Hello.
I am having issues getting my university wifi working. I can connect to the eduroam wifi but there is no internet.
It seems to be a Fedora (Silverblue?) specific issue as I tried to connect in a Debian testing live usb and everything worked correctly.
I used my institution’s Configuration Assistant Tool.
I tried the workarounds I found online but nothing worked.
Just to clarify, I tried:
sudo update-crypto-policies --set DEFAULT:FEDORA32sudo update-crypto-policies --set LEGACYOptions = UnsafeLegacyRenegotiation in /etc/pki/tls/openssl.confnet.ifnames=0 to kernel optionsNone of the above worked.
Added eduroam
Is there anything in the logs that would indicate what’s going on perhaps?
Here is everything related to eduroam:
9∶22∶36 NetworkManager: <info> [1728458556.8735] policy: set 'eduroam' (wlp1s0) as default for IPv4 routing and DNS
9∶22∶36 NetworkManager: <info> [1728458556.8735] policy: set 'eduroam' (wlp1s0) as default for IPv4 routing and DNS
9∶22∶36 NetworkManager: <info> [1728458556.6605] device (wlp1s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "eduroam"
9∶22∶36 wpa_supplicant: wlp1s0: Trying to associate with 80:8d:b7:d9:4e:b0 (SSID='eduroam' freq=5260 MHz)
9∶22∶36 wpa_supplicant: wlp1s0: Trying to associate with 80:8d:b7:d9:4e:b0 (SSID='eduroam' freq=5260 MHz)
9∶22∶36 wpa_supplicant: wlp1s0: SME: Trying to authenticate with 80:8d:b7:d9:4e:b0 (SSID='eduroam' freq=5260 MHz)
9∶22∶36 NetworkManager: <info> [1728458556.2899] Config: added 'ssid' value 'eduroam'
9∶22∶36 NetworkManager: <info> [1728458556.2899] Config: added 'ssid' value 'eduroam'
9∶22∶36 NetworkManager: <info> [1728458556.2898] device (wlp1s0): Activation: (wifi) connection 'eduroam' has security, and secrets exist. No new secrets needed.
9∶22∶36 NetworkManager: <info> [1728458556.2869] device (wlp1s0): Activation: (wifi) access point 'eduroam' has security, but secrets are required.
9∶22∶36 NetworkManager: <info> [1728458556.2191] device (wlp1s0): Activation: starting connection 'eduroam' (8416f6f4-98de-4cad-beca-cb2967de4186)
9∶22∶36 NetworkManager: <info> [1728458556.2183] policy: auto-activating connection 'eduroam' (8416f6f4-98de-4cad-beca-cb2967de4186)
9∶05∶45 NetworkManager: <info> [1728457545.4494] policy: set 'eduroam' (wlp1s0) as default for IPv4 routing and DNS
9∶05∶45 NetworkManager: <info> [1728457545.2266] device (wlp1s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "eduroam"
9∶05∶44 wpa_supplicant: wlp1s0: Trying to associate with 80:8d:b7:d9:4e:b0 (SSID='eduroam' freq=5260 MHz)
9∶05∶44 wpa_supplicant: wlp1s0: Trying to associate with 80:8d:b7:d9:4e:b0 (SSID='eduroam' freq=5260 MHz)
9∶05∶44 wpa_supplicant: wlp1s0: SME: Trying to authenticate with 80:8d:b7:d9:4e:b0 (SSID='eduroam' freq=5260 MHz)
9∶05∶44 NetworkManager: <info> [1728457544.8432] Config: added 'ssid' value 'eduroam'
9∶05∶44 NetworkManager: <info> [1728457544.8432] Config: added 'ssid' value 'eduroam'
9∶05∶44 NetworkManager: <info> [1728457544.8431] device (wlp1s0): Activation: (wifi) connection 'eduroam' has security, and secrets exist. No new secrets needed.
9∶05∶44 NetworkManager: <info> [1728457544.8407] device (wlp1s0): Activation: (wifi) access point 'eduroam' has security, but secrets are required.
