SSID: eduroam
This wireless network allows secure access to services for students, staff and guests. The authentication with a valid username and password is needed, before access to the network ist granted. This technique is based on the standard IEEE 802.1x.There are different implementations of the protocol EAP used for authentication and exchange of cryptographic key information. To support the specific protocol which is used by the access point a specific software (called supplicant) is required.
For technical reasons, the protocol used for members of the TUHH is EAP-TTLS. Many operating systems support this protocol without the need of additional software.
Guests may access this network as it is part of the eduroam Project by using the supplicant of their home institution. After connecting, they will have access to the Guest Network.
Connect
For all operating systems, there are some configuration steps to be performed, before a connection with this wireless network can be established.Click on the button and then select the guide that corresponds to your device to set up the eduroam network on your device.
To the instructions
After the supplicant is configured properly, choose the wireless network eduroam from the list of available networks.
Once your login information has been verified, your device automatically receives an IP address and you will be able to use the network.
Note: Public network eduroam
SHA1 Fingerprint: 58:81:54:65:3F:9F:C8:5A:37:F5:79:BC:FA:CD:2B:1D:D9:10:84:EE
SHA256 Fingerprint: 3C:DC:2C:9E:9E:5A:36:CB:58:88:FD:17:96:CB:91:2F:84:62:53:B6:82:C1:B3:20:57:53:20:33:51:0C:7B:B6
If you are asked for the T-TeleSec GlobalRoot Class 2 root certificate fingerprint, please check it against:
SHA1 fingerprint: 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
SHA256 fingerprint: 91:E2:F5:78:8D:58:10:EB:A7:BA:58:73:7D:E1:54:8A:8E:CA:CD:01:45:98:BC:0B:14:3E:04:1B:17:05:25:52
When you are asked to check the fingerprint of the server to which you give your username and password, check whether it matches one of the listed TUHH server!
DFN-Verein Community Root CA 2022 - radius-wlan.rz.tuhh.de
MD5 Fingerprint=8E:83:4C:21:04:E8:8E:8E:15:5D:FC:7A:F4:B4:C9:B9
SHA1 Fingerprint=D7:CD:3D:C5:09:8D:48:11:79:31:E2:AE:12:E3:78:ED:13:EF:F7:4D
SHA224 Fingerprint=AF:9D:74:BE:C8:84:50:68:39:C0:30:A6:B2:E0:61:05:1B:E9:B5:5C:BD:3C:50:39:38:64:76:84
SHA256 Fingerprint=06:69:0E:79:99:FB:20:A8:9C:E4:E6:1E:64:9B:C3:DE:20:ED:24:FE:96:B6:20:0E:72:4E:E2:3B:59:E6:20:84
SHA384 Fingerprint=30:39:40:66:8C:DC:57:F1:36:0D:67:10:E2:C2:67:44:EB:8A:04:F9:91:BC:52:5D:C3:62:98:49:79:B3:55:34:BA:F6:2A:AF:E4:29:40:E1:3B:90:3A:62:5F:D5:FD:27
SHA512 Fingerprint=76:90:E3:FF:67:B9:A3:A3:85:8E:EE:15:06:61:19:BA:25:7E:72:79:58:0F:BA:DA:9C:5E:97:23:B1:A3:B7:E9:16:4B:95:76:71:D8:E3:ED:22:77:4B:07:A5:35:E8:7B:46:84:09:8F:F4:58:D9:CD:B9:A9:D8:00:D5:91:5F:B3
T-TeleSec GlobalRoot Class 2- radius-wlan.rz.tuhh.de
MD5 Fingerprint=87:02:E4:62:FB:63:33:33:03:31:85:AB:D8:03:BC:18
SHA1 Fingerprint=90:FD:58:D5:0F:3E:F8:1F:C0:B3:21:45:78:99:18:BA:11:07:B3:5D
SHA224 Fingerprint=75:D4:B1:FD:C8:FE:1A:36:27:C1:4D:41:1F:7A:ED:05:25:37:DE:A8:AB:19:94:69:80:E8:44:34
SHA256 Fingerprint=EE:9C:59:D2:8B:E9:A2:DF:21:9E:13:F4:3A:BE:8B:30:A5:4A:88:4F:D3:42:D8:84:64:4A:43:92:E4:B1:63:3A
SHA384 Fingerprint=D3:02:17:2C:01:78:5D:12:88:CE:7A:AF:94:BF:F6:DD:41:77:52:38:AD:26:4E:4B:3C:1D:8B:2A:EE:03:51:F8:E7:16:02:99:B4:5B:F9:54:7F:EE:48:96:A6:30:F0:65
