SSID: eduroam

This wireless network allows secure access to services for students, staff and guests. The authentication with a valid username and password is needed, before access to the network ist granted. This technique is based on the standard IEEE 802.1x.

There are different implementations of the protocol EAP used for authentication and exchange of cryptographic key information. To support the specific protocol which is used by the access point a specific software (called supplicant) is required.

For technical reasons, the protocol used for members of the TUHH is EAP-TTLS. Many operating systems support this protocol without the need of additional software.

Guests may access this network as it is part of the eduroam Project by using the supplicant of their home institution. After connecting, they will have access to the Guest Network.

see https://monitor.eduroam.org/map_service_loc.php

Connect

For all operating systems, there are some configuration steps to be performed, before a connection with this wireless network can be established.

Click on the button and then select the guide that corresponds to your device to set up the eduroam network on your device.

To the instructions

After the supplicant is configured properly, choose the wireless network eduroam from the list of available networks.
Once your login information has been verified, your device automatically receives an IP address and you will be able to use the network.

Note: Public network eduroam

If you are asked for the DFN-Verein Community Root CA 2022 root certificate fingerprint, please check it against:
SHA1 Fingerprint: 58:81:54:65:3F:9F:C8:5A:37:F5:79:BC:FA:CD:2B:1D:D9:10:84:EE
SHA256 Fingerprint: 3C:DC:2C:9E:9E:5A:36:CB:58:88:FD:17:96:CB:91:2F:84:62:53:B6:82:C1:B3:20:57:53:20:33:51:0C:7B:B6

If you are asked for the T-TeleSec GlobalRoot Class 2 root certificate fingerprint, please check it against:
SHA1 fingerprint: 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
SHA256 fingerprint: 91:E2:F5:78:8D:58:10:EB:A7:BA:58:73:7D:E1:54:8A:8E:CA:CD:01:45:98:BC:0B:14:3E:04:1B:17:05:25:52

When you are asked to check the fingerprint of the server to which you give your username and password, check whether it matches one of the listed TUHH server!
DFN-Verein Community Root CA 2022 - radius-wlan.rz.tuhh.de
MD5 Fingerprint=8E:83:4C:21:04:E8:8E:8E:15:5D:FC:7A:F4:B4:C9:B9
SHA1 Fingerprint=D7:CD:3D:C5:09:8D:48:11:79:31:E2:AE:12:E3:78:ED:13:EF:F7:4D
SHA224 Fingerprint=AF:9D:74:BE:C8:84:50:68:39:C0:30:A6:B2:E0:61:05:1B:E9:B5:5C:BD:3C:50:39:38:64:76:84
SHA256 Fingerprint=06:69:0E:79:99:FB:20:A8:9C:E4:E6:1E:64:9B:C3:DE:20:ED:24:FE:96:B6:20:0E:72:4E:E2:3B:59:E6:20:84
SHA384 Fingerprint=30:39:40:66:8C:DC:57:F1:36:0D:67:10:E2:C2:67:44:EB:8A:04:F9:91:BC:52:5D:C3:62:98:49:79:B3:55:34:BA:F6:2A:AF:E4:29:40:E1:3B:90:3A:62:5F:D5:FD:27
SHA512 Fingerprint=76:90:E3:FF:67:B9:A3:A3:85:8E:EE:15:06:61:19:BA:25:7E:72:79:58:0F:BA:DA:9C:5E:97:23:B1:A3:B7:E9:16:4B:95:76:71:D8:E3:ED:22:77:4B:07:A5:35:E8:7B:46:84:09:8F:F4:58:D9:CD:B9:A9:D8:00:D5:91:5F:B3
T-TeleSec GlobalRoot Class 2- radius-wlan.rz.tuhh.de
MD5 Fingerprint=87:02:E4:62:FB:63:33:33:03:31:85:AB:D8:03:BC:18
SHA1 Fingerprint=90:FD:58:D5:0F:3E:F8:1F:C0:B3:21:45:78:99:18:BA:11:07:B3:5D
SHA224 Fingerprint=75:D4:B1:FD:C8:FE:1A:36:27:C1:4D:41:1F:7A:ED:05:25:37:DE:A8:AB:19:94:69:80:E8:44:34
SHA256 Fingerprint=EE:9C:59:D2:8B:E9:A2:DF:21:9E:13:F4:3A:BE:8B:30:A5:4A:88:4F:D3:42:D8:84:64:4A:43:92:E4:B1:63:3A
SHA384 Fingerprint=D3:02:17:2C:01:78:5D:12:88:CE:7A:AF:94:BF:F6:DD:41:77:52:38:AD:26:4E:4B:3C:1D:8B:2A:EE:03:51:F8:E7:16:02:99:B4:5B:F9:54:7F:EE:48:96:A6:30:F0:65
SHA512 Fingerprint=47:EE:36:54:12:D8:FB:E5:EA:C3:C3:6F:BC:60:90:72:23:91:4E:7E:EF:90:AE:BD:32:8B:AB:0A:C8:1B:EE:07:FC:AB:61:AB:75:78:4A:9B:B8:71:82:C1:59:FB:57:D7:67:5D:97:9F:11:77:C3:5D:6B:97:FC:EC:D1:3F:1E:C4
show all fingerprints