9∶05∶44 NetworkManager: <info> [1728457544.7741] device (wlp1s0): Activation: starting connection 'eduroam' (8416f6f4-98de-4cad-beca-cb2967de4186)
9∶05∶44 NetworkManager: <info> [1728457544.5957] audit: op="connection-activate" uuid="8416f6f4-98de-4cad-beca-cb2967de4186" name="eduroam" pid=1541 uid=1000 result="success"
9∶05∶39 NetworkManager: <info> [1728457539.0199] audit: op="connection-add" uuid="8416f6f4-98de-4cad-beca-cb2967de4186" name="eduroam" pid=2895 uid=1000 result="success"
9∶05∶38 NetworkManager: <info> [1728457538.9908] audit: op="connection-delete" uuid="55e8eead-2a11-4781-abd5-e25fb795e0e5" name="eduroam" pid=2895 uid=1000 result="success"
9∶04∶56 NetworkManager: <info> [1728457496.0924] policy: set 'eduroam' (wlp1s0) as default for IPv4 routing and DNS
9∶04∶55 NetworkManager: <info> [1728457495.8657] device (wlp1s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "eduroam"
9∶04∶55 wpa_supplicant: wlp1s0: Trying to associate with 80:8d:b7:d9:4e:b0 (SSID='eduroam' freq=5260 MHz)
9∶04∶55 wpa_supplicant: wlp1s0: Trying to associate with 80:8d:b7:d9:4e:b0 (SSID='eduroam' freq=5260 MHz)
9∶04∶55 wpa_supplicant: wlp1s0: SME: Trying to authenticate with 80:8d:b7:d9:4e:b0 (SSID='eduroam' freq=5260 MHz)
9∶04∶55 NetworkManager: <info> [1728457495.4276] Config: added 'ssid' value 'eduroam'
9∶04∶55 NetworkManager: <info> [1728457495.4276] Config: added 'ssid' value 'eduroam'
9∶04∶55 NetworkManager: <info> [1728457495.4275] device (wlp1s0): Activation: (wifi) connection 'eduroam' has security, and secrets exist. No new secrets needed.
9∶04∶55 NetworkManager: <info> [1728457495.4230] device (wlp1s0): Activation: (wifi) access point 'eduroam' has security, but secrets are required.
9∶04∶55 NetworkManager: <info> [1728457495.3233] device (wlp1s0): Activation: starting connection 'eduroam' (55e8eead-2a11-4781-abd5-e25fb795e0e5)
9∶04∶55 NetworkManager: <info> [1728457495.3227] policy: auto-activating connection 'eduroam' (55e8eead-2a11-4781-abd5-e25fb795e0e5)
Here are logs from when I connect to eduroam:
https://pastebin.com/raw/d7D24Y29
There’s a good chance that this is an issue with your registration on eduroam, and some of that is going to be specific to your home institution. I do have a couple of things you might want to look at:
DNS
Check the output of resolvectl when connected (and/or cat /etc/resolv.conf) - make sure you’re getting sensible values.
Check whether you can resolve host names (resolvectl query fedoraproject.org, host example.com etc.)
See if your institution provides error guidance pages
Try and visit a http site in a web browser - http://example.com is my preferred way to trigger that.
At least at my institution they redirect you to an explanation for some common misconfigurations.
MAC randomisation
Most (possibly all?) eduroam providers need you to be connecting from a registered MAC address, but the default approach on Fedora (and others) is to use a randomised MAC address for different connections. This means the MAC address you registered with may not be the one that Fedora is using (see the “stable-ssid” line in the pastebin link you provided).
Take a look at Changes/StableSSIDMACAddress - Fedora Project Wiki for ways to fix your MAC address. Using option 1 for your eduroam profile would be the least intrusive change to your system.
I also note this line in your pastebin:
11∶27∶29 NetworkManager: [1728466049.3090] Config: added ‘identity’ value ‘MY_IDENTITY’
Assuming that was you redacting your email address before you posted the log, then obviously it’s not a problem (and perfectly sensible). If not then you probably need to reset the username and password in the connection settings before trying any of the above.
