How to connect to the UBC Secure wireless network on Linux

Published on 2025-07-25

Hello friends. For today's article I wanted to share a quick guide on how I managed to connect my Linux computer to the University of British Columbia's enterprise wireless network.

  1. Open "Gnome Settings"
  2. Navigate to "Networks"
  3. Click "ubcsecure"
  4. Enter your campus wide login (CWL) username
  5. Enter your CWL password
  6. Hit enter
  7. Wait until it tells you that you need to input your password to connect to the network
  8. Try entering your password again, being careful to get each character correct
  9. Wait until it tells you that you need to input your password to connect to the network
  10. Try appending ".stu" to your username (sometimes you have to do that)
  11. Wait until it tells you that you need to input your password to connect to the network
  12. Press "OK"
  13. Disconnect from the network
  14. Click the gear icon next to the WiFi network's SSID to open the advanced settings menu
  15. Open your phone's network settings, and navigate to the advanced settings for the ubcsecure network (God willing you have already successfully connected on your phone)
  16. Attempt to replicate the configuration in GNOME Settings in as much as you can
  17. Connect to the network
  18. Wait until it tells you that you need to input your password to connect to the network
  19. Repeat steps 1-18 for a few hours
  20. Give up
  21. Connect to the public visitor network
  22. Wait for a few weeks.
  23. Accidentally learn that IT recently upgraded the network to require you to install a certificate to use the network
  24. Search the manual configuration documentation to figure out where to find the certificate
  25. Eventually, realize they don't provide the certificate. You have to use their app
  26. Install the Linux version of the app
  27. Open the app
  28. The app doesn't support Debian
  29. Open the app's XML configuration file
  30. Attempt to extract the certificate from the configuration file, and apply the changes to your network profile as required
  31. Connect to the ubcsecure network.
  32. Wait until it tells you that you need to input your password to connect to the network
  33. Try to manually edit the configuration file so that it won't refuse to run on your operating system
  34. The configuration file has a tamper seal
  35. Give up
  36. Wait a few months
  37. Discover, one day, that the printer service is no longer available from the public network.
  38. Find the courage to try again
  39. Re-open the XML configuration file in an attempt to determine which "Linux operating systems" the app does indeed support
  40. Discover the app only supports Ubuntu and Fedora
  41. Erase your computer's hard drive and install Fedora (you're not much of a Ubuntu person)
  42. Download the app
  43. Open the app
  44. Discover that the app doesn't support Fedora 41
  45. Think about it for a moment
  46. Give up
  47. Wait a few months
  48. Start your employment with the university
  49. Discover that your employer operates certain services you will be required to use for work that can only be accessed from the internal network
  50. Hold your breath
  51. Learn you'll be supplied with a work station you can SSH into
  52. Sigh
  53. Wait a few months
  54. Move into residence
  55. Discover the university's residence maintenance system is only available from the ubcsecure network
  56. Go to the ReStore
  57. Buy an old wireless router
  58. Plug it into the Ethernet port in your wall in your dorm
  59. Discover that the Ethernet ports have been disabled (everyone uses WiFi now, right?)
  60. Think about it
  61. Beg your partner to file maintenance requests on your behalf
  62. Wait a few months
  63. Learn that new university policy requires certain employee-operated websites be behind a firewall, so that only people working from the internal network can access them
  64. Consider downloading links2 on your remote workstation
  65. Quell that dangerous thought
  66. Cover yourself with determination
  67. Give up almost immediately
  68. Attempt to connect to the university VPN
  69. Discover the university VPN requires multi-factor authentication through Duo
  70. Download the Duo Mobile app
  71. Discover that the Duo Mobile app doesn't support your version of Android
  72. Buy a FIDO2 key
  73. Configure Duo to use your FIDO2 key
  74. Discover that the Cisco Secure VPN client doesn't support MFA via FIDO2
  75. Download Waydroid
  76. Violate the core principle of multi-factor authentication by installing Duo on the same device you're logging in from
  77. Configure your Duo client
  78. Attempt to connect to the UBC VPN
  79. Discover that you can't connect to the VPN from the public visitor network
  80. Connect to ubcsecure over a USB bridge to your smartphone
  81. Connect to the VPN
  82. Take a deep breath
  83. Unplug your smartphone and connect to the visitor network
  84. Re-open the app's configuration file to identify which version of Fedora it supports
  85. Identify the latest version of Fedora it supports is version 39
  86. Install Fedora 39 on a USB stick
  87. Download the app
  88. Open the app
  89. Wait for it to tell you that the app doesn't support Fedora 39
  90. Repeat steps 82-87 for Fedora 38
  91. Repeat steps 82-87 for Fedora 37
  92. Repeat steps 82-87 for Fedora 36
  93. Repeat steps 82-87 for Fedora 35
  94. It works on Fedora 34
  95. Follow the prompts
  96. The profile used by the app doesn't work
  97. Reboot
  98. Dig through the setup manual
  99. Discover that there's an example configuration text file for an outdated version of NetworkManager
  100. Attempt to replicate the profile
  101. Some of the parameters don't appear to exist in the latest version of NetworkManager
  102. Search for them on the internet
  103. Sift through several articles clearly written by AI
  104. Find an old blog post on a totally different subject suggesting the parameters do exist, it's just that they're undocumented
  105. Attempt to recreate the network manually
  106. Load the network configuration file
  107. NetworkManager refuses to load the file without specifying any problem
  108. Attempt to recreate the network manually, applying changes line-by-line in an attempt to tease out the problem
  109. Discover that NetworkManager's configuration file format has a different representation of lists
  110. The way lists are represented is undocumented
  111. Brute-force the list syntax
  112. Perfectly replicate the configuration using the right parameters
  113. Run nmcli device wlan0 connect ubcsecure
  114. ...
  115. Wait until it tells you that you need to input your password to connect to the network
  116. Realize that "old" format is not for NetworkManager at all, but rather for wpa_supplicant
  117. Disable NetworkManager
  118. Configure the network in your wpa_supplicant.conf file
  119. Reboot
  120. Start trying to load a web page
  121. Look at the clock
  122. It's been seven hours
  123. You forgot to eat supper
  124. You probably forgot to eat lunch too (or did you have a granola bar?)
  125. Wake up (wait when did you fall asleep?)
  126. The web page didn't load
  127. Download Ubuntu
  128. Open the app
  129. ... it's working
  130. Put in your user name and password
  131. ... it's loading
  132. ...
  133. The profile for Ubuntu wasn't enough to connect to the network
  134. Reboot
  135. Connect to the public visitor network

By this point, you will have come to accept that it is literally impossible to connect to the university's secure network using NetworkManager and wpa_supplicant. Can you prove that it's impossible? Can you explain why it's impossible? No, but you'll have convinced yourself as much, and you'll have come to accept that this is all that matters.

I hope you've found this guide helpful! Please feel free to reach out if you have any questions or need further clarification.

Respond to this article

If you have thoughts you'd like to share, send me an email!

See here for ways to reach out