https://wiki.archlinux.org/api.php?action=feedcontributions&user=Griph&feedformat=atomArchWiki - User contributions [en]2024-03-29T02:36:43ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Netctl&diff=280863Netctl2013-11-01T18:27:12Z<p>Griph: Removed references to ifplugd since dhcpcd can detect carrier itself now. Mentioned fail_over_mac bond kernel module option. Clarified which interfaces should get IP address and included relevant portions of wpa_supplicant configuration.</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Networking]]<br />
[[cs:Netctl]]<br />
[[es:Netctl]]<br />
[[fr:Netctl]]<br />
[[ja:Netctl]]<br />
[[ru:Netctl]]<br />
[[zh-CN:Netctl]]<br />
{{Article summary start}}<br />
{{Article summary text|A guide to configuring the network using netctl and network profile scripts.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Networking overview}}}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Bridge with netctl}}<br />
{{Article summary end}}<br />
<br />
''netctl'' is a CLI-based tool used to configure and manage network connections via profiles. It is a native Arch Linux project that replaces the old ''netcfg'' utility.<br />
<br />
== Installation ==<br />
<br />
{{Expansion|Optional dependencies should be mentioned.}}<br />
<br />
The {{Pkg|netctl}} package is available in the [[official repositories]]. Installing netctl will replace {{AUR|netcfg}}. <br />
<br />
{{Pkg|netctl}} and {{AUR|netcfg}} are conflicting packages. You will be potentially connectionless after installing ''netctl'' if your profiles are misconfigured.<br />
<br />
{{Note|It may be a good idea to use {{ic|1=systemctl --type=service}} to ensure that no other service is running that may want to configure the network. Multiple networking services will conflict.}}<br />
<br />
== Required reading ==<br />
<br />
It is advisable to read the following man pages before using netctl:<br />
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.1.txt netctl]<br />
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile]<br />
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.special.7.txt netctl.special]<br />
<br />
== Configuration ==<br />
<br />
''netctl'' uses profiles to manage network connections, profile files are stored in {{ic|/etc/netctl/}}. Example configuration files are provided for the user to assist them in configuring their network connection. These example profiles are located in {{ic|/etc/netctl/examples/}}. The common configurations include:<br />
* ethernet-dhcp<br />
* ethernet-static<br />
* wireless-wpa<br />
* wireless-wpa-static<br />
<br />
To use an example profile, simply copy one of them from {{ic|/etc/netctl/examples/}} to {{ic|/etc/netctl/}} and configure it to your needs:<br />
<br />
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/''profile''<br />
<br />
{{Tip|For wireless settings, you can use {{ic|wifi-menu -o}} to generate the profile file in {{ic|/etc/netctl/}}.}}<br />
{{Warning|{{ic|wifi-menu -o}} to generate the profile file in {{ic|/etc/netctl/}} with '-' in name. This will give problem with automatic setup. Renaming the file is recommended}}<br />
<br />
Once you have created your profile, make an attempt to establish a connection using the newly created profile by running:<br />
<br />
# netctl start ''profile''<br />
<br />
{{Note|''profile'' is the file name, not including the full path. Providing the full path will make ''netctl'' exit with an error code.}}<br />
<br />
If issuing the above command results in a failure, then use {{ic|journalctl -xn}} and {{ic|netctl status ''profile''}} in order to obtain a more in depth explanation of the failure. Make the needed corrections to the failed configuration and retest.<br />
<br />
=== Automatic operation ===<br />
<br />
If you use only one profile (per interface) or want to switch profiles manually, the [[#Basic method|Basic method]] will do. Most common examples are servers, workstations, routers etc.<br />
