Skip to content

Instantly share code, notes, and snippets.

@korewaChino

korewaChino/README.md

Created February 3, 2026 11:50
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save korewaChino/00fad424bc4e39c3d5514f9514fd27f1 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save korewaChino/00fad424bc4e39c3d5514f9514fd27f1 to your computer and use it in GitHub Desktop.
Download ZIP
ChulaWiFi setup for modern Linux distributions
Raw
README.md

ChulaWiFi setup for modern Linux

Note

If you're a foreign student or faculty member from another college visiting CU. This is probably not for you. Please refer to eduroam for cross-campus networking.

This documentation is intended for various students and faculty members of Chulalongkorn University attempting to access the internal campus network using a standard Freedesktop Linux system, such as a Raspberry Pi or a full PC running a modern Linux distribution.

This instruction assumes you are using a standard desktop Linux distribution that uses NetworkManager.

Instructions

  1. Create a NetworkManager profile connecting to ChulaWiFi's SSID (ChulaWiFi)
  2. Modify the profile as such, using your preferred NM frontend or your DE's provided frontend. nmcli instructions will also be included:

  • Set authentication type to PEAP

    nmcli connection modify ChulaWiFi 802-1x.eap peap

  • Set up your campus credentials (username and password)

    nmcli connection modify ChulaWiFi 802-1x.identity YOUR_ID

    nmcli connection modify ChulaWiFi 802-1x.password YOUR_PASSWORD

  • Set up the Phase-2 authentication method to MSCHAPv2

    nmcli connection modify ChulaWiFi 802-1x.phase2-auth mschapv2

  1. CU still uses the legacy, now-insecure AES cipher for handshakes, thus you will need to set the OpenSSL security level to zero.

    nmcli connection modify ChulaWiFi 802-1x.openssl-ciphers "DEFAULT:@SECLEVEL=0"

    Without this, OpenSSL will reject the handshake with an unsupported protocol error.

  2. Finally, activate the connection profile to connect to the network

    nmcli connection up ChulaWiFi

Troubleshooting

If you're still getting unsupported protocol errors, make sure to follow step 3 properly as this is a known quirk with CU's legacy AES implementation

If you are using a graphical NM frontend (like Plasma or GNOME), you may only need to follow step 3 in a CLI, as most frontends do not expose this option by default

A note to Chula IT Staff

Please update the network to migrate to a newer, more secure cipher for your own students' privacy and safety. Not doing so may risk violating the PDPA as students' privacy while using the campus network is at risk.

Even TrueMove H's legacy PEAP system supports modern ciphers with this method as a fallback on top of the default EAP-SIM auth method used by most users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment