4 <title>Wifi without network manager
</title>
5 <meta http-equiv=
"Content-Type" content=
"text/html; charset=UTF-8" />
6 <meta name=
"viewport" content=
"width=device-width, initial-scale=1" />
10 <h1>Wifi without network manager
</h1>
12 With this setup,
<span style=
"font-family:monospace">wpa_supplicant
</span> automatically changes network when needed.
13 Moreover, the network can be changed in userspace and new networks can be added.
14 All withouth the bloat of
<span style=
"font-family:monospace">NetworkManager
</span> and
<span style=
"font-family:monospace">ModemManager
</span>.
18 <p><a href=
"index.html">Home
</a> > Wifi without network manager
</p>
19 <h2>Table of contents
</h2>
21 <li><a href=
"#requirements">Requirements
</a></li>
22 <li><a href=
"#wpa_supplicant" style=
"font-family:monospace">wpa_supplicant
</a></li>
23 <li><a href=
"#wpa_supplicant_conf" style=
"font-family:monospace">wpa_supplicant.conf
</a></li>
24 <li><a href=
"#wpa_gui" style=
"font-family:monospace">wpa_gui
</a></li>
25 <li><a href=
"#eduroam">Eduroam
</a>
27 <li><a href=
"#update">update: cat broken
</a></li>
28 <li><a href=
"#openssl">openssl update
</a></li>
31 <li><a href=
"#interaction">interaction
</a></li>
36 <h2 id=
"requirements">Requirements
</h2>
38 <li style=
"font-family:monospace">wpa_supplicant
</li>
39 <li style=
"font-family:monospace">wpa_gui
</li>
42 <h2 id=
"wpa_supplicant" style=
"font-family:monospace">wpa_supplicant
</h2>
44 <span style=
"font-family:monospace">/etc/network/interfaces
</span> needs for direct use with a
<span style=
"font-family:monospace">wpa_supplicant
</span> daemon.
45 This is done by setting the wireless network as follows.
50 iface wlp2s0 inet manual
51 wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
55 This basically means that a
<span style=
"font-family:monospace">wpa_supplicant
</span> will be watching the networks specified in the config and switch when in range.
56 Note that the
<span style=
"font-family:monospace">iface
</span> is set to
<span style=
"font-family:monospace">manual
</span> and not
<span style=
"font-family:monospace">dhcp
</span>.
57 This means that below those lines you can configure your networks from the config manually.
58 So say that you have a network in the
<span style=
"font-family:monospace">wpa_supplicant.conf
</span> with
<span style=
"font-family:monospace">id_str=
"work"</span>" that needs to be configured with dhcp, you add the following lines:
66 Setting <span style="font-family:monospace
">id_str</span>s for all networks is tedious so to create a default setting you can use the <span style="font-family:monospace
">default</span> network name to for example set all wifi networks to dhcp.
70 iface default inet dhcp
73 <h2 id="wpa_supplicant_conf
" style="font-family:monospace
">wpa_supplicant.conf</h2>
75 The config file for <span style="font-family:monospace
">wpa_supplicant</span> should at least contain the following lines.
76 The <span style="font-family:monospace
">interface</span> line defines the control socket and states that all users in the <span style="font-family:monospace
">netdev</span> group may control <span style="font-family:monospace
">wpa_supplicant</span>.
77 The <span style="font-family:monospace
">update_config</span> line states that the config file may be updated, thus having persistent changes.
78 Users you allow changing the config therefore have to be added to <span style="font-family:monospace
">netdev</span>.
82 interface=DIR=/run/wpa_supplicant GROUP=netdev
87 Followed are all the network configurations.
88 For these configuration consult the manpage for <span style="font-family:monospace
">wpa_supplicant</span>.
89 E.g. for <span style="font-family:monospace
">WPA2</span> networks you can use the <span style="font-family:monospace
">wpa_passphrase</span> tool.
90 For eduroam, don't handcraft configs either, use the <a href="https://cat.eduroam.org/
">configuration assistant</a>.
91 This tool will generate a <span style="font-family:monospace
">wpa_supplicant.conf</span> if it fails to talk to networkmanager.
94 <h2 id="wpa_gui
" style="font-family:monospace
">wpa_gui</h2>
96 Editing the config file is tedious and error prone.
97 Moreover, it requires a restart of <span style="font-family:monospace
">wpa_supplicant</span> to reinistate the config.
98 Luckily there are two tools that allow you to do this in-place using either the command line (<span style="font-family:monospace
">wpa_cli</span> is not discussed here) and via a GUI(<span style="font-family:monospace
">wpa_gui</span>).
99 If your user is a member of the <span style="font-family:monospace
">netdev</span> group you can just start it up.
100 Note that it resides by default in <span style="font-family:monospace
">/usr/sbin</span>.
101 <span style="font-family:monospace
">wpa_gui</span> is a graphical frontend where you can add, remove, diagnose and change wireless networks with <em>almost</em> as much functionality as <span style="font-family:monospace
">wpa_cli</span>.
104 <h2 id="eduroam
">Eduroam</h2>
106 Eduroam gives a nice configuration assistant tools nowadays that will generate a <span style="font-family:monospace
">wpa_supplicant.conf</span> entry for you.
107 Previously you could hash your password using md4 but I haven't tested whether this still works.
110 <h3 id="update
">update: cat broken</h3>
112 The tool worked before™ but not anymore on my debian testing version.
113 Therefore I've pasted my config here for later reference.
114 You get the <span style="font-family:monospace
">ca_cert</span> from the assistant tool.
115 I might upload that here as well.
125 identity="YOURUSERNAME@ru.nl
"
126 anonymous_identity="anonymous@ru.nl
"
127 password="YOURPASSWORD
"
128 # ca_cert="/home/frobnicator/.cat_installer/ca.pem
"
129 domain_suffix_match="authenticatie.ru.nl
"
130 phase2="auth=MSCHAPV2
"
134 <h3 id="openssl
">openssl update (not needed anymore)</h3>
136 The new version of openssl disables everything lower than TLSv1.2.
137 If you see errors in <span style="font-family:monospace
">/var/log/syslog</span> about <span style="font-family:monospace
">TLS</span> you have to allow lower version TLS versions by changing the last two lines in <span style="font-family:monospace
">/etc/ssl/openssl.cnf</span> to:
140 MinProtocol = TLSv1.0
141 CipherString = DEFAULT@SECLEVEL=1
144 <h2 id="interaction
">Interaction with wired interfaces</h2>
146 When you have an ethernet jack as well in your laptop you might be tempted to put this in your <span style="font-family:monospace
">/etc/network/interfaces</span> as well
150 iface enp0s31f6 inet dhcp
153 However, this results in your machine eagerly waiting for a connection at boot because a <em>connected</em> ethernet jack means a connected card, and the card is always connected in a laptop.
154 <span style="font-family:monospace
">ifupdown-extra</span> contains scripts to fix this.
155 Just link <span style="font-family:monospace
">/etc/network/if-up.d/00check-network-cable</span> to <span style="font-family:monospace
">/etc/network/if-pre-up.d/00check-network-cable</span> and be good to go.
156 If your system has <em>predictable</em> network names you might need to apply <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=
970359">this</a> patch first