<br />
If you need to switch multiple profiles frequently, use [[#Automatic switching of profiles|Automatic switching of profiles]]. Most common examples are laptops.<br />
<br />
==== Basic method ====<br />
<br />
With this method, you can statically start only one profile per interface. First manually check that the profile can be started successfully, then it can be enabled using<br />
<br />
# netctl enable ''profile''<br />
<br />
This will create and enable a [[systemd]] service that will start when the computer boots. Changes to the profile file will not propagate to the service file automatically. After such changes, it is necessary to reenable the profile:<br />
<br />
# netctl reenable ''profile''<br />
<br />
{{Note|The connection is only established if the profile can be started succesfully at boot time (or when the service starts). That specifically means, in case of wired connection the cable must be plugged-in, in case of wireless connection the network must be in range.}}<br />
<br />
{{Tip|To enable static IP profile on wired interface no matter if the cable is connected or not, use {{ic|1=SkipNoCarrier=yes}} in your profile.}}<br />
<br />
==== Automatic switching of profiles ====<br />
<br />
''netctl'' provides two special [[systemd]] services for automatic switching of profiles:<br />
<br />
* For wired interfaces: {{ic|netctl-ifplugd@''interface''.service}}. Using this netctl profiles change as you plug the cable in and out.<br />
* For wireless interfaces: {{ic|netctl-auto@''interface''.service}}. Using this netctl profiles change as you move from range of one network into range of other network.<br />
<br />
{{Note|''netcfg'' used {{ic|net-auto-wireless.service}} and {{ic|net-auto-wired.service}} for this purpose.}}<br />
<br />
First [[pacman|install]] required packages:<br />
* Package {{Pkg|wpa_actiond}} is required to use {{ic|netctl-auto@''interface''.service}}.<br />
* Package {{Pkg|ifplugd}} is required to use {{ic|netctl-ifplugd@''interface''.service}}.<br />
<br />
Now configure all profiles that {{ic|netctl-auto@''interface''.service}} or {{ic|netctl-ifplugd@''interface''.service}} can start.<br />
<br />
If you want some wireless profile '''not''' to be started automatically by {{ic|netctl-auto@''interface''.service}}, you have to explicitly add {{ic|1=ExcludeAuto=yes}} to that profile. You can use {{ic|1=Priority=}} to set priority of some profile when multiple profiles are available. {{ic|netctl-ifplugd@''interface''.service}} will prefer profiles, which use [[Wikipedia:DHCP|DHCP]]. To prefer a profile with a static IP, you can use {{ic|1=AutoWired=yes}}. See {{ic|netctl.profile(5)}} for details.<br />
<br />
{{Warning|Automatic selection of a WPA-enabled profile by ''netctl-auto'' is not possible with option {{ic|1=Security=wpa-config}}, please use {{ic|1=Security=wpa-configsection}} instead.}}<br />
<br />
Once your profiles are set and verified to be working, simply enable these services using ''systemctl'':<br />
<br />
# systemctl enable netctl-auto@''interface''.service <br />
# systemctl enable netctl-ifplugd@''interface''.service <br />
<br />
{{Warning|<br />
* If any of the profiles contain errors, such as an empty {{ic|1=Key=}} variable, the unit will fail to load at boot.<br />
* This method conflicts with the [[#Basic method|Basic method]]. If you have previously enabled a profile through ''netctl'', run {{ic|netctl disable ''profile''}} to prevent the profile from starting twice at boot.}}<br />
<br />
Since netctl 1.3, it possible to manually control an interface otherwise managed by netctl-auto without having to stop the netctl-auto service. This is done using the netctl-auto command. To have a list of available actions just run:<br />
# netctl-auto --help<br />
<br />
=== Migrating from netcfg ===<br />
<br />
