Administrator's Guide to configuring the iPhone/iPod Touch for Eduroam
The following instructions explain how to write custom configuration scripts for Eduroam access on the iPod Touch or iPhone, you can then connect to any other eduroam institiution in the world.
These instructions reference the iPhone Configuration Utility (OSX binary and or OSX/Windows Web config app) available from the iPhone enterprise support site.
This utility is required for customisation of the configuration paramaters of >v2.0 of the iPhone/iPod Touch software and resultant configuration files can be hosted on a web site or emailed to a user for loading on the device. Configuration including setting of password policies or exchange server setup can also be performed with this tool but are outside the scope of this document.
Links to the web config tool:
Login as Username: admin, Password: admin
Alternatively using the iPhone Configuration binary (OSX) - simply open the application and perform configuration steps below.
Enter information for required fields in general screen above (profile name, unique identifier and description) - values are not connection specific.
Select Wi-Fi tab
Enter SSID name (eduroam) and select Security Type dropdown option WPA/WPA2 Enterprise
Select Protocols/Accepted EAP types and ensure TTLS checkbox is selected
Select 'Authentication' sub-tab and change Inner Authentication type to PAP
Click the Save button
These steps are only required where Eduroam access is only available via VPN connection such as at UQ, otherwise skip to the next section (config deployment).
Select VPN tab to configure deployment settings for VPN access - these will be specific to each institution depending on VPN requirements.
Enter Connection Name and select Connection Type from dropdown (most commonly IPSec for Cisco VPN but also L2TP and PPTP options available).
For shared authentication use Shared Secret/Group Name authentication type and enter Shared Secret and Group Name for organisation wide deployment.
Leave Account entry blank to allow end user to configure individual username setting per device.
Return to General tab after double checking and saving all customisation settings entered above.
Click on Export Profile to save the resultant XML configuration document as a .mobileconfig file for website delivery or use Email Profile
Note that a non Eduroam wireless network or 3G connection will be required to deliver this file to the end user device.
Web deployment of profiles is more difficult as it requires configuration of the hosting server to transmit .mobileconfig XML files as type application/x-apple-aspen-config.
Upon loading the configuration profile, enter the eduroam credentials (email@example.com) and password as per following screens:
Upon accepting eduroam credentials (and optionally VPN credentials also) the following Certificate request will show that the connection is successful, Accept the certificate.
To activate VPN access, slide the VPN switch on the wireless setting screen