https://wiki.archlinux.org/api.php?action=feedcontributions&user=Actkz&feedformat=atomArchWiki - User contributions [en]2024-03-28T11:07:26ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Ipset&diff=372002Ipset2015-05-01T09:36:52Z<p>Actkz: </p>
<hr />
<div>[[Category:Firewalls]]<br />
{{Related articles start}}<br />
{{Related|Firewalls}}<br />
{{Related|Iptables}}<br />
{{Related articles end}}<br />
{{Stub|}}<br />
[http://ipset.netfilter.org/ ipset] is a companion application for the [[iptables]] Linux [[firewall]]. It allows you to setup rules to quickly and easily block a set of IP addresses, among other things.<br />
<br />
== Installation ==<br />
<br />
[[pacman|Install]] {{pkg|ipset}} from the [[official repositories]].<br />
<br />
== Configuration ==<br />
<br />
=== Blocking a list of addresses ===<br />
<br />
Start by creating a new "set" of network addresses. This creates a new "hash" set of "net" network addresses named "myset".<br />
<br />
# ipset create myset hash:net<br />
<br />
Add any IP address that you'd like to block to the set.<br />
<br />
# ipset add myset 14.144.0.0/12<br />
# ipset add myset 27.8.0.0/13<br />
# ipset add myset 58.16.0.0/15<br />
<br />
Finally, configure [[iptables]] to block any address in that set. This command will add a rule to the top of the "INPUT" chain to "-m" match the set named "myset" from ipset (--match-set) when it's a "src" packet and "DROP", or block, it.<br />
<br />
# iptables -I INPUT -m set --match-set myset src -j DROP<br />
<br />
=== Making ipset persistent ===<br />
<br />
ipset you have created is stored in memory and will be gone after reboot. To make the ipset persistent you have to do the followings:<br />
<br />
First save the ipset to /etc/ipset.conf:<br />
<br />
# ipset save > /etc/ipset.conf<br />
<br />
Then [[enable]] {{ic|ipset.service}}.<br />
<br />
=== Blocking With PeerGuardian and Other Blocklists ===<br />
<br />
The pg2ipset tool by the author of maeyanie.com, coupled with the ipset-update.sh script can be used with cron to automatically update various blocklists. Currently, by default country blocking, tor exit node blocking, and pg2 list blocking from Bluetack are implemented. Currently these tools aren't available in the AUR, but are easy enough to setup in a location of your choice. <br />
<br />
These tools can be found at github: https://github.com/ilikenwf/pg2ipset<br />
<br />
== Other Commands ==<br />
<br />
To view the sets:<br />
<br />
# ipset list<br />
<br />
To delete a set named "myset":<br />
<br />
# ipset destroy myset<br />
<br />
To delete all sets:<br />
<br />
# ipset destroy<br />
<br />
== Trouble Shooting (Cannot open session to kernel)==<br />
<br />
> ipset list<br />
ipset v6.24: Cannot open session to kernel.<br />
<br />
Just reboot the machine and it will work fine.<br />
<br />
<br />
Please see the man page for ipset for further information.</div>Actkzhttps://wiki.archlinux.org/index.php?title=Ipset&diff=372001Ipset2015-05-01T09:36:17Z<p>Actkz: </p>
<hr />
<div>[[Category:Firewalls]]<br />
{{Related articles start}}<br />
{{Related|Firewalls}}<br />
{{Related|Iptables}}<br />
{{Related articles end}}<br />
{{Stub|}}<br />
[http://ipset.netfilter.org/ ipset] is a companion application for the [[iptables]] Linux [[firewall]]. It allows you to setup rules to quickly and easily block a set of IP addresses, among other things.<br />
<br />
== Installation ==<br />
<br />
[[pacman|Install]] {{pkg|ipset}} from the [[official repositories]].<br />
<br />
== Configuration ==<br />
<br />
=== Blocking a list of addresses ===<br />
<br />
Start by creating a new "set" of network addresses. This creates a new "hash" set of "net" network addresses named "myset".<br />
<br />
# ipset create myset hash:net<br />
<br />
Add any IP address that you'd like to block to the set.<br />
<br />
# ipset add myset 14.144.0.0/12<br />
# ipset add myset 27.8.0.0/13<br />
# ipset add myset 58.16.0.0/15<br />
<br />
Finally, configure [[iptables]] to block any address in that set. This command will add a rule to the top of the "INPUT" chain to "-m" match the set named "myset" from ipset (--match-set) when it's a "src" packet and "DROP", or block, it.<br />
