How does govroam work?
Is govroam secure?
Can we limit bandwidth to visitors?
Can visitors access our intranet?
How can I access the management interface?
How do I enable the MFA layer to strengthen the security of my authentication processes?
Need more technical information and useful links about govroam?
Configuration
How does the RADIUS server configuration work?
How to configure my RADIUS servers?
Client configuration: what is Open1X?
How does govroam work?
The govroam service makes use of the RADIUS protocol which facilitates the sharing of data. Organization A is host to a user from organization B and this user logs onto the wireless network of organization A. At that moment, the RADIUS server of organization A will forward the user's data (user name and password) to the RADIUS server of organization B for verification.
This is done via the Belnet RADIUS server, which receives a request from the RADIUS server of Organization A. The Belnet server then immediately sends a request to the RADIUS server of organization B. Thanks to the creation of a Transport Layer Security tunnel between the user and their organization, the server of organization B can securely verify the form.
After verification, the RADIUS server of organization A receives a message that the user is known within Organization B. As a result, the user gains access to the wireless network of organization A.
Is govroam secure?
The authentication is secure and uses 802.1x protocol, once connected, you are connected to Internet, which by definition is open. The security is managed by the provider.
Can we limit bandwidth to visitors?
Yes, you can, although be sure to give them enough bandwidth to work comfortably.
Can visitors access our intranet?
Govroam was created to allow a secure authentication via Wi-Fi for Internet access. What you allow users to connect to is up to your configuration.
How can I access the management interface?
When the enrolment is completed you can fill in all your data on the govroam register interface.
You can log in at https://register.govroam.be/ with your Belnet personal login. You can find the user manual of the interface here in English, French and Dutch.
How do I enable the MFA layer to strengthen the security of my authentication processes?
Check out our documentation and demo videos on our Multi Factor Authentication (MFA) FAQ page.
When you have signed your contract, Belnet will create and send out your username and password. You can reset your password at https://changepassword.belnet.be/.
How does the RADIUS server configuration work?
We will provide you the RADIUS server configuration based on different RADIUS implementations. If you want to share your experience on an implementation not yet described in this section, contact us and we will certainly add it. Within our links section you can find further useful information.
When configuring your RADIUS server, you need to choose the EAP authentication mechanism that you will use.
You can use PEAP (Protected EAP) or EAP-TTLS. Both mechanisms have advantages and disadvantages but can be used in the govroam context.
The advantage of using PEAP is that you don't need to install third party software on a Windows based system. The disadvantage is that you are limited in the choice of "inner" authentication (or the user authentication itself) you can use.
Using EAP-TTLS has the advantage that you have more choice concerning the "inner" authentication method.
How to configure my RADIUS servers?
You can find here the GÉANT eduroam wiki. Event this documentation is related to eduroam same principles apply to govroam. You should normaly only change SSDI eduroam by SSID govroam where it is needed.
Client configuration: what is Open1X?
The Open1X is the IEEE 802.1X open source implementation software. We advise you to use Open1X as software in order to manage the 802.1X protocol. This software is available here. (for devices based on Windows, Mac OS X or, Linux).
Important!
Before configuring the 802.1X protocol be sure that your wireless adapter can support WPA. All recent cards should support it, but this is not the case for some old adapters.
Need more technical information and useful links about govroam?
- 'How To' Guide for 802.1X Port-Based Authentication
- More information about FreeRADIUS software.
- More information about Open1X (Xsupplicant) software.
- WPAsupplicant
- IEEE 802.1X RADIUS Usage Guidelines
- RADIUS support for EAP
If you want to share your experience on an implementation not yet described in this section, contact us and we will certainly add it.