-<html>
+<!DOCTYPE html>
+<html lang="en">
<head>
<title>Wifi without network manager</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
</head>
<body>
- <h2>What is this</h2>
- <p>
- With this setup, <tt>wpa_supplicant</tt> automatically changes network when needed.
- Moreover, the network can be changed in userspace and new networks can be added.
- All withouth the bloat of <tt>NetworkManager</tt> and <tt>ModemManager</tt>.
- </p>
+ <header>
+ <h1>Wifi without network manager</h1>
+ <p>
+ With this setup, <span style="font-family:monospace">wpa_supplicant</span> automatically changes network when needed.
+ Moreover, the network can be changed in userspace and new networks can be added.
+ All withouth the bloat of <span style="font-family:monospace">NetworkManager</span> and <span style="font-family:monospace">ModemManager</span>.
+ </p>
+
+ <nav>
+ <p><a href="index.html">Home</a> > Wifi without network manager</p>
+ <h2>Table of contents</h2>
+ <ul>
+ <li><a href="#requirements">Requirements</a></li>
+ <li><a href="#wpa_supplicant" style="font-family:monospace">wpa_supplicant</a></li>
+ <li><a href="#wpa_supplicant_conf" style="font-family:monospace">wpa_supplicant.conf</a></li>
+ <li><a href="#wpa_gui" style="font-family:monospace">wpa_gui</a></li>
+ <li><a href="#eduroam">Eduroam</a>
+ <ul>
+ <li><a href="#update">update: cat broken</a></li>
+ <li><a href="#openssl">openssl update</a></li>
+ </ul>
+ </li>
+ <li><a href="#interaction">interaction</a></li>
+ </ul>
+ </nav>
+ </header>
- <h2>Requirements:</h2>
+ <h2 id="requirements">Requirements</h2>
<ul>
- <li><tt>wpa_supplicant</tt></li>
- <li><tt>wpa_gui</tt></li>
+ <li style="font-family:monospace">wpa_supplicant</li>
+ <li style="font-family:monospace">wpa_gui</li>
</ul>
- <h2><tt>wpa_supplicant</tt></h2>
+ <h2 id="wpa_supplicant" style="font-family:monospace">wpa_supplicant</h2>
<p>
- <tt>/etc/network/interfaces</tt> needs for direct use with a <tt>wpa_supplicant</tt> daemon.
+ <span style="font-family:monospace">/etc/network/interfaces</span> needs for direct use with a <span style="font-family:monospace">wpa_supplicant</span> daemon.
This is done by setting the wireless network as follows.
</p>
</pre>
<p>
- This basically means that a <tt>wpa_supplicant</tt> will be watching the networks specified in the config and switch when in range.
- Note that the <tt>iface</tt> is set to <tt>manual</tt> and not <tt>dhcp</tt>.
+ This basically means that a <span style="font-family:monospace">wpa_supplicant</span> will be watching the networks specified in the config and switch when in range.
+ Note that the <span style="font-family:monospace">iface</span> is set to <span style="font-family:monospace">manual</span> and not <span style="font-family:monospace">dhcp</span>.
This means that below those lines you can configure your networks from the config manually.
- So say that you have a network in the <tt>wpa_supplicant.conf</tt> with <tt>id_str="work"</tt>" that needs to be configured with dhcp, you add the following lines:
+ So say that you have a network in the <span style="font-family:monospace">wpa_supplicant.conf</span> with <span style="font-family:monospace">id_str="work"</span>" that needs to be configured with dhcp, you add the following lines:
</p>
<pre>
</pre>
<p>
- Setting <tt>id_str</tt>s for all networks is tedious so to create a default setting you can use the <tt>default</tt> network name to for example set all wifi networks to dhcp.
+ Setting <span style="font-family:monospace">id_str</span>s for all networks is tedious so to create a default setting you can use the <span style="font-family:monospace">default</span> network name to for example set all wifi networks to dhcp.
</p>
<pre>
iface default inet dhcp
</pre>
- <h2><tt>wpa_supplicant.conf</tt></h2>
+ <h2 id="wpa_supplicant_conf" style="font-family:monospace">wpa_supplicant.conf</h2>
<p>
- The config file for <tt>wpa_supplicant</tt> should at least contain the following lines.
- The <tt>interface</tt> line defines the control socket and states that all users in the <tt>netdev</tt> group may control <tt>wpa_supplicant</tt>.
- The <tt>update_config</tt> line states that the config file may be updated, thus having persistent changes.
- Users you allow changing the config therefore have to be added to <tt>netdev</tt>.
+ The config file for <span style="font-family:monospace">wpa_supplicant</span> should at least contain the following lines.
+ The <span style="font-family:monospace">interface</span> line defines the control socket and states that all users in the <span style="font-family:monospace">netdev</span> group may control <span style="font-family:monospace">wpa_supplicant</span>.
+ The <span style="font-family:monospace">update_config</span> line states that the config file may be updated, thus having persistent changes.
+ Users you allow changing the config therefore have to be added to <span style="font-family:monospace">netdev</span>.
</p>
<pre>
<p>
Followed are all the network configurations.
- For these configuration consult the manpage for <tt>wpa_supplicant</tt>.
- E.g. for <tt>WPA2</tt> networks you can use the <tt>wpa_passphrase</tt> tool.