<br />
# iptables -I INPUT -m set --match-set myset src -j DROP<br />
<br />
=== Making ipset persistent ===<br />
<br />
ipset you have created is stored in memory and will be gone after reboot. To make the ipset persistent you have to do the followings:<br />
<br />
First save the ipset to /etc/ipset.conf:<br />
<br />
# ipset save > /etc/ipset.conf<br />
<br />
Then [[enable]] {{ic|ipset.service}}.<br />
<br />
=== Blocking With PeerGuardian and Other Blocklists ===<br />
<br />
The pg2ipset tool by the author of maeyanie.com, coupled with the ipset-update.sh script can be used with cron to automatically update various blocklists. Currently, by default country blocking, tor exit node blocking, and pg2 list blocking from Bluetack are implemented. Currently these tools aren't available in the AUR, but are easy enough to setup in a location of your choice. <br />
<br />
These tools can be found at github: https://github.com/ilikenwf/pg2ipset<br />
<br />
== Other Commands ==<br />
<br />
To view the sets:<br />
<br />
# ipset list<br />
<br />
To delete a set named "myset":<br />
<br />
# ipset destroy myset<br />
<br />
To delete all sets:<br />
<br />
# ipset destroy<br />
<br />
== Trouble Shooting ==<br />
<br />
> ipset list<br />
ipset v6.24: Cannot open session to kernel.<br />
<br />
Just reboot the machine and it will work fine.<br />
<br />
<br />
Please see the man page for ipset for further information.</div>Actkzhttps://wiki.archlinux.org/index.php?title=Netctl&diff=371894Netctl2015-04-30T06:41:45Z<p>Actkz: </p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Network managers]]<br />
[[cs:Netctl]]<br />
[[es:Netctl]]<br />
[[fr:Netctl]]<br />
[[ja:Netctl]]<br />
[[ru:Netctl]]<br />
[[zh-CN:Netctl]]<br />
{{Related articles start}}<br />
{{Related|Bridge with netctl}}<br />
{{Related|Network configuration}}<br />
{{Related|Wireless network configuration}}<br />
{{Related|:Category:Network managers}}<br />
{{Related articles end}}<br />
'''netctl''' is a CLI-based tool used to configure and manage network connections via profiles. It is a native Arch Linux project for network configuration.<br />
<br />
== Installation ==<br />
<br />
[[Install]] {{Pkg|netctl}} from the [[official repositories]].<br />
<br />
Optional dependencies are shown in the table below.<br />
<br />
{| class="wikitable"<br />
! Feature<br />
! Dependency<br />
! netctl program <br /> (if relevant)<br />
|-<br />
| Automatic wireless connections || {{Pkg|wpa_actiond}} || {{ic|netctl-auto}}<br />
|-<br />
| Automatic wired connections || {{Pkg|ifplugd}} || {{ic|netctl-ifplugd}}<br />
|-<br />
| WPA || {{Pkg|wpa_supplicant}} ||<br />
|-<br />
| DHCP || {{Pkg|dhcpcd}} or {{Pkg|dhclient}} ||<br />
|-<br />
| Wifi menus || {{Pkg|dialog}} ||<br />
|-<br />
| PPPoE || {{Pkg|ppp}} ||<br />
|-<br />
|}<br />
<br />
{{Warning|Do not enable concurrent, conflicting network service. Use {{ic|1=systemctl --type=service}} to ensure that no other network service is running before enabling a ''netctl'' profile/service.}}<br />
<br />
== Usage ==<br />
<br />
It is advisable to read the following man pages before using netctl:<br />
<br />
* [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.1.txt netctl]<br />
* [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile]<br />
* [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.special.7.txt netctl.special]<br />
<br />
== Configuration ==<br />
<br />
''netctl'' uses profiles to manage network connections and different modes of operation to start profiles automatically or manually on demand. <br />
<br />
=== Profile configuration ===<br />
<br />
The ''netctl'' profile files are stored in {{ic|/etc/netctl/}} and example configuration files are available in {{ic|/etc/netctl/examples/}}. Common configurations include:<br />
<br />
* ethernet-dhcp<br />
* ethernet-static<br />
* wireless-wpa<br />
* wireless-wpa-static<br />
<br />
To use an example profile, simply copy it from {{ic|/etc/netctl/examples/}} to {{ic|/etc/netctl/}} and configure it to your needs; see basic [[#Example profiles]] below. The first parameter you need to create a profile is the network {{ic|Interface}}, see [[Network configuration#Device names]] for details.<br />
