Using Eduroam or any other kind of WiFi that requires TLS authentication on LineageOS
15. December 2019 - Reading time: 4 minutes
I'm using LineageOS since several years and on various devices and maintaining some of them for family and friends. There, on two different kinds of phones (Samsung Galaxy J7 and Sony Xperia XA2) and on two different universities in Germany the issue popped up that they're not able to connect to the university's WLAN network Eduroam. The network's SSID is shown in the phone's WLAN settings, but they're not able to connect, even if they follow the network connection guides provided by their university, respectively. I was not able to reproduce this behavior on my home university, there everything works perfectly.
After some research (e.g. here and here) I found the reason and some kind of solution / workaround:
- The reason for this behavior is the fact, that the network authentication method used for Eduroam is not standardized. For example my university is using EAP with mschapv2, while the two other universities use TLS. TLS authentication seems to be unsupported on basically all custom ROMs based on the Android Open Source Project AOSP and LineageOS is one of these.
- The solution is to install an app that's bringing the TLS authentication process with it. One app that's providing this is the WiFi Manager from kmansoft. Usage of this app is very straightforward and it works flawlessly on both phones and on both university networks. Even if it's quite old (last update on 2018) it works on Android 7.1 / LineageOS 14.1 as well as on Android 9.0 / LineageOS 16.0.
- The problem is that this domain seems to be expired and not renewed and the app is no longer avaliable on the Google Play Store. The reason seems be that the author sold the app - that's written on his mobile website, linked from his github profile.
- One solution is to use the Wayback Machine from the Internet Archive. There's a snapshot available from May 24, 2019 where you can find out that the apk is still available:
I captured this site on the wayback machine, too, to be on the safe side ;-).
- Another solution is to find an app that's providing TLS authentication and is available over official channels, e.g. the Google Play Store or - even better - the F-Droid Repository. If you find or know an app like that - please let me know! Just leave a comment!