repositories / martlubbers.net.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add iot paper
[martlubbers.net.git] / nonm.html
1 <!DOCTYPE html>
2 <html lang="en">
3 <head>
4 <title>Wifi without network manager</title>
5 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
6 <meta name="viewport" content="width=device-width, initial-scale=1" />
7 </head>
8 <body>
9 <header>
10 <h1>Wifi without network manager</h1>
11 <p>
12 With this setup, <span style="font-family:monospace">wpa_supplicant</span> automatically changes network when needed.
13 Moreover, the network can be changed in userspace and new networks can be added.
14 All withouth the bloat of <span style="font-family:monospace">NetworkManager</span> and <span style="font-family:monospace">ModemManager</span>.
15 </p>
16
17 <nav>
18 <p><a href="index.html">Home</a> &gt; Wifi without network manager</p>
19 <h2>Table of contents</h2>
20 <ul>
21 <li><a href="#requirements">Requirements</a></li>
22 <li><a href="#wpa_supplicant" style="font-family:monospace">wpa_supplicant</a></li>
23 <li><a href="#wpa_supplicant_conf" style="font-family:monospace">wpa_supplicant.conf</a></li>
24 <li><a href="#wpa_gui" style="font-family:monospace">wpa_gui</a></li>
25 <li><a href="#eduroam">Eduroam</a>
26 <ul>
27 <li><a href="#update">update: cat broken</a></li>
28 <li><a href="#openssl">openssl update</a></li>
29 </ul>
30 </li>
31 <li><a href="#interaction">interaction</a></li>
32 </ul>
33 </nav>
34 </header>
35
36 <h2 id="requirements">Requirements</h2>
37 <ul>
38 <li style="font-family:monospace">wpa_supplicant</li>
39 <li style="font-family:monospace">wpa_gui</li>
40 </ul>
41
42 <h2 id="wpa_supplicant" style="font-family:monospace">wpa_supplicant</h2>
43 <p>
44 <span style="font-family:monospace">/etc/network/interfaces</span> needs for direct use with a <span style="font-family:monospace">wpa_supplicant</span> daemon.
45 This is done by setting the wireless network as follows.
46 </p>
47
48 <pre>
49 allow-hotplug wlp2s0
50 iface wlp2s0 inet manual
51 wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
52 </pre>
53
54 <p>
55 This basically means that a <span style="font-family:monospace">wpa_supplicant</span> will be watching the networks specified in the config and switch when in range.
56 Note that the <span style="font-family:monospace">iface</span> is set to <span style="font-family:monospace">manual</span> and not <span style="font-family:monospace">dhcp</span>.
57 This means that below those lines you can configure your networks from the config manually.
58 So say that you have a network in the <span style="font-family:monospace">wpa_supplicant.conf</span> with <span style="font-family:monospace">id_str="work"</span>" that needs to be configured with dhcp, you add the following lines:
59 </p>
60
61 <pre>
62 iface work inet dhcp
63 </pre>
64
65 <p>
66 Setting <span style="font-family:monospace">id_str</span>s for all networks is tedious so to create a default setting you can use the <span style="font-family:monospace">default</span> network name to for example set all wifi networks to dhcp.
67 </p>
68
69 <pre>
70 iface default inet dhcp
71 </pre>
72
73 <h2 id="wpa_supplicant_conf" style="font-family:monospace">wpa_supplicant.conf</h2>
74 <p>
75 The config file for <span style="font-family:monospace">wpa_supplicant</span> should at least contain the following lines.
76 The <span style="font-family:monospace">interface</span> line defines the control socket and states that all users in the <span style="font-family:monospace">netdev</span> group may control <span style="font-family:monospace">wpa_supplicant</span>.
77 The <span style="font-family:monospace">update_config</span> line states that the config file may be updated, thus having persistent changes.
78 Users you allow changing the config therefore have to be added to <span style="font-family:monospace">netdev</span>.
79 </p>
80
81 <pre>
82 interface=DIR=/run/wpa_supplicant GROUP=netdev
83 update_config=1
84 </pre>
85
86 <p>
87 Followed are all the network configurations.
88 For these configuration consult the manpage for <span style="font-family:monospace">wpa_supplicant</span>.
89 E.g. for <span style="font-family:monospace">WPA2</span> networks you can use the <span style="font-family:monospace">wpa_passphrase</span> tool.
