X-Git-Url: https://git.martlubbers.net/?p=martlubbers.net.git;a=blobdiff_plain;f=nonm.md;fp=nonm.md;h=deb5863793104606c3bd8428a2b86ef38748ef8f;hp=0000000000000000000000000000000000000000;hb=7a17e96b89c6d8b344ec807a9710c9e8df553f03;hpb=d9761de361e4ada17d9ebe4c9ca402f92d8a14a2 diff --git a/nonm.md b/nonm.md new file mode 100644 index 0000000..deb5863 --- /dev/null +++ b/nonm.md @@ -0,0 +1,125 @@ +--- +title: Wifi without network manager +date: 2020-09-16 +--- +With this setup, `wpa_supplicant` automatically changes network when needed. +Moreover, the network can be changed in userspace and new networks can be added. +All withouth the bloat of `NetworkManager` and `ModemManager`. + +## Table of contents + +- [Requirements](#requirements) +- [`wpa_supplicant`](#wpa_supplicant) +- [`wpa_supplicant.conf`](#wpa_supplicantconf) +- [`wpa_gui`](#wpa_gui) +- [Eduroam](#eduroam) + - [update: cat broken](#update) + - [openssl update](#openssl) +- [interaction](#interaction) + +## Requirements + +- `wpa_supplicant` +- `wpa_gui` + + +## `wpa_supplicant` +`/etc/network/interfaces` needs for direct use with a `wpa_supplicant` daemon. +This is done by setting the wireless network as follows. + +``` +allow-hotplug wlp2s0 +iface wlp2s0 inet manual + wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf +``` + +This basically means that a `wpa_supplicant` will be watching the networks specified in the config and switch when in range. +Note that the `iface` is set to `manual` and not `dhcp`. +This means that below those lines you can configure your networks from the config manually. +So say that you have a network in the `wpa_supplicant.conf` with `id_str="work"` that needs to be configured with dhcp, you add the following lines: + +``` +iface work inet dhcp +``` + +Setting `id_str`s for all networks is tedious so to create a default setting you can use the `default` network name to for example set all wifi networks to dhcp. + +``` +iface default inet dhcp +``` + +## `wpa_supplicant.conf` +The config file for `wpa_supplicant` should at least contain the following lines. +The `interface` line defines the control socket and states that all users in the `netdev` group may control `wpa_supplicant`. +The `update_config` line states that the config file may be updated, thus having persistent changes. +Users you allow changing the config therefore have to be added to `netdev`. + + 
+interface=DIR=/run/wpa_supplicant GROUP=netdev
+update_config=1
+
+ +

+ Followed are all the network configurations. + For these configuration consult the manpage for `wpa_supplicant`. + E.g. for `WPA2` networks you can use the `wpa_passphrase` tool. + For eduroam, don't handcraft configs either, use the [configuration assistant](https://cat.eduroam.org/). + This tool will generate a `wpa_supplicant.conf` if it fails to talk to networkmanager. +

+ +## `wpa_gui` +Editing the config file is tedious and error prone. +Moreover, it requires a restart of `wpa_supplicant` to reinistate the config. +Luckily there are two tools that allow you to do this in-place using either the command line (`wpa_cli` is not discussed here) and via a GUI(`wpa_gui`). +If your user is a member of the `netdev` group you can just start it up. +Note that it resides by default in `/usr/sbin`. +`wpa_gui` is a graphical frontend where you can add, remove, diagnose and change wireless networks with _almost_ as much functionality as `wpa_cli`. + +## Eduroam +Eduroam gives a nice configuration assistant tools nowadays that will generate a `wpa_supplicant.conf` entry for you. +Previously you could hash your password using md4 but I haven't tested whether this still works. + +### update: cat broken +The tool worked before™ but not anymore on my debian testing version. +Therefore I've pasted my config here for later reference. +You get the `ca_cert` from the assistant tool. +I might upload that here as well. + +``` +network={ + ssid="eduroam" + proto=RSN + key_mgmt=WPA-EAP + pairwise=CCMP + auth_alg=OPEN + eap=PEAP + identity="YOURUSERNAME@ru.nl" + anonymous_identity="anonymous@ru.nl" + password="YOURPASSWORD" +# ca_cert="/home/frobnicator/.cat_installer/ca.pem" + domain_suffix_match="authenticatie.ru.nl" + phase2="auth=MSCHAPV2" +} +``` + +### openssl update (not needed anymore) +The new version of openssl disables everything lower than TLSv1.2. +If you see errors in `/var/log/syslog` about `TLS` you have to allow lower version TLS versions by changing the last two lines in `/etc/ssl/openssl.cnf` to: + +``` +MinProtocol = TLSv1.0 +CipherString = DEFAULT@SECLEVEL=1 +``` + +## Interaction with wired interfaces +When you have an ethernet jack as well in your laptop you might be tempted to put this in your `/etc/network/interfaces` as well + +``` +auto enp0s31f6 +iface enp0s31f6 inet dhcp +``` + +However, this results in your machine eagerly waiting for a connection at boot because a _connected_ ethernet jack means a connected card, and the card is always connected in a laptop. +`ifupdown-extra` contains scripts to fix this. +Just link `/etc/network/if-up.d/00check-network-cable` to `/etc/network/if-pre-up.d/00check-network-cable` and be good to go. +If your system has _predictable_ network names you might need to apply [this](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970359) patch first.