''netctl'' uses {{ic|/etc/netctl/}} to store its profiles, '''not''' {{ic|/etc/network.d/}} (used by ''netcfg'').<br />
<br />
In order to migrate from ''netcfg'', at least the following is needed:<br />
* Disable the netcfg service: {{ic|systemctl disable netcfg.service}}.<br />
* Uninstall ''netcfg'' and install ''netctl''.<br />
* Move network profile files to the new directory.<br />
* Rename variables therein according to {{ic|netctl.profile(5)}} (Most variable names have only {{ic|UpperCamelCase}} i.e {{ic|CONNECTION}} becomes {{ic|Connection}}).<br />
* For static IP configuration make sure the {{ic|Address}} variables have a netmask after the IP (e.g. {{ic|1=Address=('192.168.1.23'''/24'''' '192.168.1.87'''/24'''')}} in the example profile). <br />
* If you setup a wireless profile according in the {{ic|wireless-wpa-configsection}} example, note that this overrides {{ic|wpa_supplicant}} options defined above the brackets. For a connection to a hidden wireless network, add {{ic|1=scan_ssid=1}} to the options in the {{ic|wireless-wpa-configsection}}; {{ic|1=Hidden=yes}} does not work there. <br />
* Unquote interface variables and other variables that don't strictly need quoting (this is mainly a style thing).<br />
* Run {{ic|netctl enable ''profile''}} for every profile in the old {{ic|NETWORKS}} array. ''last'' doesn't work this way, see {{ic|netctl.special(7)}}.<br />
* Use {{ic|netctl list}} and/or {{ic|netctl start ''profile''}} instead of ''netcfg-menu''. ''wifi-menu'' remains available.<br />
* Unlike ''netcfg'', by default ''netctl'' fails to bring up a [[wikipedia:Network interface controller|NIC]] when it is not connected to another powered up NIC. To solve this problem, add {{ic|1=SkipNoCarrier=yes}} at the end of your {{ic|/etc/netctl/''profile''}}.<br />
<br />
=== Passphrase obfuscation (256-bit PSK) ===<br />
<br />
{{Note|Although "encrypted", the key that you put in the profile configuration is enough to connect to a WPA-PSK network. Therefore this process is only useful for hiding the human-readable version of the passphrase. This will not prevent anyone with read access to this file from connecting to the network. You should ask yourself if there is any use in this at all, since using the same passphrase for anything else is a very poor security measure.}}<br />
<br />
Users '''not''' wishing to have the passphrase to their wireless network stored in ''plain text'' have the option of storing the corresponding 256-bit pre-shared key (PSK) instead, which is calculated from the passphrase and the SSID using standard algorithms.<br />
<br />
* Method 1: Use {{ic|wifi-menu -o}} to generate a config file in {{ic|/etc/netctl/}} <br />
* Method 2: Manual settings as follows.<br />
<br />
For both methods it is suggested to {{ic|chmod 600 /etc/netctl/<config_file>}} to prevent user access to the password.<br />
<br />
Calculate your 256-bit PSK using [[WPA_supplicant#Configuration_file|wpa_passphrase]]:<br />
{{hc|$ wpa_passphrase ''your_essid'' ''passphrase''|2=<br />
network={<br />
ssid="''your_essid''"<br />
#psk="''passphrase''"<br />
psk=64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a<br />
}<br />
}}<br />
<br />
{{Note|This information will be used in your profile, so do not close the terminal.}}<br />
<br />
In a second terminal window, copy the example file {{ic|wireless-wpa}} from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}}:<br />
<br />
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa<br />
<br />
You will then need to edit {{ic|/etc/netctl/wireless-wpa}} using your favorite text editor and add the ''pre-shared key'', that was generated earlier using wpa_passphrase, to the {{ic|Key}} variable of this profile.<br />
<br />
Once completed your network profile {{ic|wireless-wpa}} containing a 256-bit PSK should resemble:<br />
<br />
{{hc|/etc/netctl/wireless-wpa|2=<br />
