Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Child pages
  • Check Your eduroam Configuration for TLRS1
Skip to end of metadata
Go to start of metadata

On Monday, February 18, we changed the IP address on one of the two main eduroam servers -- TLRS1.EDUROAM.US. We have data that shows 70% of connectors may still be misconfigured, but may not be aware of this because of the redundant eduroam servers (TLRS1 and TLRS2). If that is the case for you, your service will break when we change the IP address of TLRS2 in March. See the process for testing your configuration in the "Test Your Configuration" section below.

WE URGE YOU TO CHECK YOUR CONFIGURATION FOR TLRS1 NOW, following the instructions below. Please note: The two major sources of problems are:

  1. Missing definition of the new IP address on firewalls
  2. The need to restart the RADIUS server

Configuration for TLRS1

If you have configured the RADIUS clients with the explicit IP addresses, remove the old IP addresses for TLRS1.EDUROAM.US from your RADIUS client list and replace it with the NEW IPv4 or IPv6 address below.

If you are using DNS entries to route requests to the TLRS servers, perform your second RADIUS service restart (to ensure that your service sees the updated DNS entries). In this case, you will see a service interruption until you do the restart. You may also need to FLUSH THE DNS CACHE on your RADIUS server(s) BEFORE YOU RESTART RADIUS to prevent stale entries from being erroneously retrieved.

Here is the information you will need to make these changes on your network:

OLD IP ADDRESSES:

DNS Name - TLRS1.EDUROAM.US
Current IPv4 - 64.57.22.74
Current IPv6 -2001:468:ef01:2::74

NEW IP ADDRESSES

NEW IPv4 - 163.253.31.2
NEW IPv6 - 2001:468:1f11::2

Test Your Configuration

Steps to check that your peering is working using eduroam-US logs. Note: checking your campus RADIUS servers logs might not be sufficient.

  1. Go to https://www.eduroam.us/admin-login and log in.
  2. Navigate to https://www.eduroam.us/log/viewer)

For Service Providers:  Under Search Options:  Filter by Client Identifier = <peering identifier>.  If you see recent accepted OR rejected requests then your peering is
working as an SP.

For Identity Providers: Under Search Options: Filter by Username = <peering identifier>. If you see recent accepted requests then your peering is working as
an IdP.

The peering identifier is normally your primary realm and should be easy to find in the displayed logs.

Steps to actively test that your peering is working, using a testing tool:

Service Provider: Using the Test Accounts Tool (https://www.eduroam.us/config/test_accounts), create a test account and use it on a device and try to connect to your local 'eduroam' SSID.

Identity Provider: Using the Realm Testing Tool (https://www.eduroam.us/test/realm) you can simulate one of your users roaming to another institution ('Web Site' in the logs).

Additional Support

Please email eduroam-support@internet2.edu)with questions about this process or any other aspect of eduroam.

  • No labels