+++ /dev/null
-<!DOCTYPE html>
-<html lang="en">
- <head>
- <title>Wifi without network manager</title>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <meta name="viewport" content="width=device-width, initial-scale=1" />
- </head>
- <body>
- <header>
- <h1>Wifi without network manager</h1>
- <p>
- With this setup, <span style="font-family:monospace">wpa_supplicant</span> automatically changes network when needed.
- Moreover, the network can be changed in userspace and new networks can be added.
- All withouth the bloat of <span style="font-family:monospace">NetworkManager</span> and <span style="font-family:monospace">ModemManager</span>.
- </p>
-
- <nav>
- <p><a href="index.html">Home</a> > Wifi without network manager</p>
- <h2>Table of contents</h2>
- <ul>
- <li><a href="#requirements">Requirements</a></li>
- <li><a href="#wpa_supplicant" style="font-family:monospace">wpa_supplicant</a></li>
- <li><a href="#wpa_supplicant_conf" style="font-family:monospace">wpa_supplicant.conf</a></li>
- <li><a href="#wpa_gui" style="font-family:monospace">wpa_gui</a></li>
- <li><a href="#eduroam">Eduroam</a>
- <ul>
- <li><a href="#update">update: cat broken</a></li>
- <li><a href="#openssl">openssl update</a></li>
- </ul>
- </li>
- <li><a href="#interaction">interaction</a></li>
- </ul>
- </nav>
- </header>
-
- <h2 id="requirements">Requirements</h2>
- <ul>
- <li style="font-family:monospace">wpa_supplicant</li>
- <li style="font-family:monospace">wpa_gui</li>
- </ul>
-
- <h2 id="wpa_supplicant" style="font-family:monospace">wpa_supplicant</h2>
- <p>
- <span style="font-family:monospace">/etc/network/interfaces</span> needs for direct use with a <span style="font-family:monospace">wpa_supplicant</span> daemon.
- This is done by setting the wireless network as follows.
- </p>
-
- <pre>
-allow-hotplug wlp2s0
-iface wlp2s0 inet manual
- wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
- </pre>
-
- <p>
- This basically means that a <span style="font-family:monospace">wpa_supplicant</span> will be watching the networks specified in the config and switch when in range.
- Note that the <span style="font-family:monospace">iface</span> is set to <span style="font-family:monospace">manual</span> and not <span style="font-family:monospace">dhcp</span>.
- This means that below those lines you can configure your networks from the config manually.
- So say that you have a network in the <span style="font-family:monospace">wpa_supplicant.conf</span> with <span style="font-family:monospace">id_str="work"</span>" that needs to be configured with dhcp, you add the following lines:
- </p>
-
- <pre>
-iface work inet dhcp
- </pre>
-
- <p>
- Setting <span style="font-family:monospace">id_str</span>s for all networks is tedious so to create a default setting you can use the <span style="font-family:monospace">default</span> network name to for example set all wifi networks to dhcp.
- </p>
-
- <pre>
-iface default inet dhcp
- </pre>
-
- <h2 id="wpa_supplicant_conf" style="font-family:monospace">wpa_supplicant.conf</h2>
- <p>
- The config file for <span style="font-family:monospace">wpa_supplicant</span> should at least contain the following lines.
- The <span style="font-family:monospace">interface</span> line defines the control socket and states that all users in the <span style="font-family:monospace">netdev</span> group may control <span style="font-family:monospace">wpa_supplicant</span>.
- The <span style="font-family:monospace">update_config</span> line states that the config file may be updated, thus having persistent changes.
- Users you allow changing the config therefore have to be added to <span style="font-family:monospace">netdev</span>.
- </p>
-
- <pre>
-interface=DIR=/run/wpa_supplicant GROUP=netdev
-update_config=1
- </pre>
-
- <p>
- Followed are all the network configurations.
- For these configuration consult the manpage for <span style="font-family:monospace">wpa_supplicant</span>.