<br />
{{Tip|<br />
* For wireless settings, you can use {{ic|wifi-menu -o}} as root to generate the profile file in {{ic|/etc/netctl/}}.<br />
* To enable a static IP profile on wired interface no matter if the cable is connected or not, use {{ic|1=SkipNoCarrier=yes}} in your profile.<br />
}}<br />
<br />
Once you have created your profile, attempt to establish a connection (use only the profile name, not the full path):<br />
<br />
# netctl start ''profile''<br />
<br />
If the above command results in a failure, then use {{ic|journalctl -xn}} and {{ic|netctl status ''profile''}} to obtain a more in depth explanation of the failure.<br />
<br />
=== Automatic operation ===<br />
<br />
If you use only one profile (per interface) or want to switch profiles manually, the [[#Basic method|Basic method]] will do. Most common examples are servers, workstations, routers etc.<br />
<br />
If you need to switch multiple profiles frequently, use [[#Automatic switching of profiles|Automatic switching of profiles]]. Most common examples are laptops.<br />
<br />
==== Basic method ====<br />
<br />
With this method, you can statically start only one profile per interface. First manually check that the profile can be started successfully with: <br />
<br />
# netctl start ''profile'' <br />
<br />
then it can be enabled using:<br />
<br />
# netctl enable ''profile''<br />
<br />
This will create and enable a [[systemd]] service that will start when the computer boots. Changes to the profile file will not propagate to the service file automatically. After such changes, it is necessary to reenable the profile:<br />
<br />
# netctl reenable ''profile''<br />
<br />
After enabling a profile, it will be started at next boot. Obviously this can only be successful, if the network cable for a wired connection is plugged in, or the wireless access point used in a profile is in range respectively.<br />
<br />
==== Automatic switching of profiles ====<br />
<br />
''netctl'' provides two special [[systemd]] services for automatic switching of profiles:<br />
<br />
* Package {{Pkg|ifplugd}} for wired interfaces: After [[Start|starting and enabling]] {{ic|netctl-ifplugd@''interface''.service}} DHCP profiles are started/stopped when the network cable is plugged in and out. To include a static IP profile the option {{ic|1=ExcludeAuto=no}} needs to be set in it. <br />
* Package {{Pkg|wpa_actiond}} for wireless interfaces: After [[Start|starting and enabling]] {{ic|netctl-auto@''interface''.service}} profiles are started/stopped automatically as you move from the range of one network into the range of another network (roaming).<br />
<br />
Note that ''interface'' is not literal, but to be substituted by the name of your device's interface, e.g. {{ic|netctl-auto@wlp4s0.service}}.<br />
<br />
The following options can be used: <br />
<br />
* If you want some wireless profile '''not''' to be started automatically by {{ic|netctl-auto@''interface''.service}}, you have to explicitly add {{ic|1=ExcludeAuto=yes}} to that profile. <br />
* The {{ic|netctl-ifplugd@''interface''.service}} will prefer profiles which use [[Wikipedia:DHCP|DHCP]]. To prefer a profile with a static IP, you can set {{ic|1=Priority=2}}, which is higher than the default priority given to DHCP profiles of {{ic|1=Priority=1}}. Do not forget to also set {{ic|1=ExcludeAuto=no}} as mentioned above. See {{ic|netctl.profile(5)}} for details.<br />
* You can use {{ic|1=Priority=}} in the ''WPAConfigSection'' (see {{ic|/etc/netctl/examples/wireless-wpa-configsection}}) to set priority of a profile when multiple wireless access points are available. Note that automatic selection of a WPA profile by ''netctl-auto'' is not possible with option {{ic|1=Security=wpa-config}}, use {{ic|1=Security=wpa-configsection}} instead.<br />
<br />
{{Warning|<br />
* If any of the profiles contain errors, such as an empty or misquoted {{ic|1=Key=}} variable, the unit will fail to load with the message {{ic|"Failed to read or parse configuration '/run/network/wpa_supplicant_wlan0.conf'}}, even when that profile is not being used.<br />
