Internet
Every resident has to join WEH e.V. to get internet access.
Netzwerk-AG carries out the registrations to WEH e.V. on behalf of the Vorstand.
Important notes:
- Any settings for the use of randomized MAC addresses must be deactivated, otherwise the device cannot be registered reliably.
- During the registration process, your device must be disconnected from any hotspots, otherwise the wrong MAC address will be transmitted.
- If a device is to be operated alternately with WLAN and Ethernet, it must be registered twice, since your device uses different MAC addresses for different connection types!
- Every tenant is assigned 5 IP-Addresses on which 3 devices can be registered each.
Note: If multiple devices are registered on the same IP-Address, only one of them can be used at a time! - Some devices do not support the security protocol WPA2 Enterprise, which we use for our tuermeroam network. These are mainly smart home devices, but also some game consoles. For such devices, we operate another WLAN network in parallel. If you want to connect such a device to the WLAN, contact us.
Instructions for connecting to our network
- Connect device to the network
1.1. Wi-Fi
Connect your device to the “tuermeroam” WiFi network and use your WiFi-Only credentials. You will only have access to the internal network at first, so don't be surprised if your device shows "no connection".
1.2. Ethernet
Connect your device to the network socket in your room. Some rooms have several of them, if you are unsure try them all. If none works contact the Netzwerk-AG! - Open the link https://getnet.weh.rwth-aachen.de in a browser of the device you want to register.
- Log in with your House-Credentials.
- If this is the first device you’re registering, you need to change your password. Remember your new password, the Netzwerk-AG does not have access to this password and you need these credentials for all further WEH services!
- Choose a free IP address. If you're unsure look at the important notes above and only register one device per IP. If everything was entered correctly, your device should be able to connect to the World Wide Web after a maximum of 10 minutes.
- Randomized/Private MAC Address: Off!!!!
- Security type: WPA2-Enterprise
- Encryption type: AES
- EAP-Methode: TTLS
- Phase 2 authentication: MSCHAPV2
- CA certificate: Use Systemcertificate
- Online certificate status: Do not validate
- Domain: weh.rwth-aachen.de
- Identity: username@weh.rwth-aachen.de
- Anonymous Identity: empty
- Password: WiFiOnly-Passwort
- IP Configuration: Automatic
- DNS Configuration: Automatic
Step 1: Click on the network icon in the taskbar.
Step 2: Select tuermeroam
Step 3: Enter login data (Important: The username ends on @weh.rwth-aachen.de here and the password is the WiFi/WLAN password, i.e. not the house password!!!! The WLAN password can be changed here if necessary)
Confirm with OK .
Step 4: On the first connection attempt, click on Connect .
Step 5: After the connection has been established, click on Network and Internet Settings.
Step 6: Change adapter options
Step 7: WLAN and then select Display status of connection.
Step 8: Select Wireless properties
Step 9: Switch to the Security tab, make the following settings and click on Settings.
- Security type: WPA2-Enterprise
- Encryption type: AES
- Method for network authentication: Microsoft: EAP-TTLS.
Step 10: Make the following settings and click on Configure.
- Anonymity: Aus
- Verbindungen mit fo
- lgenden Servern herstellen:
radius.weh@rwth-aachen.de;radius1.weh@rwth-aachen.de;radius2.weh@rwth-aachen.de
- Trusted Root certificates: T-TeleSec GlobalRoot Class 2
- EAP authentication method Microsoft: Gesichertes Kennwort (EAP-MSCHAP v2)
Step 11: In the EAP-MSCHAPv2 properties, uncheck the checkbox.
Step 12: Navigate back with OK. Again in the Security tab, click on Advanced Settings.
Step 13: Set only the first checkmark (default) and click Save credentials.
Step 14: Once again enter the login credentials
Then confirm everything with OK.
Step 15: Navigate again to the Network and Internet Settings (see Step 5), now click on Properties.
Step 16: Make the following settings
- Network Profile: Public
- Random hardware addresses: Off.
Leider verwendet kein Mitglied der Netzwerk-AG macOS, daher können wir hier keinen detaillierten Ablaufplan anbieten.