90 For eduroam, don't handcraft configs either, use the <a href="https://cat.eduroam.org/">configuration assistant</a>.
91 This tool will generate a <span style="font-family:monospace">wpa_supplicant.conf</span> if it fails to talk to networkmanager.
92 </p>
93
94 <h2 id="wpa_gui" style="font-family:monospace">wpa_gui</h2>
95 <p>
96 Editing the config file is tedious and error prone.
97 Moreover, it requires a restart of <span style="font-family:monospace">wpa_supplicant</span> to reinistate the config.
98 Luckily there are two tools that allow you to do this in-place using either the command line (<span style="font-family:monospace">wpa_cli</span> is not discussed here) and via a GUI(<span style="font-family:monospace">wpa_gui</span>).
99 If your user is a member of the <span style="font-family:monospace">netdev</span> group you can just start it up.
100 Note that it resides by default in <span style="font-family:monospace">/usr/sbin</span>.
101 <span style="font-family:monospace">wpa_gui</span> is a graphical frontend where you can add, remove, diagnose and change wireless networks with <em>almost</em> as much functionality as <span style="font-family:monospace">wpa_cli</span>.
102 </p>
103
104 <h2 id="eduroam">Eduroam</h2>
105 <p>
106 Eduroam gives a nice configuration assistant tools nowadays that will generate a <span style="font-family:monospace">wpa_supplicant.conf</span> entry for you.
107 Previously you could hash your password using md4 but I haven't tested whether this still works.
108 </p>
109
110 <h3 id="update">update: cat broken</h3>
111 <p>
112 The tool worked before&trade; but not anymore on my debian testing version.
113 Therefore I've pasted my config here for later reference.
114 You get the <span style="font-family:monospace">ca_cert</span> from the assistant tool.
115 I might upload that here as well.
116 </p>
117 <pre>
118 network={
119 ssid="eduroam"
120 proto=RSN
121 key_mgmt=WPA-EAP
122 pairwise=CCMP
123 auth_alg=OPEN
124 eap=PEAP
125 identity="YOURUSERNAME@ru.nl"
126 anonymous_identity="anonymous@ru.nl"
127 password="YOURPASSWORD"
128 # ca_cert="/home/frobnicator/.cat_installer/ca.pem"
129 domain_suffix_match="authenticatie.ru.nl"
130 phase2="auth=MSCHAPV2"
131 }
132 </pre>
133
134 <h3 id="openssl">openssl update (not needed anymore)</h3>
135 <p>
136 The new version of openssl disables everything lower than TLSv1.2.
137 If you see errors in <span style="font-family:monospace">/var/log/syslog</span> about <span style="font-family:monospace">TLS</span> you have to allow lower version TLS versions by changing the last two lines in <span style="font-family:monospace">/etc/ssl/openssl.cnf</span> to:
138 </p>
139 <pre>
140 MinProtocol = TLSv1.0
141 CipherString = DEFAULT@SECLEVEL=1
142 </pre>
143
144 <h2 id="interaction">Interaction with wired interfaces</h2>
145 <p>
146 When you have an ethernet jack as well in your laptop you might be tempted to put this in your <span style="font-family:monospace">/etc/network/interfaces</span> as well
147 </p>
148 <pre>
149 auto enp0s31f6
150 iface enp0s31f6 inet dhcp
151 </pre>
152 <p>
153 However, this results in your machine eagerly waiting for a connection at boot because a <em>connected</em> ethernet jack means a connected card, and the card is always connected in a laptop.
154 <span style="font-family:monospace">ifupdown-extra</span> contains scripts to fix this.
155 Just link <span style="font-family:monospace">/etc/network/if-up.d/00check-network-cable</span> to <span style="font-family:monospace">/etc/network/if-pre-up.d/00check-network-cable</span> and be good to go.
156 If your system has <em>predictable</em> network names you might need to apply <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970359">this</a> patch first
157 </p>
158 </body>
159 </html>
Website repo for martlubbers.net/lubbe.rs/triestemuziek.nl