* This method conflicts with the [[#Basic method|Basic method]]. If you have previously enabled a profile through ''netctl'', run {{ic|netctl disable ''profile''}} to prevent the profile from starting twice at boot.<br />
}}<br />
<br />
Since netctl 1.3 it is possible to manually control an interface otherwise managed by ''netctl-auto'' without having to stop {{ic|netctl-auto.service}}. This is done using the ''netctl-auto'' command. For a list of available actions run:<br />
# netctl-auto --help<br />
<br />
=== Example profiles ===<br />
<br />
==== Wired ====<br />
<br />
For a DHCP connection, only the {{ic|Interface}} has to be configured after copying the {{ic|/etc/netctl/examples/ethernet-dhcp}} example profile to {{ic|/etc/netctl}}. <br />
<br />
For example:<br />
{{hc|/etc/netctl/''my_dhcp_rofile''|<nowiki><br />
Interface=enp1s0<br />
IP=dhcp</nowiki><br />
}}<br />
<br />
For a static IP configuration copy the {{ic|/etc/netctl/examples/ethernet-static}} example profile to {{ic|/etc/netctl}} and modify {{ic|Interface}}, {{ic|Address}}, {{ic|Gateway}} and {{ic|DNS}}) as needed. <br />
<br />
For example:<br />
{{hc|/etc/netctl/''my_static_profile''|<nowiki><br />
Interface=enp1s0<br />
Connection=ethernet<br />
IP=static<br />
Address=('10.1.10.2/24')<br />
Gateway='10.1.10.1'<br />
DNS=('10.1.10.1')</nowiki><br />
}}<br />
<br />
For the {{ic|Address}} take care to include the correct netmask (the {{ic|/24}} in the sample profile equates to a netmask of {{ic|255.255.255.0}}) or the profile will fail to start. See also [[wikipedia:Classless Inter-Domain Routing#CIDR notation|CIDR notation]].<br />
<br />
==== Wireless (WPA-PSK) ====<br />
<br />
The following applies for the standard wireless connections using a pre-shared key (WPA-PSK). See [[WPA2 Enterprise#netctl]] for example profiles with other authentication methods. <br />
<br />
The standard ''netctl'' tool to connect to a wireless network (WPA-PSK, WEP) interactively is ''wifi-menu''; used with the {{ic|-o}} option: <br />
<br />
wifi-menu -o <br />
<br />
it generates the configuration file in {{ic|/etc/netctl/}} for the network to use for [[#Automatic operation]] at the same time. <br />
<br />
Alternatively, the profile may also be configured manually, as follows: <br />
<br />
Copy the example file {{ic|wireless-wpa}} from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}} (name of your choice):<br />
<br />
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/.<br />
<br />
Edit the profile as needed (modifying {{ic|Interface}}, {{ic|ESSID}} and {{ic|Key}}) and it is done. <br />
<br />
At this step you may want to re-confirm the new profile you created is {{ic|chmod 600}} and confirm it works by starting it: <br />
<br />
netctl start wireless-wpa<br />
<br />
before configuring any [[#Automatic operation]].<br />
<br />
Optionally you can also follow the following step to obfuscate the wireless passphrase (''wifi-menu'' does it automatically): <br />
<br />
Users '''not''' wishing to have the passphrase to their wireless network stored in ''plain text'' have the option of storing the corresponding 256-bit pre-shared key instead, which is calculated from the passphrase and the SSID using standard algorithms.<br />
<br />
Calculate your 256-bit PSK using [[WPA_supplicant#Connecting_with_wpa_passphrase|wpa_passphrase]]:<br />
{{hc|$ wpa_passphrase ''your_essid'' ''passphrase''|2=<br />
network={<br />
ssid="''your_essid''"<br />
#psk="''passphrase''"<br />
psk=64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a<br />
}<br />
}}<br />
<br />
The ''pre-shared key'' (psk) now needs to replaces the plain text passphrase of the {{ic|Key}} variable in the profile. Once completed your network profile {{ic|wireless-wpa}} containing a 256-bit PSK should resemble:<br />
<br />
{{hc|/etc/netctl/wireless-wpa|2=<br />
Description='A simple WPA encrypted wireless connection using 256-bit PSK'<br />
Interface=wlp2s2<br />
Connection=wireless<br />
Security=wpa<br />
IP=dhcp<br />
ESSID=''your_essid''<br />
Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a<br />
}}<br />
<br />
{{Note|<br />
* Make sure to use the '''special quoting rules''' for the {{ic|Key}} variable as explained at the end of [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile(5)].<br />
