I have tried everything that I know of. I’ve used the CAT tool, I tried to configure the network connection manually, but it just refuses to connect me. It says that I am using an incorrect password, however when I booted into windows and tried the same login and password, I connected without issues. Does anyone know what to do or how to troubleshoot it further? Thanks in advance!
2 Likes
Hi @nekochan , welcome to the forum.
Did it work before? There was this issue a few releases ago when the default crypto policies had changed:
Hi @ankursinha , thanks for the welcome!
Fedora 42 is my first time using a Red hat distro and fedora in general, so since I’ve installed the Fedora 42 it refuses to connect and ask me for a password again and again. Before Fedora I had Ubuntu and Debian and on those distros I had no trouble connecting to eduroam in my University. I will look into the crypto policies and check whether its them causing this.
Update: I tried setting the crypto policies to legacy, but it didn’t help.
1 Like
Hrm, can you look at the journal logs to see what they say? My laptop is on F42 and did work the last time I took it in. I can check again next week.
Sure, I have run sudo journalctl -xe | grep -i wpa and got something like this:
Journal output
May 09 12:01:03 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-SSID-REENABLED id=0 ssid=“eduroam”
May 09 12:01:03 fedora wpa_supplicant[1216]: wlp1s0: SME: Trying to authenticate with 70:f3:5a:45:de:cf (SSID=‘eduroam’ freq=5300 MHz)
May 09 12:01:03 fedora wpa_supplicant[1216]: wlp1s0: Trying to associate with 70:f3:5a:45:de:cf (SSID=‘eduroam’ freq=5300 MHz)
May 09 12:01:03 fedora wpa_supplicant[1216]: wlp1s0: Associated with 70:f3:5a:45:de:cf
May 09 12:01:03 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-STARTED EAP authentication started
May 09 12:01:03 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 09 12:01:03 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
May 09 12:01:03 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
May 09 12:01:03 fedora wpa_supplicant[1216]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
May 09 12:01:03 fedora wpa_supplicant[1216]: OpenSSL: openssl_handshake - SSL_connect error:0A000102:SSL routines::unsupported protocol
May 09 12:01:06 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 09 12:01:08 fedora wpa_supplicant[1216]: wlp1s0: Authentication with 70:f3:5a:45:de:cf timed out.
May 09 12:01:08 fedora wpa_supplicant[1216]: wlp1s0: BSSID 70:f3:5a:45:de:cf ignore list count incremented to 3, ignoring for 60 seconds
May 09 12:01:09 fedora wpa_supplicant[1216]: nl80211: send_event_marker failed: Source based routing not supported
May 09 12:01:09 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-DISCONNECTED bssid=70:f3:5a:45:de:cf reason=3 locally_generated=1
May 09 12:01:09 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid=“eduroam” auth_failures=2 duration=23 reason=AUTH_FAILED
May 09 12:01:09 fedora wpa_supplicant[1216]: wlp1s0: BSSID 70:f3:5a:45:de:cf ignore list count incremented to 4, ignoring for 120 seconds
May 09 12:01:09 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-DSCP-POLICY clear_all
May 09 12:01:11 fedora wpa_supplicant[1216]: wlp1s0: Removed BSSID 70:f3:5a:45:de:cf from ignore list (clear)
May 09 12:01:17 fedora NetworkManager[1059]: [1746784877.8175] Config: added ‘key_mgmt’ value ‘WPA-EAP FT-EAP FT-EAP-SHA384 WPA-EAP-SHA256’
May 09 12:01:20 fedora wpa_supplicant[1216]: wlp1s0: SME: Trying to authenticate with 70:f3:5a:45:de:cf (SSID=‘eduroam’ freq=5300 MHz)
May 09 12:01:20 fedora wpa_supplicant[1216]: wlp1s0: Trying to associate with 70:f3:5a:45:de:cf (SSID=‘eduroam’ freq=5300 MHz)
May 09 12:01:20 fedora wpa_supplicant[1216]: wlp1s0: Associated with 70:f3:5a:45:de:cf
May 09 12:01:20 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-STARTED EAP authentication started
May 09 12:01:20 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 09 12:01:20 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
May 09 12:01:20 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
May 09 12:01:20 fedora wpa_supplicant[1216]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
May 09 12:01:20 fedora wpa_supplicant[1216]: OpenSSL: openssl_handshake - SSL_connect error:0A000102:SSL routines::unsupported protocol
May 09 12:01:23 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 09 12:01:25 fedora wpa_supplicant[1216]: wlp1s0: Authentication with 70:f3:5a:45:de:cf timed out.
