3 title: Wifi without network manager
6 language_reference: nonm
10 {% include toc.html %}
12 With this setup, `wpa_supplicant` automatically changes network when needed.
13 Moreover, the network can be changed in userspace and new networks can be added.
14 All withouth the bloat of `NetworkManager` and `ModemManager`.
23 `/etc/network/interfaces` needs for direct use with a `wpa_supplicant` daemon.
24 This is done by setting the wireless network as follows.
28 iface wlp2s0 inet manual
29 wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
32 This basically means that a `wpa_supplicant` will be watching the networks specified in the config and switch when in range.
33 Note that the `iface` is set to `manual` and not `dhcp`.
34 This means that below those lines you can configure your networks from the config manually.
35 So say that you have a network in the `wpa_supplicant.conf` with `id_str="work"` that needs to be configured with dhcp, you add the following lines:
41 Setting `id_str`s for all networks is tedious so to create a default setting you can use the `default` network name to for example set all wifi networks to dhcp.
44 iface default inet dhcp
47 ## `wpa_supplicant.conf`
48 The config file for `wpa_supplicant` should at least contain the following lines.
49 The `interface` line defines the control socket and states that all users in the `netdev` group may control `wpa_supplicant`.
50 The `update_config` line states that the config file may be updated, thus having persistent changes.
51 Users you allow changing the config therefore have to be added to `netdev`.
54 interface=DIR=/run/wpa_supplicant GROUP=netdev
59 Followed are all the network configurations.
60 For these configuration consult the manpage for `wpa_supplicant`.
61 E.g. for `WPA2` networks you can use the `wpa_passphrase` tool.
62 For eduroam, don't handcraft configs either, use the [configuration assistant](https://cat.eduroam.org/).
63 This tool will generate a `wpa_supplicant.conf` if it fails to talk to networkmanager.
67 Editing the config file is tedious and error prone.
68 Moreover, it requires a restart of `wpa_supplicant` to reinistate the config.
69 Luckily there are two tools that allow you to do this in-place using either the command line (`wpa_cli` is not discussed here) and via a GUI(`wpa_gui`).
70 If your user is a member of the `netdev` group you can just start it up.
71 Note that it resides by default in `/usr/sbin`.
72 `wpa_gui` is a graphical frontend where you can add, remove, diagnose and change wireless networks with _almost_ as much functionality as `wpa_cli`.
75 Eduroam gives a nice configuration assistant tools nowadays that will generate a `wpa_supplicant.conf` entry for you.
76 Previously you could hash your password using md4 but I haven't tested whether this still works.
78 ### update: cat broken
79 The tool worked before™ but not anymore on my debian testing version.
80 Therefore I've pasted my config here for later reference.
81 You get the `ca_cert` from the assistant tool.
82 I might upload that here as well.
92 identity="YOURUSERNAME@ru.nl"
93 anonymous_identity="anonymous@ru.nl"
94 password="YOURPASSWORD"
95 # ca_cert="/home/frobnicator/.cat_installer/ca.pem"
96 domain_suffix_match="authenticatie.ru.nl"
97 phase2="auth=MSCHAPV2"
101 ### openssl update (not needed anymore)
102 The new version of openssl disables everything lower than TLSv1.2.
103 If you see errors in `/var/log/syslog` about `TLS` you have to allow lower version TLS versions by changing the last two lines in `/etc/ssl/openssl.cnf` to:
106 MinProtocol = TLSv1.0
107 CipherString = DEFAULT@SECLEVEL=1
110 ## Interaction with wired interfaces
111 When you have an ethernet jack as well in your laptop you might be tempted to put this in your `/etc/network/interfaces` as well
115 iface enp0s31f6 inet dhcp
118 However, this results in your machine eagerly waiting for a connection at boot because a _connected_ ethernet jack means a connected card, and the card is always connected in a laptop.
119 `ifupdown-extra` contains scripts to fix this.
120 Just link `/etc/network/if-up.d/00check-network-cable` to `/etc/network/if-pre-up.d/00check-network-cable` and be good to go.
121 If your system has _predictable_ network names you might need to apply [this](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970359) patch first.
123 ## Eduroam (2022-10-18)
124 Publicroam offers eduroam-like wifi but does not provide very good linux installation instructions.
125 After some trial and error, this worked for me:
136 phase2="auth=MSCHAPV2"