* If the passphrase fails, try removing the {{ic|\"}} in the {{ic|Key}} variable.<br />
* Although "encrypted", the key that you put in the profile configuration is enough to connect to a WPA-PSK network. Therefore this process is only useful for hiding the human-readable version of the passphrase. This will not prevent anyone with read access to this file from connecting to the network.}}<br />
<br />
== Tips and tricks ==<br />
<br />
=== Using an Experimental GUI ===<br />
<br />
If you want a graphical user interface to manage ''netctl'' and your connections and you are not afraid of highly experimental unofficial packages you can install {{AUR|netgui}} from [[AUR]]. Note, however, that ''netgui'' is still in beta status and you should be familiar with the general ''netctl'' syntax to debug possible issues. Another GUI alternative is {{AUR|netctl-gui}} which provides a Qt-based graphical interface, DBus daemon and KDE widget. A third alternative is {{AUR|netmenu}}, which uses {{Pkg|dmenu}} as its graphical interface.<br />
<br />
=== Eduroam ===<br />
<br />
See [[WPA2_Enterprise#netctl]].<br />
<br />
=== Bonding ===<br />
<br />
From [https://www.kernel.org/doc/Documentation/networking/bonding.txt kernel documentation]:<br />
<br />
:''The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interfaces depends on the mode. Generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed.''<br />
<br />
==== Load balancing ====<br />
<br />
To use bonding with netctl, additional package from official repositories is required: {{Pkg|ifenslave}}.<br />
<br />
Copy {{ic|/etc/netctl/examples/bonding}} to {{ic|/etc/netctl/bonding}} and edit it, for example:<br />
<br />
{{hc|/etc/netctl/bonding|2=<br />
Description='Bond Interface'<br />
Interface='bond0'<br />
Connection=bond<br />
BindsToInterfaces=('eth0' 'eth1')<br />
IP=dhcp<br />
IP6=stateless}}<br />
<br />
Now you can disable your old configuration and set ''bonding'' to be started automatically. Switch to the new profile, for example:<br />
<br />
# netctl switch-to bonding<br />
<br />
{{Note|This uses the round-robin policy, which is the default for the {{ic|bonding}} driver. See [https://www.kernel.org/doc/Documentation/networking/bonding.txt official documentation] for details.}}<br />
<br />
{{Tip|To check the status and bonding mode: {{bc|$ cat /proc/net/bonding/bond0}}}}<br />
<br />
==== Wired to wireless failover ====<br />
This example describes how to use ''bonding'' to fallback to wireless when the wired ethernet goes down. This is most useful when both the wired and wireless interface will be connected to the same network. Your wireless router/access point must be configured in ''bridge'' mode.<br />
<br />
You will need additional packages from the official repositories: {{Pkg|ifenslave}} and {{Pkg|wpa_supplicant}}.<br />
<br />
Fisrt enable the bonding module to be loaded upon boot time, as instructed on [[Kernel modules#Loading]]:<br />
<br />
{{hc|/etc/modules-load.d/bonding.conf|2=<br />
bonding<br />
}}<br />
<br />
Then, configure the options of the {{ic|bonding}} driver to use {{ic|active-backup}} and configure the {{ic|primary}} parameter to the device you want to be the active one (normally the wired interface). Also, be sure to use the same device name as returned when running {{ic|ip link}}:<br />
<br />
{{hc|/etc/modprobe.d/bonding.conf|2=<br />
options bonding mode=active-backup miimon=100 primary=eth0 max_bonds=0<br />
}}<br />
<br />
The {{ic|miimon}} option is needed, for the link failure detection. The {{ic|max_bonds}} option avoids the {{ic|Interface bond0 already exists}} error. More information can be obtained on the [https://www.kernel.org/doc/Documentation/networking/bonding.txt kernel documentation].<br />
<br />
Next, configure a netctl profile to enslave the two hardware interfaces. Use the name of all the devices you want to enslave. If you have more than two wired or wireless interfaces, you can enslave all of them on a bond interface. But, for most cases you will have only two devices, a wired and a wireless one:<br />
<br />
{{hc|/etc/netctl/failover|2=<br />
Description='A wired connection with failover to wireless'<br />