SHA512 Fingerprint=47:EE:36:54:12:D8:FB:E5:EA:C3:C3:6F:BC:60:90:72:23:91:4E:7E:EF:90:AE:BD:32:8B:AB:0A:C8:1B:EE:07:FC:AB:61:AB:75:78:4A:9B:B8:71:82:C1:59:FB:57:D7:67:5D:97:9F:11:77:C3:5D:6B:97:FC:EC:D1:3F:1E:C4
The RZ recommends to not trust the eduoram network and to use a local firewall. This is due to several hundred different wireless devices, which connect to this network. If you use a Windows operating system, please select "public network" for the eduroam SSID. We recommend using the Windwos Firewall because there are no known issues with for example the VPN client.
Windows 7:
Windows 10:
Limitations
Members of the university are in the TUHH intranet after logging in. For security reasons, the following restrictions still apply when accessing the Internet:- Unencrypted access to exteral e-mail server (TCP Port 25) is not allowed.
- TCP ports 135, 139 and 445 are blocked.
- UDP ports 137, 138 and 445 are blocked.
Guests who log in to eduroam as part of the DFNRoaming get access to the Guest Network (Veranstaltungsnetz). During the first access a Webpage with hints regarding these restrictions and data protection will be shown (Captive Portal). Logfiles regarding the authentication at the home institution will be kept for 7 days for troubleshooting purposes.
Configuration details of the supplicant
Unfortunately, we do not provide instructions for all operation systems, particularly of smartphones, so you need to help yourself. If you have succeeded to connect your device to the network feel free to provide a guide and contribute to the help pages.- Network Name: eduroam
- Network Authentication: WPA2
- Data Encryption: AES
- Network Type: Infrastructure
- User Authentication: EAP-TTLS (EAP with tunneled TLS)
- CA Certificate: Root Certificate DFN-Verein Community Root CA 2022
- Server certificate issued to radius-wlan.rz.tuhh.de
that means the radius server of the RZ presents you a certificate of the TUHH CA - Outer Identity: eduroam@tuhh.de
- Inner Identity: transmit username and password via PAP, ie as username and password enter your RZ account name and Kerberos password
- Assignment of IP addresses: automatic/dynamic/DHCP
General troubleshooting information
- After connecting, you will receive a dynamically assigned IP address (via DHCP) from one of the network ranges:
- Network block 134.28.176.0/20 means that the address starts with 134.28.176.X ... 134.28.191.X. The network mask is 255.255.240.0 and the default gateway is 134.28.176.1.
- Network block 134.28.160.0/21 means that the address starts with 134.28.160.X ... 134.28.167.X. The network mask is 255.255.248.0 and the default gateway is 134.28.160.1.
- The default gateway should be reachable via ping 134.28.176.1 or ping 134.28.160.1.
- The name resolution (DNS) should work. It always should be possible to open
https://www.tuhh.de in your web browser.
The TUHH automatically assign you the servers 134.28.202.14 and 134.28.205.14.
Questions/Support
Please make sure that your device has the latest patches installed, that you are not using more than one anti-virus program and that no "unblocker" is active.
(Unblocker are programs which can unlock content, that is blocked in one country, but not another.)
If you have questions or problems, please have a look at our help pages first. (Klick here for VPN Help)
With questions, suggestions, reports or further problems
please contact our User Service Center (Helpdesk).
We respond quickly to e-mails to servicedesk@tuhh.de.
The dates for the Wifi Consulting will be announced soon.