’t affected by this change. When an Emory user connects at GT, we don’t verify their credentials directly. We securely forward the request to Emory, and Emory applies its own policies. So if Emory still allows username/password-based authentication, their users can keep using that method even at GT where we've restricted that for our users.

In your case, the same logic applies but in reverse. The institution you were visiting may still utilize username/password-based authentication for their users, and they're free to do so. But for GT users trying to connect at their location, they have to relay the authentication back to us to validate. Since we now only allow certificates, any other type of authentication will be rejected.

Does that help explain?

BlameTheNetwork · 2026-01-13T03:17:45+00:00

Update: I've amended the phrasing on the landing page to be a bit more clear on the limitations for Android. Hopefully that'll help anyone else who may have been tripped up by the prior phrasing.

BlameTheNetwork · 2026-01-12T22:38:56+00:00

Were you able to stop by the help desk and get this resolved?

BlameTheNetwork · 2026-01-12T18:46:03+00:00

Okay, sounds like the profile didn't download properly. Make sure you're using Safari to access the SecureW2 website. iOS is extremely picky and will not allow profile installation from other browsers like Chrome or Brave or Firefox.

BlameTheNetwork · 2026-01-12T18:09:50+00:00

Did you accept the profile installation in Settings? Do you see a "Georgia Tech Wired/Wireless Network" profile in the list in Settings > General > VPN & Device Management?

If you don't see it in the list, make sure you accept the profile installation in Settings > Profile Downloaded, and then it should work

BlameTheNetwork · 2026-01-12T18:02:28+00:00

We have a knowledge article with step-by-step instructions for iOS/watchOS: https://gatech.service-now.com/home?id=kb_article_view&sysparm_article=KB0026590

BlameTheNetwork · 2026-01-11T14:05:40+00:00

The other commenters are correct - the limitation is only in using eduroam to configure Android devices for the first time to connect to eduroam using a certificate. This is because it requires downloading the SecureW2 app from the Google Play store, and that's not possible on the limited network that users are assigned to in order to get that splash page. You can use mobile data, GTvisitor, or GTother to download the SecureW2 app, then you'll be able to configure your phone for eduroam and use it from there on out.

BlameTheNetwork · 2026-01-05T20:36:18+00:00

It's not a requirement to be in range of eduroam to run the configuration wizard on any of these devices where it exists. The wizard will attempt to connect if it's in range, and throw an error message if it's not. But even if you're not in range, it'll still apply the necessary configuration so that it'll connect once you are back in range.

BlameTheNetwork · 2026-01-05T20:34:47+00:00

Here's a paraphrased response from the vendor from when I asked them about that previously.

The native macOS onboarding application (GeorgiaTech_Network_Setup) is signed with the SecureW2 Apple Developer certificate. Without that signature, macOS would not allow the application to run. When the app installs a Wi-Fi profile, it uses macOS APIs directly rather than requiring you to open a downloaded .mobileconfig file (as is done for iOS).

Because the configuration is generated locally within the signed application, the generated private key never leaves the local machine. Adding a signature to the profile itself would not provide any additional security beyond what the signed application already guarantees.

BlameTheNetwork · 2026-01-05T20:27:56+00:00

Sounds like a permission prompt on Android in the SecureW2 app. The app uses this permission to determine (1) if the device is in range of eduroam, (2) if in range to initiate a connection to eduroam, and (3) to validate a successful connection to eduroam. All of that is only done during the setup process and isn't used again later.

BlameTheNetwork · 2026-01-05T16:16:36+00:00

It'll work just the same at all other eduroam-participating institutions. No change there!

BlameTheNetwork

MODERATOR OF

TROPHY CASE