Interface='bond0'<br />
Connection=bond<br />
BindsToInterfaces=('eth0' 'wlan0')<br />
IP='dhcp'<br />
}}<br />
<br />
Disable any other profiles (specially a wired or wireless) you had enabled before and then enable the failover profile on startup:<br />
<br />
# netctl enable failover<br />
<br />
Now you need to configure ''wpa_supplicant'' to connect to any know network you wish. You should create a file for each interface and enable it on systemd. Create the following file with this content:<br />
<br />
{{hc|/etc/wpa_supplicant/wpa_supplicant-wlan0.conf|2=<br />
ctrl_interface=/run/wpa_supplicant<br />
update_config=1<br />
}}<br />
<br />
And append to the end of this file any networks you want to connect:<br />
<br />
network={<br />
ssid="SSID"<br />
psk=PSK<br />
}<br />
<br />
To generate the obfuscated PSK you can run ''wpa_passphrase'' as on the [[WPA supplicant#Connecting with wpa_passphrase]] page.<br />
<br />
Now, enable the {{ic|wpa_supplicant}} service on the network interface:<br />
<br />
# systemctl enable wpa_supplicant@wlan0<br />
<br />
You can try now to reboot your machine and see if your configuration worked.<br />
<br />
{{Note|If you get this error on boot bonding:<br />
<br />
wlan0 is up - this may be due to an out of date ifenslave<br />
<br />
Then this is happening because the ''wpa_supplicant'' is being run before the {{ic|failover}} netctl profile. This happens because [[systemd]] runs everything in parallel, unless told otherwise. ''ifenslave'' need all the interfaces to be down before bonding them to the {{ic|bond0}} interface. And, since the ''wpa_supplicant'' need to put the interface up to be able to scan for networks, this might cause the interface to not be enslaved and your bonding to only have the wired interface.<br />
<br />
If this is your case, then you will need to setup a custom dependency on the {{ic|wpa_supplicant@wlan0}} service in relation with the {{ic|netctl@failover}} profile. More specifically, the ''wpa_supplicant'' must be started '''after''' the netctl profile. To accomplish this, create a custom dependency file based on the instructions provided here: [[systemd#Handling dependencies]]<br />
<br />
{{hc|/etc/systemd/system/wpa_supplicant@wlan0.service.d/customdependency.conf|2=<br />
[Unit]<br />
After=netctl@failover.service<br />
}}<br />
<br />
After that you can try to reboot your system again and see if it works. You can check the status of your bonding by running:<br />
<br />
# journalctl -u netctl@failover.service<br />
<br />
And:<br />
<br />
# ip link<br />
<br />
You should see something like this:<br />
<br />
1: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT group default qlen 1000<br />
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff<br />
2: wlan0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DORMANT group default qlen 1000<br />
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff<br />
3: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default <br />
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff<br />
}}<br />
<br />
Now, you can test your failover setup, by initiating a big download. Unplug your wired interface. Your download should keep going over the wireless interface. Then, plug your wired interface again and it should keep working. You can debug with the following comands:<br />
<br />
# journalctl -u netctl@failover.service<br />
<br />
And:<br />
<br />
# journalctl -u wpa_supplicant@wlan0.service<br />
<br />
=== Using any interface ===<br />
In some cases it may be desirable to allow a profile to use any interface on the system. A common example use case is using a common disk image across many machines with differing hardware (this is especially useful if they are headless). If you use the kernel's naming scheme, and your machine has only one ethernet interface, you can probably guess that eth0 is the right interface. If you use udev's [http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ Predictable Network Interface Names], however, names will be assigned based on the specific hardware itself (e.g. enp1s0), rather than simply the order that the hardware was detected (e.g. eth0, eth1). This means that a netctl profile may work on one machine and not another, because they each have different interface names.<br />