That’s a major point.
qwq, I haven’t had time to read the logs, but maybe the MAC of the Debian has been registered, while Fedora uses a different one, and you are not allowed to register more than one MAC perhaps? You might try again with using the MAC of Debian on Fedora.
In Fedora, there will be one MAC generated for each SSID since I think F40 (or was it F39?), but it remains static for the very SSID. This means this default will work fine with approaches like Eduroam. But it can thus occur that Debian maybe has a different MAC (I am not sure if Debian does the same or uses the “real” MAC, but the outcome will be the same). If your installation is older than F40/F39 and you have just upgraded but not reinstalled Fedora since before F40/39 (which would mean the change towards random MACs will not be applied on your Fedora), this issue can still apply if Debian does randomize.
In any case, you can change the MAC in your network GUI → go to the very connection in your network GUI, and then align MAC with that of Debian. Worth a try 
I hope Eduroam does not consider the host name but just the MAC.
Possibly not relevant for qwq’s problem, but an important detail here is that some institutions have separate “setup” networks for registration, and those will see a different MAC as the SSID is used as part of the randomisation.
The default on Debian still appears to be to use the real hardware MAC, so if registration and login worked there then reverting to the hardware MAC for Fedora should do the trick.
FWIW – I have never registered a MAC with Eduroam & I’ve been happily connecting to Eduroam networks all over with various different devices (Linux laptops, Android smartphones).
Correct, this is my redaction.
Anyway, thank you everyone for the suggestions. I tried setting a permanent MAC address but nothing changed, I can still connect but there is no internet.
Classes have ended and I am not at the university anymore, but I will be gtateful for any suggestions and I will try them tomorrow 
Eduroam used to work fine when I worked with it some years ago, but of course much can have changed since. That’s why I was not sure if the host name may be is part of the problem. Yet, the randomization itself should not pose an issue: the network can only determine the MAC but not identify how it was created (real, random, etc.).
At the same time, I still expect a standards-conform setup because Debian works fine out of the box.
The question is if you can register more than one MAC and if not, which one was registered.
Also, did you register something in a web browser in Debian? If so, did that work in Fedora?
Do you maybe have a support staff or so who you can ask about potential origins of the issues? Such as number of registered MAC addresses or so? They might know the setup/needs so that we do not need to guess about it.
The question is if there are different Eduroam setups for different customers. I am no longer 100% sure but I think I also had to register my devices with their MAC when I was using it.
This was not the case for me, I only had to make a password. I don’t think there is a MAC address limit, or at least I have not reached it.
I actually tried connecting to eduroam a year or so earlier on Workstation 38 or 39 and it worked (using the same configuration tool I used today). Then there was a long period where I didn’t need to use eduroam on my laptop so I didn’t check whether it worked or not.
I don’t remember changing anything network related that would cause this issue, but I guess I will try reinstalling just in case and report back tomorrow.
The NetworkManager log seems to show that it never connected successfully. What does wpa_supplicant say?
journalctl -u wpa_supplicant -b
EDIT: Oh wait nvm, the log is backwards…
eduroam can be set up to automatically register wireless client MAC addresses (but require manual registration from wired ones), which is usually fast.
Some things to try:
Check network config (especially the active fields from DHCP at the end)
$ nmcli conn show eduroam
Try a query on default and public DNS
resolvectl query example.com
dig +tls @1.1.1.1 example.com
Trace route
traceroute 1.1.1.1
You wrote you are on Fedora Silverblue and things used work a year ago on Workstation 38 or 39. Which Fedora Silverblue version are you on?
I"m not sure your institution’s CAT is the best choice. Depends on your institution Have you tried getting the necessary info (in particular inner auth and such) and setting up the connection “manually”, i.e. using the network connection settings? WiFi connectivity without internet sounds like typical problems caused by tools which don’t deal properly with resolved and such.
Right, I should have specified, I am on Fedora Silverblue 40.
I have tried both, same results.
Alright, I reinstalled Sliverblue 40 and eduroam now works… I swear I didn’t mess with anything network related before.
Sorry for the noise everyone… 
No worries, I guess everyone around here is happy if everyone else’s machines work properly