Einstellungen, die andere Betriebssysteme benötigen:
Wi-Fi security: WPA & WPA2 Enterprise
Domain: weh.rwth-aachen.de
Authentication: PEAP
PEAP Version: Automatic
EAP-Methode: TTLS
Inner Authentication: MSCHAPv2
Phase 2 authentication: MSCHAPV2
Private WLAN-Addresse: An
CA-Zertifikat: Systemzertifikate verwenden
Online certificate status: Do not validate
IP konfigurieren: Automatic
DNS konfigurieren: Automatic
Proxy konfigurieren: Aus
Username: username@weh.rwth-aachen.de (WiFi-Credentials, not House-Credentials!!!)
Anonymous Identity: empty
Password: WiFiOnly-Passwort (WiFi-Credentials, not House-Credentials!!!)
Falls ihr Probleme bei der Einrichtung über macOS habt, könnt ihr gerne zur consultation hour kommen und wir werden euch weiterhelfen.
Aktuell:
Es gibt Distributionen, die nicht das benötigte CA-Zertifikat für die Authentifizierung über den Radius-Server haben. Euer Gerät vertraut dann unserem Server nicht und ihr scheitert bei der Eingabe eurer WiFi-Credentials. Dabei beziehen wir unsere Zertifikate von GÉANT, dem größten paneuropäischen Forschungsnetzwerk – also vertrauenswürdig 😉
Das Problem könnt ihr wie folgt lösen
1. Root- oder Serverzertifikate von https://doku.tid.dfn.de/de:dfnpki:tcs_ca_certs (Falls Link tot – sucht nach “GÉANT CA-Certificates”)
2. Alle Files nach /etc/ssl/certs/ kopieren
3. Den Systemzertifikatsspeicher mit update-ca-certificates updaten
(Schritte 2 und 3 sind für Ubuntu, Debian, … ausgelegt, eventuell verwendet eure Distribution einen anderen Path und einen anderen Command)
This tutorial was written for Ubuntu 21.04 (Gnome).
The settings might be found elsewhere in other distributions/DEs.
Step 1: Navigate to the network settings and select tuermeroam.
Step 2: Use the following settings:
- Wi-Fi security: WPA & WPA2 Enterprise
- Authentication: PEAP
- Anonymous identity: empty
- Domain: weh.rwth-aachen.de
- CA certificate: Select root certificate of the DFN CA (
/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
or download it here from ITC) - PEAP version: Automatic
- Inner authentication: MSCHAPv2
- Username: username@weh.rwth-aachen.de
- Password: WiFi Password (not your main password!)
This tutorial was written for Android 11 (OxygenOS).
The settings might be located elsewhere in other versions and Android skins.
Step 1: Navigate to: Se ttings> Wi-Fi & Network> Wi-Fi, then select tuermeroam
Step 2: Use the following settings:
- EAP-Methode: TTLS
- Phase 2 authentication: MSCHAPV2
- CA certificate: Use Systemcertificate
- Online certificate status: Do not validate
- Domain: weh.rwth-aachen.de
- Identity: username@weh.rwth-aachen.de (WiFi-Credentials, not House-Credentials!!!)
- Anonymous Identity: empty
- Password: WiFiOnly-Passwort (WiFi-Credentials, not House-Credentials!!!)
Wichtig: Unter den erweiterten Einstellungen muss außerdem die Verwendung von privaten/randomisierten MAC Adresse ausgeschaltet werden (wie im Screenshot unter “Privacy”).
Private WLAN-Adresse: An
IP konfigurieren: Automatic
DNS konfigurieren: Automatic
Proxy konfigurieren: Aus
Username: username@weh.rwth-aachen.de (WiFi-Credentials, not House-Credentials!!!)
Password: WiFiOnly-Passwort (WiFi-Credentials, not House-Credentials!!!)
If you are still missing content or have any other questions about the instructions, please contact us!
The official registration takes place in the network working group consultation hours. However, to get early access to the internet, you can register here:
Please note that sharing your internet account with other tenants of WEH will be penalized with a fine of 150€.
Damit wir deinen Kontorestbetrag auszahlen und dein Mitgliedskonto löschen, musst du dich vom WEH e.V. abmelden.
Bei der Abmeldung per IBAN, also per Überweisung, fallen 3€ Gebühr an!
It goes without saying that you can continue to use the Internet access until you actually move out of the house. Please note that after deregistration, the use of the in-house printer is no longer possible!
The cancellation of the rental contract with the Studierendenwerk does not imply a cancellation of the membership with the WEH e.V.
If you do not cancel your membership, the membership fees still apply.