<br />
A quick and dirty solution is to make use of the {{ic|/etc/netctl/interfaces/}} directory. Choose a name for your interface alias ({{ic|en-any}} in this example), and write the following to a file with that name (making sure it is executable).<br />
{{hc|/etc/netctl/interfaces/en-any|<nowiki><br />
#!/bin/bash<br />
for interface in /sys/class/net/en*; do<br />
break;<br />
done<br />
Interface=$(basename $interface)<br />
echo "en-any: using interface $Interface";<br />
</nowiki>}}<br />
Then create a profile that uses the interface. Pay special attention to the {{ic|Interface}} directive. The rest are only provided as examples.<br />
{{hc|/etc/netctl/wired|<nowiki><br />
Description='Wired'<br />
Interface=en-any<br />
Connection=ethernet<br />
IP=static<br />
Address=('192.168.1.15/24')<br />
Gateway='192.168.1.1'<br />
DNS=('192.168.1.1')<br />
</nowiki>}}<br />
<br />
When the {{ic|wired}} profile is started, any machine using the two files above will automatically bring up and configure the first ethernet interface found on the system, regardless of what name udev assigned to it. Note that this is not the most robust way to go about configuring interfaces. If you use multiple interfaces, netctl may try to assign the same interface to them, and will likely cause a disruption in connectivity. If you do not mind a more complicated solution, {{ic|netctl-auto}} is likely to be more reliable.<br />
<br />
=== Using hooks ===<br />
<br />
netctl supports hooks in {{ic|/etc/netctl/hooks/}} and per interface hooks in {{ic|/etc/netctl/interfaces/}}. You can set any option in a hook/interface that you can<br />
in a profile. They are read the same way! Most importantly this includes {{ic|ExecUpPost}} and {{ic|ExecDownPre}}. <br />
<br />
When a profile is read, netctl sources ''all executable'' scripts in {{ic|hooks}}, then it reads the profile file for the connection and finally it sources an executable script with the name of the interface used in the profile from the {{ic|interfaces}} directory. Therefore, declarations in an interface script override declarations in the profile, which override declarations in hooks. <br />
<br />
The variables {{ic|$INTERFACE}}, {{ic|$SSID}}, {{ic|$ACTION}} and {{ic|$Profile}} are available in hooks/interfaces '''only''' when using {{ic|netctl-auto}} <br />
<br />
==== Examples ====<br />
<br />
===== Execute commands on established connection =====<br />
{{hc|/etc/netctl/hooks/myservices|<nowiki><br />
#!/bin/sh<br />
ExecUpPost="systemctl start crashplan.service; systemctl start dropbox@<username>.service"<br />
ExecDownPre="systemctl stop crashplan.service; systemctl stop dropbox@<username>.service"<br />
</nowiki>}}<br />
<br />
===== Activate network-online.target =====<br />
<br />
{{hc|/etc/netctl/hooks/status|<nowiki><br />
#!/bin/sh<br />
ExecUpPost="systemctl start network-online.target"<br />
ExecDownPre="systemctl stop network-online.target"<br />
</nowiki>}} <br />
<br />
Using this, systemd services requiring an active network connection can be [[Systemd#Handling_dependencies|ordered]] to start only after the {{ic|network-online.target}} is reached, and can be stopped before the connection is brought down. <br />
<br />
===== Set default DHCP client =====<br />
<br />
To set or change the DHCP client used for all profiles: <br />
<br />
{{hc|/etc/netctl/hooks/dhcp|<nowiki><br />
#!/bin/sh<br />
DHCPClient='dhclient'<br />
</nowiki>}}<br />
<br />
Alternatively, it may also be specified for a specific network interface by creating an executable file {{ic|/etc/netctl/interfaces/<interface>}} with the following line:<br />
<br />
DHCPClient='dhclient'<br />
<br />
{{Expansion|It would be useful to replace the example with a general hook that executes different actions depending on {{ic|$ACTION}} being CONNECT and DISCONNECT.}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Job for netctl@wlan(...).service failed ===<br />
<br />
Some people have an issue when they connect to a network with ''netctl'', for example:<br />
<br />
{{hc|# netctl start wlan0-ssid|<nowiki><br />