- E.g. for <span style="font-family:monospace">WPA2</span> networks you can use the <span style="font-family:monospace">wpa_passphrase</span> tool.
- For eduroam, don't handcraft configs either, use the <a href="https://cat.eduroam.org/">configuration assistant</a>.
- This tool will generate a <span style="font-family:monospace">wpa_supplicant.conf</span> if it fails to talk to networkmanager.
- </p>
-
- <h2 id="wpa_gui" style="font-family:monospace">wpa_gui</h2>
- <p>
- Editing the config file is tedious and error prone.
- Moreover, it requires a restart of <span style="font-family:monospace">wpa_supplicant</span> to reinistate the config.
- Luckily there are two tools that allow you to do this in-place using either the command line (<span style="font-family:monospace">wpa_cli</span> is not discussed here) and via a GUI(<span style="font-family:monospace">wpa_gui</span>).
- If your user is a member of the <span style="font-family:monospace">netdev</span> group you can just start it up.
- Note that it resides by default in <span style="font-family:monospace">/usr/sbin</span>.
- <span style="font-family:monospace">wpa_gui</span> is a graphical frontend where you can add, remove, diagnose and change wireless networks with <em>almost</em> as much functionality as <span style="font-family:monospace">wpa_cli</span>.
- </p>
-
- <h2 id="eduroam">Eduroam</h2>
- <p>
- Eduroam gives a nice configuration assistant tools nowadays that will generate a <span style="font-family:monospace">wpa_supplicant.conf</span> entry for you.
- Previously you could hash your password using md4 but I haven't tested whether this still works.
- </p>
-
- <h3 id="update">update: cat broken</h3>
- <p>
- The tool worked before™ but not anymore on my debian testing version.
- Therefore I've pasted my config here for later reference.
- You get the <span style="font-family:monospace">ca_cert</span> from the assistant tool.
- I might upload that here as well.
- </p>
- <pre>
-network={
- ssid="eduroam"
- proto=RSN
- key_mgmt=WPA-EAP
- pairwise=CCMP
- auth_alg=OPEN
- eap=PEAP
- identity="YOURUSERNAME@ru.nl"
- anonymous_identity="anonymous@ru.nl"
- password="YOURPASSWORD"
-# ca_cert="/home/frobnicator/.cat_installer/ca.pem"
- domain_suffix_match="authenticatie.ru.nl"
- phase2="auth=MSCHAPV2"
-}
- </pre>
-
- <h3 id="openssl">openssl update (not needed anymore)</h3>
- <p>
- The new version of openssl disables everything lower than TLSv1.2.
- If you see errors in <span style="font-family:monospace">/var/log/syslog</span> about <span style="font-family:monospace">TLS</span> you have to allow lower version TLS versions by changing the last two lines in <span style="font-family:monospace">/etc/ssl/openssl.cnf</span> to:
- </p>
- <pre>
-MinProtocol = TLSv1.0
-CipherString = DEFAULT@SECLEVEL=1
- </pre>
-
- <h2 id="interaction">Interaction with wired interfaces</h2>
- <p>
- When you have an ethernet jack as well in your laptop you might be tempted to put this in your <span style="font-family:monospace">/etc/network/interfaces</span> as well
- </p>
- <pre>
-auto enp0s31f6
-iface enp0s31f6 inet dhcp
- </pre>
- <p>
- However, this results in your machine eagerly waiting for a connection at boot because a <em>connected</em> ethernet jack means a connected card, and the card is always connected in a laptop.
- <span style="font-family:monospace">ifupdown-extra</span> contains scripts to fix this.
- Just link <span style="font-family:monospace">/etc/network/if-up.d/00check-network-cable</span> to <span style="font-family:monospace">/etc/network/if-pre-up.d/00check-network-cable</span> and be good to go.
- If your system has <em>predictable</em> network names you might need to apply <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970359">this</a> patch first
- </p>
- </body>
-</html>