May 09 12:01:25 fedora wpa_supplicant[1216]: wlp1s0: Added BSSID 70:f3:5a:45:de:cf into ignore list, ignoring for 10 seconds
May 09 12:01:25 fedora wpa_supplicant[1216]: nl80211: send_event_marker failed: Source based routing not supported
May 09 12:01:25 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-DISCONNECTED bssid=70:f3:5a:45:de:cf reason=3 locally_generated=1
May 09 12:01:25 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid=“eduroam” auth_failures=1 duration=10 reason=AUTH_FAILED
May 09 12:01:25 fedora wpa_supplicant[1216]: wlp1s0: BSSID 70:f3:5a:45:de:cf ignore list count incremented to 2, ignoring for 10 seconds
May 09 12:01:25 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-DSCP-POLICY clear_all
May 09 12:01:37 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-SSID-REENABLED id=0 ssid=“eduroam”
May 09 12:01:37 fedora wpa_supplicant[1216]: wlp1s0: SME: Trying to authenticate with 70:f3:5a:45:de:cf (SSID=‘eduroam’ freq=5300 MHz)
May 09 12:01:37 fedora wpa_supplicant[1216]: wlp1s0: Trying to associate with 70:f3:5a:45:de:cf (SSID=‘eduroam’ freq=5300 MHz)
May 09 12:01:37 fedora wpa_supplicant[1216]: wlp1s0: Associated with 70:f3:5a:45:de:cf
May 09 12:01:37 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-STARTED EAP authentication started
May 09 12:01:37 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 09 12:01:37 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
May 09 12:01:37 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
May 09 12:01:37 fedora wpa_supplicant[1216]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
May 09 12:01:37 fedora wpa_supplicant[1216]: OpenSSL: openssl_handshake - SSL_connect error:0A000102:SSL routines::unsupported protocol
May 09 12:01:40 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 09 12:01:42 fedora wpa_supplicant[1216]: wlp1s0: Authentication with 70:f3:5a:45:de:cf timed out.
May 09 12:01:42 fedora wpa_supplicant[1216]: wlp1s0: BSSID 70:f3:5a:45:de:cf ignore list count incremented to 3, ignoring for 60 seconds
May 09 12:01:42 fedora wpa_supplicant[1216]: nl80211: send_event_marker failed: Source based routing not supported
May 09 12:01:42 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-DISCONNECTED bssid=70:f3:5a:45:de:cf reason=3 locally_generated=1
May 09 12:01:42 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid=“eduroam” auth_failures=2 duration=25 reason=AUTH_FAILED
May 09 12:01:42 fedora wpa_supplicant[1216]: wlp1s0: BSSID 70:f3:5a:45:de:cf ignore list count incremented to 4, ignoring for 120 seconds
May 09 12:01:42 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid=“eduroam” auth_failures=3 duration=41 reason=CONN_FAILED
May 09 12:01:42 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-DSCP-POLICY clear_all
May 09 12:01:47 fedora wpa_supplicant[1216]: wlp1s0: Removed BSSID 70:f3:5a:45:de:cf from ignore list (clear)
From what I gathered the most concerning lines are these:
May 09 12:01:37 fedora wpa_supplicant[1216]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
May 09 12:01:37 fedora wpa_supplicant[1216]: OpenSSL: openssl_handshake - SSL_connect error:0A000102:SSL routines::unsupported protocol
May 09 12:01:40 fedora wpa_supplicant[1216]: wlp1s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 09 12:01:42 fedora wpa_supplicant[1216]: wlp1s0: Authentication with 70:f3:5a:45:de:cf timed out.
At least I think so, but I don’t know what they mean or what to do with them.
1 Like
It sill points to something SSL related. Maybe it’s another setting that we need to tinker with. What does this show, just to confirm that legacy is enabled?
sudo update-crypto-policies --show
And, did you restart wpa_supplicant after doing this (either via systemctl or a reboot)?
sudo systemctl restart wpa_supplicant
I had the same issue after upgrading to fedora 42, even after setting the crypto policy to LEGACY.
Turned out to be that the CA certificate I’d specified in the ‘Security’ settings under the wifi settings didn’t exist anymore (indidcated by being highlighed in red). I simply updated this to be the ca-certificates.crt under /etc/ssl/certs and this fixed the issue.
This might help others if the University your trying to connect with uses a public signed certificate for it’s RADIUS services.
1 Like
It showed LEGACY and I did reboot, so that it would work, but it still displayed the same messages. Sorry for the late reply, I didn’t have internet connection
1 Like
I have checked whether the path that I provide, points to an existing ca certifiacate and it does. So I don’t think that is it.
1 Like
This post seems to suggest that it could be the TLS version:
On Fedora, it looks like it’s in this file:
/etc/crypto-policies/back-ends/opensslcnf.config
The minimum TLS version is TLSv1.2 on my system. So perhaps changing that to a lower version would
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
TLS.MinProtocol = TLSv1.2
TLS.MaxProtocol = TLSv1.3
DTLS.MinProtocol = DTLSv1.2
DTLS.MaxProtocol = DTLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
[openssl_init]
alg_section = evp_properties
[evp_properties]
rh-allow-sha1-signatures = no
That’s the limit of my knowledge on this subject though, we’ll need someone with more know-how to help here.
Hello,
Sorry for the late reply again, I was looking into what you recommended and it turns out it’s not that simple on Fedora 42. Firstly, the config files are in different locations. Secondly, openSSL 3.0 and above cut off support to TLS 1.1 and TLS 1.0 completly. I’ve been trying to fix this using custom crypto policies, but it didn’t help yet. Additionally, my wifi started running really slow, like it doesn’t connect me to websites, because of time out.
So right now, I will stop working on trying to connect to eduroam, because I plan to fix my wifi first. However, if I find a solution I will be sure to return here to post it. If anyone is more knowledgeable on how to fix this issue, I will be extremely gratefull for any advice.
Hi all,
I’m experiencing the same problem, and none of the suggested solutions here have worked, unfortunately. This only started occurring after I upgraded to F42 KDE, and leads to timeouts when connecting to any network resource. Happens about every 20 mins I think, after which I have to disconnect and reconnect to effectively reset the timer. Rinse and repeat.
Why is eduroam causing all these problems, specifically on Linux OSes? I had to deal with the historical issues as well, so this is nothing new 