- With this setup, wpa_supplicant automatically changes network when needed. - Moreover, the network can be changed in userspace and new networks can be added. - All withouth the bloat of NetworkManager and ModemManager. -
++ With this setup, wpa_supplicant automatically changes network when needed. + Moreover, the network can be changed in userspace and new networks can be added. + All withouth the bloat of NetworkManager and ModemManager. +
+ + +- /etc/network/interfaces needs for direct use with a wpa_supplicant daemon. + /etc/network/interfaces needs for direct use with a wpa_supplicant daemon. This is done by setting the wireless network as follows.
@@ -31,10 +52,10 @@ iface wlp2s0 inet manual- This basically means that a wpa_supplicant will be watching the networks specified in the config and switch when in range. - Note that the iface is set to manual and not dhcp. + This basically means that a wpa_supplicant will be watching the networks specified in the config and switch when in range. + Note that the iface is set to manual and not dhcp. This means that below those lines you can configure your networks from the config manually. - So say that you have a network in the wpa_supplicant.conf with id_str="work"" that needs to be configured with dhcp, you add the following lines: + So say that you have a network in the wpa_supplicant.conf with id_str="work"" that needs to be configured with dhcp, you add the following lines:
@@ -42,19 +63,19 @@ iface work inet dhcp
- Setting id_strs for all networks is tedious so to create a default setting you can use the default network name to for example set all wifi networks to dhcp. + Setting id_strs for all networks is tedious so to create a default setting you can use the default network name to for example set all wifi networks to dhcp.
iface default inet dhcp-
- The config file for wpa_supplicant should at least contain the following lines. - The interface line defines the control socket and states that all users in the netdev group may control wpa_supplicant. - The update_config line states that the config file may be updated, thus having persistent changes. - Users you allow changing the config therefore have to be added to netdev. + The config file for wpa_supplicant should at least contain the following lines. + The interface line defines the control socket and states that all users in the netdev group may control wpa_supplicant. + The update_config line states that the config file may be updated, thus having persistent changes. + Users you allow changing the config therefore have to be added to netdev.
@@ -64,33 +85,35 @@ update_config=1Followed are all the network configurations. - For these configuration consult the manpage for wpa_supplicant. - E.g. for WPA2 networks you can use the wpa_passphrase tool. - For eduroam, don't handcraft configs either, use the configuration assistant available here. - This tool will generate a wpa_supplicant.conf if it fails to talk to networkmanager. + For these configuration consult the manpage for wpa_supplicant. + E.g. for WPA2 networks you can use the wpa_passphrase tool. + For eduroam, don't handcraft configs either, use the configuration assistant. + This tool will generate a wpa_supplicant.conf if it fails to talk to networkmanager.
-wpa_gui
+wpa_gui
Editing the config file is tedious and error prone. - Moreover, it requires a restart of wpa_supplicant to reinistate the config. - Luckily there are two tools that allow you to do this in-place using either the command line (wpa_cli is not discussed here) and via a GUI(wpa_gui). - If your user is a member of the netdev group you can just start it up. - Note that it resides by default in /usr/sbin. - wpa_gui is a graphical frontend where you can add, remove, diagnose and change wireless networks with almost as much functionality as wpa_cli. + Moreover, it requires a restart of wpa_supplicant to reinistate the config. + Luckily there are two tools that allow you to do this in-place using either the command line (wpa_cli is not discussed here) and via a GUI(wpa_gui). + If your user is a member of the netdev group you can just start it up. + Note that it resides by default in /usr/sbin. + wpa_gui is a graphical frontend where you can add, remove, diagnose and change wireless networks with almost as much functionality as wpa_cli.
-eduroam
+Eduroam
- Eduroam gives a nice configuration assistant tools nowadays that will generate a wpa_supplicant.conf entry for you. + Eduroam gives a nice configuration assistant tools nowadays that will generate a wpa_supplicant.conf entry for you. Previously you could hash your password using md4 but I haven't tested whether this still works.
-update: cat broken
+update: cat broken
+The tool worked before™ but not anymore on my debian testing version. Therefore I've pasted my config here for later reference. - You get the ca_cert from the assistant tool. + You get the ca_cert from the assistant tool. I might upload that here as well. +
network={ ssid="eduroam" @@ -107,28 +130,29 @@ network={ phase2="auth=MSCHAPV2" }- -openssl update (not needed anymore)
+openssl update (not needed anymore)
The new version of openssl disables everything lower than TLSv1.2. - If you see errors in /var/log/syslog about TLS you have to allow lower version TLS versions by changing the last two lines in /etc/ssl/openssl.cnf to: + If you see errors in /var/log/syslog about TLS you have to allow lower version TLS versions by changing the last two lines in /etc/ssl/openssl.cnf to: +
MinProtocol = TLSv1.0 CipherString = DEFAULT@SECLEVEL=1- -Interaction with wired interfaces
+Interaction with wired interfaces
- When you have an ethernet jack as well in your laptop you might be tempted to put this in your /etc/network/interfaces as well + When you have an ethernet jack as well in your laptop you might be tempted to put this in your /etc/network/interfaces as well +
auto enp0s31f6 iface enp0s31f6 inet dhcp+However, this results in your machine eagerly waiting for a connection at boot because a connected ethernet jack means a connected card, and the card is always connected in a laptop. - ifupdown-extra contains scripts to fix this. - Just link /etc/network/if-up.d/00check-network-cable to /etc/network/if-pre-up.d/00check-network-cable and be good to go. + ifupdown-extra contains scripts to fix this. + Just link /etc/network/if-up.d/00check-network-cable to /etc/network/if-pre-up.d/00check-network-cable and be good to go. If your system has predictable network names you might need to apply this patch first