- For eduroam, don't handcraft configs either, use the configuration assistant available <a href="https://cat.eduroam.org/">here</a>.
- This tool will generate a <tt>wpa_supplicant.conf</tt> if it fails to talk to networkmanager.
+ For these configuration consult the manpage for <span style="font-family:monospace">wpa_supplicant</span>.
+ E.g. for <span style="font-family:monospace">WPA2</span> networks you can use the <span style="font-family:monospace">wpa_passphrase</span> tool.
+ For eduroam, don't handcraft configs either, use the <a href="https://cat.eduroam.org/">configuration assistant</a>.
+ This tool will generate a <span style="font-family:monospace">wpa_supplicant.conf</span> if it fails to talk to networkmanager.
</p>
- <h2><tt>wpa_gui</tt></h2>
+ <h2 id="wpa_gui" style="font-family:monospace">wpa_gui</h2>
<p>
Editing the config file is tedious and error prone.
- Moreover, it requires a restart of <tt>wpa_supplicant</tt> to reinistate the config.
- Luckily there are two tools that allow you to do this in-place using either the command line (<tt>wpa_cli</tt> is not discussed here) and via a GUI(<tt>wpa_gui</tt>).
- If your user is a member of the <tt>netdev</tt> group you can just start it up.
- Note that it resides by default in <tt>/usr/sbin</tt>.
- <tt>wpa_gui</tt> is a graphical frontend where you can add, remove, diagnose and change wireless networks with <em>almost</em> as much functionality as <tt>wpa_cli</tt>.
+ Moreover, it requires a restart of <span style="font-family:monospace">wpa_supplicant</span> to reinistate the config.
+ Luckily there are two tools that allow you to do this in-place using either the command line (<span style="font-family:monospace">wpa_cli</span> is not discussed here) and via a GUI(<span style="font-family:monospace">wpa_gui</span>).
+ If your user is a member of the <span style="font-family:monospace">netdev</span> group you can just start it up.
+ Note that it resides by default in <span style="font-family:monospace">/usr/sbin</span>.
+ <span style="font-family:monospace">wpa_gui</span> is a graphical frontend where you can add, remove, diagnose and change wireless networks with <em>almost</em> as much functionality as <span style="font-family:monospace">wpa_cli</span>.
</p>
- <h2><tt>eduroam</tt></h2>
+ <h2 id="eduroam">Eduroam</h2>
<p>
- Eduroam gives a nice configuration assistant tools nowadays that will generate a <tt>wpa_supplicant.conf</tt> entry for you.
+ Eduroam gives a nice configuration assistant tools nowadays that will generate a <span style="font-family:monospace">wpa_supplicant.conf</span> entry for you.
Previously you could hash your password using md4 but I haven't tested whether this still works.
</p>
- <h3>update: <tt>cat</tt> broken</h3>
+ <h3 id="update">update: cat broken</h3>
+ <p>
The tool worked before™ but not anymore on my debian testing version.
Therefore I've pasted my config here for later reference.
- You get the <tt>ca_cert</tt> from the assistant tool.
+ You get the <span style="font-family:monospace">ca_cert</span> from the assistant tool.
I might upload that here as well.
+ </p>
<pre>
network={
ssid="eduroam"
phase2="auth=MSCHAPV2"
}
</pre>
- </p>
- <h2><tt>openssl</tt> update (not needed anymore)</h2>
+ <h3 id="openssl">openssl update (not needed anymore)</h3>
<p>
The new version of openssl disables everything lower than TLSv1.2.
- If you see errors in <tt>/var/log/syslog</tt> about <tt>TLS</tt> you have to allow lower version TLS versions by changing the last two lines in <tt>/etc/ssl/openssl.cnf</tt> to:
+ If you see errors in <span style="font-family:monospace">/var/log/syslog</span> about <span style="font-family:monospace">TLS</span> you have to allow lower version TLS versions by changing the last two lines in <span style="font-family:monospace">/etc/ssl/openssl.cnf</span> to:
+ </p>
<pre>
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=1
</pre>
- </p>
- <h2>Interaction with wired interfaces</h2>
+ <h2 id="interaction">Interaction with wired interfaces</h2>
<p>
- When you have an ethernet jack as well in your laptop you might be tempted to put this in your <tt>/etc/network/interfaces</tt> as well
+ When you have an ethernet jack as well in your laptop you might be tempted to put this in your <span style="font-family:monospace">/etc/network/interfaces</span> as well
+ </p>
<pre>
auto enp0s31f6
iface enp0s31f6 inet dhcp
</pre>
+ <p>
However, this results in your machine eagerly waiting for a connection at boot because a <em>connected</em> ethernet jack means a connected card, and the card is always connected in a laptop.
- <tt>ifupdown-extra</tt> contains scripts to fix this.
- Just link <tt>/etc/network/if-up.d/00check-network-cable</tt> to <tt>/etc/network/if-pre-up.d/00check-network-cable</tt> and be good to go.
+ <span style="font-family:monospace">ifupdown-extra</span> contains scripts to fix this.
+ Just link <span style="font-family:monospace">/etc/network/if-up.d/00check-network-cable</span> to <span style="font-family:monospace">/etc/network/if-pre-up.d/00check-network-cable</span> and be good to go.
If your system has <em>predictable</em> network names you might need to apply <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970359">this</a> patch first
</p>
</body>