Job for netctl@wlan0\x2ssid.service failed. See 'systemctl status netctl@wlan0\x2ssid.service' and 'journalctl -xn' for details.<br />
</nowiki>}}<br />
<br />
When then looking at {{ic|journalctl -xn}}, either of the following are shown:<br />
<br />
1. If your device ({{ic|wlan0}} in this case) is up:<br />
network[2322]: The interface of network profile 'wlan0-ssid' is already up<br />
<br />
Setting the interface down should resolve the problem:<br />
# ip link set wlan0 down<br />
<br />
Then retry:<br />
# netctl start wlan0-ssid<br />
<br />
{{Accuracy|The following is an unsolved issue, using different DHCP client is just a poor/unexplained workaround.}}<br />
<br />
2. If it is down:<br />
dhcpcd[261]: wlan0: ipv4_sendrawpacket: Network is down<br />
<br />
One way to solve this is to use a different DHCP client, for example {{Pkg|dhclient}}. After installing the package configure ''netctl'' to use it:<br />
<br />
{{hc|/etc/netctl/wlan0-ssid|<nowiki><br />
...<br />
DHCPClient='dhclient'<br />
</nowiki>}}<br />
<br />
Adding the {{ic|ForceConnect}} option may also be helpful:<br />
<br />
{{hc|/etc/netctl/wlan0-ssid|<nowiki><br />
<br />
...<br />
<br />
ForceConnect=yes<br />
</nowiki>}}<br />
<br />
Save it and try to connect with the profile:<br />
# netctl start wlan0-ssid<br />
<br />
=== dhcpcd: ipv4_addroute: File exists ===<br />
<br />
On some systems dhcpcd in combination with netctl causes timeout issues on resume, particularly when having switched networks in the meantime. netctl will report that you are successfully connected but you still receive timeout issues. In this case, the old default route still exists and is not being renewed. A workaround to avoid this misbehaviour is to switch to [[#Set default dhcp client for all profiles|dhclient]] as the default dhcp client. More information on the issue can be found [https://bbs.archlinux.org/viewtopic.php?pid=1399842#p1399842 here].<br />
<br />
=== DHCP timeout issues ===<br />
<br />
If you are having timeout issues when requesting leases via DHCP you can set the timeout value higher than netctl's 30 seconds by default. Create a file in {{ic|/etc/netctl/hooks/}} or {{ic|/etc/netctl/interfaces/}}, add {{ic|1=TimeoutDHCP=40}} to it for a timeout of 40 seconds and make the file executable.<br />
<br />
=== Connection timeout issues ===<br />
<br />
If you are having timeout issues that are unrelated to DHCP (on a static ethernet connection for example), and are experiencing errors similar to the following when starting your profile:<br />
{{hc|# journalctl _SYSTEMD_UNIT&#61;netctl@''profile''.service|<br />
Starting network profile &#39;''profile''&#39;...<br />
No connection found on interface 'eth0' (timeout)<br />
Failed to bring the network up for profile &#39;''profile''&#39;<br />
}}<br />
Then you should increase carrier and up timeouts by adding {{ic|1=TimeoutUp=}} and {{ic|1=TimeoutCarrier=}} to your profile file:<br />
{{hc|/etc/netctl/''profile''|<nowiki><br />
...<br />
TimeoutUp=300<br />
TimeoutCarrier=300</nowiki><br />
}}<br />
Do not forget to reenable your profile:<br />
<br />
# netctl reenable ''profile''<br />
<br />
=== Problems with netctl-auto on resume ===<br />
Sometimes ''netctl-auto'' fails to reconnect when the system resumes from suspend. An easy solution is to restart the service for ''netctl-auto''. <br />
This can be automated with an additional service like the following:<br />
<br />
{{hc|/etc/systemd/system/netctl-auto-resume@.service|<nowiki><br />
[Unit]<br />
Description=restart netctl-auto on resume.<br />
Requisite=netctl-auto@%i.service<br />
After=suspend.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/bin/systemctl restart netctl-auto@%i.service<br />
<br />
[Install]<br />
WantedBy=suspend.target<br />
</nowiki>}}<br />
<br />
To [[systemd#Using units|enable]] this service for your wireless card, for example, run {{ic|systemctl enable netctl-auto-resume@wlan0.service}} as root. Change {{ic|wlan0}} to the required network interface.<br />
<br />
== See also ==<br />
<br />
* [https://bbs.archlinux.org/viewtopic.php?id=157670 Official announcement thread]<br />
* There is a cinnamon applet available in the AUR: {{AUR|cinnamon-applet-netctl-systray-menu}}</div>Actkz