eduroam is an initiative at international level that aims to create a unique space for mobility within the academic field. eduroam focuses on user safety, while maintaining ease of use.

eduroam ES, is the name given to the initiative in Spain, and is operated by RedIRIS, where the organizations participating in said initiative in our country are also coordinated. This unique mobility space brings together a wide group of organizations that, based on a policy of use and a series of technological and functional requirements, allow their users to move between them, having mobile services that they may need at all times.

The ultimate goal is for users to have, in the most transparent way possible, a secure connection to the Internet, access to services and resources of their home organization, as well as access to services and resources of the organization that at that time welcomes you.

You will need to know if the organization you belong to is already in eduroam. You can find a list of all institutions in Spain on this website . Besides, you will need a device that supports WPA / WPA2 Enterprise and that allows you to configure the type of authentication supported by your organization.

If your organization is not in eduroam, but it is a institution belonging to the academic network, we advise you to apply to the IT service of your organization that they join.

You can find maps showing you the locations where to find eduroam both in Spain and in the rest of the countries where it is available.

You should consult your institution. It is very possible that your institution makes use of the eduroam CAT tool, which allows a secure configuration that the administrators of your organization have prepared for you.

In general, you must follow the instructions provided by your institution . We recommend in particular that any questions you may have, both when you are on your own campus or building, as if you are outside in another organization, you always direct it to the technical staff of your own institution. It is possible that if you are outside your organization you can receive support, but it is preferable to always be attended by your own institution.

It will depend on the device, operating system and the type of authentication that your organization supports.

A device that supports PEAP, but not EAP-TTLS will not allow you to connect if your institution does not support PEAP (or vice versa). Devices generally only support a subset of EAP modes, so it is essential that a technician check compatibility.

You better check with the technical staff of your own institution. Incorrect settings, apart from poor performance, can put your account data at risk.

Each organization has chosen its authentication modes based on how they adapt to the infrastructure they already had to support the authentication of their users in general (mail, web applications, virtual campuses, e-learning platforms, ... ).

There are several factors that will have played a role, such as security or cost, but in any case, you should rather ask the inverse question, why does my device not support the authentication method that my organization offers me?

In a vast majority of cases, especially in the case of laptops, mobiles and tablets, there should be compatibility. It is always preferable to follow the procedure indicated by your organization, as well as to use official installers, if they are provided to you.

Certain devices may be able to connect only if they are compatible with the authentication methods supported by your institution, although on certain occasions an automatic configuration will not be possible (it must be done manually), and sometimes a reliable configuration will not be possible. or completely safe, due to device limitations.

It is also possible, although unlikely, that there is some kind of incompatibility between the device and the network.

In all these cases, it is always preferable to consult technical support for advice, before making a configuration that could put your account at risk.

Yes. eduroam provides mechanisms so that the user can provide their credentials at all times wherever they connect, and these are transmitted safely through the Internet. This, however, does not exclude that attacks can be carried out on clients that are badly configured.

On the other hand, it must be taken into account that the Internet connection, once the user has identified himself to have access to it, offers a level of security equivalent to any Internet connection, therefore the usual protection measures must be taken recommended by the manufacturer or developer of the operating system used by the user.

The eduroam security model is well thought out and has been extensively studied (you can see for example the section on security in the RFC 7593 ). Your credentials are well protected as long as your device is correctly configured; this correct configuration is therefore crucial. As long as the necessary configuration parameters are correctly configured, any of the authentication methods commonly used in eduroam (PEAP, TTLS-PAP, EAP-TLS) are secure.

Your eduroam identity provider provides you with at least some installation instructions that allow a correct and secure configuration - the most critical part of these is the one that allows you to configure your device to trust a Certification Authority (CA) and the name of the server from the identity provider-.

Many eduroam identity providers go one step further and provide you with installation programs or configuration files containing the relevant security information, through a simple installation process. One of these programs is "eduroam CAT" - check if your institution is listed.

Make use of the installation programs or configuration instructions provided by your eduroam identity provider to be safe from possible attacks.

If you do not follow the configuration instructions, or in the unlikely event that the identity provider does not provide them, then the account details you use to access eduroam will be at risk of so-called Man-in-the-middle attacks. For identity providers, not providing enough configuration instructions is against participation policy. From eduroam ES we would appreciate if you notify us in these cases.

PS, this type of problem is not specific to eduroam, any deployment of Enterprise-type wireless networks is in the same situation.

They could be summarized in just three points

• Never provide your eduroam credentials through a web portal. eduroam uses 802.1x technology, and its users should not provide their credentials on web portals (unless you are in your own institution, and this has indicated it to you).

• Never trust a certificate for which you have no guarantees of its validity. Generally, the software used to connect you (known as supplicant) will notify you when your organization's certificate presents a problem. If this happens, we recommend that you contact those responsible for eduroam in your organization and comment on these types of incidents.

• In general, follow the usual rules for protecting your computer in order to connect to the network (keep your computer updated, install an antivirus or firewall if necessary, do not visit websites that could damage your computer, etc ...).

The fact that the network identifier is eduroam should not influence the speed you get when connecting. The most common is that there is a network saturation problem in the place from which you connect, but there could be other problems that should be ruled out, such as interference, or a technical problem in the wireless network infrastructure.

The most advisable thing in these cases is that you contact the IT service of your organization and raise the problem with them, indicating the place and hours at which you have noticed the slowness in the Internet connection.