Windows 10 manuell einrichten Windows 10 manuell einrichten Windows 10 manuell einrichten Windows 10 manuell einrichten
The RZ recommends to not trust the eduoram network and to use a local firewall. This is due to several hundred different wireless devices, which connect to this network. If you use a Windows operating system, please select "public network" for the eduroam SSID. We recommend using the Windwos Firewall because there are no known issues with for example the VPN client.

Windows 7:
Security eduroam 01 Security eduroam 02 Security eduroam 03

Windows 10:
Security eduroam 04 Security eduroam 05

Limitations

Members of the university are in the TUHH intranet after logging in. For security reasons, the following restrictions still apply when accessing the Internet:
  • Unencrypted access to exteral e-mail server (TCP Port 25) is not allowed.
  • TCP ports 135, 139 and 445 are blocked.
  • UDP ports 137, 138 and 445 are blocked.

Guests who log in to eduroam as part of the DFNRoaming get access to the Guest Network (Veranstaltungsnetz). During the first access a Webpage with hints regarding these restrictions and data protection will be shown (Captive Portal). Logfiles regarding the authentication at the home institution will be kept for 7 days for troubleshooting purposes.

Configuration details of the supplicant

Unfortunately, we do not provide instructions for all operation systems, particularly of smartphones, so you need to help yourself. If you have succeeded to connect your device to the network feel free to provide a guide and contribute to the help pages.
  • Network Name: eduroam
  • Network Authentication: WPA2
  • Data Encryption: AES
  • Network Type: Infrastructure
  • User Authentication: EAP-TTLS (EAP with tunneled TLS)
  • CA Certificate: Root Certificate DFN-Verein Community Root CA 2022
  • Server certificate issued to radius-wlan.rz.tuhh.de
    that means the radius server of the RZ presents you a certificate of the TUHH CA
  • Outer Identity: eduroam@tuhh.de
  • Inner Identity: transmit username and password via PAP, ie as username and password enter your RZ account name and Kerberos password
  • Assignment of IP addresses: automatic/dynamic/DHCP

General troubleshooting information

  • After connecting, you will receive a dynamically assigned IP address (via DHCP) from one of the network ranges:

    • Network block 134.28.176.0/20 means that the address starts with 134.28.176.X ... 134.28.191.X. The network mask is 255.255.240.0 and the default gateway is 134.28.176.1.
    • Network block 134.28.160.0/21 means that the address starts with 134.28.160.X ... 134.28.167.X. The network mask is 255.255.248.0 and the default gateway is 134.28.160.1.
  • The default gateway should be reachable via ping 134.28.176.1 or ping 134.28.160.1.
  • The name resolution (DNS) should work. It always should be possible to open https://www.tuhh.de in your web browser.
    The TUHH automatically assign you the servers 134.28.202.14 and 134.28.205.14.

Questions/Support

Please make sure that your device has the latest patches installed, that you are not using more than one anti-virus program and that no "unblocker" is active.
(Unblocker are programs which can unlock content, that is blocked in one country, but not another.)

If you have questions or problems, please have a look at our help pages first. (Klick here for VPN Help)
With questions, suggestions, reports or further problems please contact our User Service Center (Helpdesk). We respond quickly to e-mails to servicedesk@tuhh.de.

From 25.03.2024 to 03.04.2024 there will be temporarily no Wifi Consulting. New dates will be announced in good time on our website.

In the non-lecture period, the WLAN consultation will take place with Finn Müller and Phillip Vogel in E2.047/E2.048. You can find the dates here, as well as in the corridors in the E building.

  • tuesdays: 10:00 - 13:00
  • thursdays: 10:00 - 13:00