--- /dev/null
+---
+title: Wifi without network manager
+date: 2020-09-16
+---
+With this setup, `wpa_supplicant` automatically changes network when needed.
+Moreover, the network can be changed in userspace and new networks can be added.
+All withouth the bloat of `NetworkManager` and `ModemManager`.
+
+## Table of contents
+
+- [Requirements](#requirements)
+- [`wpa_supplicant`](#wpa_supplicant)
+- [`wpa_supplicant.conf`](#wpa_supplicantconf)
+- [`wpa_gui`](#wpa_gui)
+- [Eduroam](#eduroam)
+ - [update: cat broken](#update)
+ - [openssl update](#openssl)
+- [interaction](#interaction)
+
+## Requirements
+
+- `wpa_supplicant`
+- `wpa_gui`
+
+
+## `wpa_supplicant`
+`/etc/network/interfaces` needs for direct use with a `wpa_supplicant` daemon.
+This is done by setting the wireless network as follows.
+
+```
+allow-hotplug wlp2s0
+iface wlp2s0 inet manual
+ wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
+```
+
+This basically means that a `wpa_supplicant` will be watching the networks specified in the config and switch when in range.
+Note that the `iface` is set to `manual` and not `dhcp`.
+This means that below those lines you can configure your networks from the config manually.
+So say that you have a network in the `wpa_supplicant.conf` with `id_str="work"` that needs to be configured with dhcp, you add the following lines:
+
+```
+iface work inet dhcp
+```
+
+Setting `id_str`s for all networks is tedious so to create a default setting you can use the `default` network name to for example set all wifi networks to dhcp.
+
+```
+iface default inet dhcp
+```
+
+## `wpa_supplicant.conf`
+The config file for `wpa_supplicant` should at least contain the following lines.
+The `interface` line defines the control socket and states that all users in the `netdev` group may control `wpa_supplicant`.
+The `update_config` line states that the config file may be updated, thus having persistent changes.
+Users you allow changing the config therefore have to be added to `netdev`.
+
+ <pre>
+interface=DIR=/run/wpa_supplicant GROUP=netdev
+update_config=1
+ </pre>
+
+ <p>
+ Followed are all the network configurations.
+ For these configuration consult the manpage for `wpa_supplicant`.
+ E.g. for `WPA2` networks you can use the `wpa_passphrase` tool.
+ For eduroam, don't handcraft configs either, use the [configuration assistant](https://cat.eduroam.org/).
+ This tool will generate a `wpa_supplicant.conf` if it fails to talk to networkmanager.
+ </p>
+
+## `wpa_gui`
+Editing the config file is tedious and error prone.
+Moreover, it requires a restart of `wpa_supplicant` to reinistate the config.
+Luckily there are two tools that allow you to do this in-place using either the command line (`wpa_cli` is not discussed here) and via a GUI(`wpa_gui`).
+If your user is a member of the `netdev` group you can just start it up.
+Note that it resides by default in `/usr/sbin`.
+`wpa_gui` is a graphical frontend where you can add, remove, diagnose and change wireless networks with _almost_ as much functionality as `wpa_cli`.
+
+## Eduroam
+Eduroam gives a nice configuration assistant tools nowadays that will generate a `wpa_supplicant.conf` entry for you.
+Previously you could hash your password using md4 but I haven't tested whether this still works.
+
+### update: cat broken
+The tool worked before™ but not anymore on my debian testing version.
+Therefore I've pasted my config here for later reference.
+You get the `ca_cert` from the assistant tool.
+I might upload that here as well.
+
+```
+network={
+ ssid="eduroam"
+ proto=RSN
+ key_mgmt=WPA-EAP
+ pairwise=CCMP
+ auth_alg=OPEN
+ eap=PEAP
+ identity="YOURUSERNAME@ru.nl"
+ anonymous_identity="anonymous@ru.nl"
+ password="YOURPASSWORD"
+# ca_cert="/home/frobnicator/.cat_installer/ca.pem"
+ domain_suffix_match="authenticatie.ru.nl"
+ phase2="auth=MSCHAPV2"
+}
+```
+
+### openssl update (not needed anymore)
+The new version of openssl disables everything lower than TLSv1.2.
+If you see errors in `/var/log/syslog` about `TLS` you have to allow lower version TLS versions by changing the last two lines in `/etc/ssl/openssl.cnf` to:
+
+```
+MinProtocol = TLSv1.0
+CipherString = DEFAULT@SECLEVEL=1
+```
+
+## Interaction with wired interfaces
+When you have an ethernet jack as well in your laptop you might be tempted to put this in your `/etc/network/interfaces` as well
+
+```
+auto enp0s31f6
+iface enp0s31f6 inet dhcp
+```
+
+However, this results in your machine eagerly waiting for a connection at boot because a _connected_ ethernet jack means a connected card, and the card is always connected in a laptop.
+`ifupdown-extra` contains scripts to fix this.
+Just link `/etc/network/if-up.d/00check-network-cable` to `/etc/network/if-pre-up.d/00check-network-cable` and be good to go.
+If your system has _predictable_ network names you might need to apply [this](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970359) patch first.
repositories / martlubbers.net.git / blobdiff