Description='A simple WPA encrypted wireless connection using 256-bit PSK'<br />
Interface=wlp2s2<br />
Connection=wireless<br />
Security=wpa<br />
IP=dhcp<br />
ESSID=''your_essid''<br />
Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a<br />
}}<br />
<br />
{{Note|<br />
* Make sure to use the '''special quoting rules''' for the {{ic|Key}} variable as explained at the end of [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile(5)].<br />
* If the passphrase fails, try removing the {{ic|\"}} in the {{ic|Key}} variable.}}<br />
<br />
== Tips and tricks ==<br />
<br />
<br />
=== Replace 'netcfg current' ===<br />
<br />
If you used {{ic|netcfg current}} in the past, you can use {{ic|# netctl-auto current}} as a replacement for connections started with {{ic|netctl-auto}} (feature since netctl-1.3). <br />
<br />
To manually parse the connections, you can also use: <br />
<br />
# netctl list | awk '/*/ {print $2}'<br />
<br />
=== Eduroam ===<br />
<br />
Some universities use a system called "Eduroam" to manage their wireless networks. For this system, a WPA config-section profile with the following format is often useful:<br />
<br />
{{hc|/etc/netctl/wlan0-eduroam|<nowiki><br />
Description='Eduroam-profile for <user>'<br />
Interface=wlan0<br />
Connection=wireless<br />
Security=wpa-configsection<br />
IP=dhcp<br />
WPAConfigSection=(<br />
'ssid="eduroam"'<br />
'proto=RSN'<br />
'key_mgmt=WPA-EAP'<br />
'pairwise=CCMP'<br />
'auth_alg=OPEN'<br />
'eap=PEAP'<br />
'identity="<user>"'<br />
'password="<password>"'<br />
)</nowiki><br />
}}<br />
<br />
{{Tip|To prevent storing your password as plaintext, you can generate a password hash with {{ic|$ echo -n <password> &#124; iconv -t utf16le &#124; openssl md4}}. Then use it as {{ic|'password&#61;hash:<hash>'}}.}}<br />
<br />
For TTLS and certified universities this setup works:<br />
<br />
{{hc|/etc/netctl/wlan0-eduroam|<nowiki><br />
Description='Eduroam university'<br />
Interface=wlan0 <br />
Connection=wireless<br />
Security=wpa-configsection<br />
IP=dhcp<br />
ESSID=eduroam<br />
WPAConfigSection=(<br />
'ssid="eduroam"'<br />
'key_mgmt=WPA-EAP'<br />
'eap=TTLS'<br />
'group=TKIP'<br />
'anonymous_identity="anonymous@domain_university"'<br />
'identity="XXX@domain_university"'<br />
'password="XXX"'<br />
'ca_cert="Path/to/the/certificate"'<br />
'phase2="auth=PAP"'<br />
)</nowiki><br />
}}<br />
<br />
=== Bonding ===<br />
<br />
From [https://www.kernel.org/doc/Documentation/networking/bonding.txt kernel documentation]:<br />
<br />
:''The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interfaces depends on the mode. Generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed.''<br />
<br />
==== Load balancing ====<br />
<br />
To use bonding with netctl, additional package from official repositories is required: {{Pkg|ifenslave}}.<br />
<br />
Copy {{ic|/etc/netctl/examples/bonding}} to {{ic|/etc/netctl/bonding}} and edit it, for example: <br />
<br />
{{hc|/etc/netctl/bonding|2=<br />
Description='Bond Interface'<br />
Interface='bond0'<br />
Connection=bond<br />
BindsToInterfaces=('eth0' 'eth1')<br />
IP=dhcp<br />
IP6=stateless}}<br />
<br />
Now you can disable your old configuration and set ''bonding'' to be started automatically. Switch to the new profile, for example:<br />
<br />
# netctl switch-to bonding<br />
<br />
{{Note|This uses the round-robin policy, which is the default for the {{ic|bonding}} driver. See [https://www.kernel.org/doc/Documentation/networking/bonding.txt official documentation] for details.}}<br />
<br />
{{Tip|To check the status and bonding mode: {{bc|$ cat /proc/net/bonding/bond0}}}}<br />
<br />
==== Wired to wireless failover ====<br />
<br />
This example describes how to use ''bonding'' to fallback to wireless when the wired ethernet goes down. It is assumed that ''dhcpcd'' service is running for all interfaces as by default.<br />
<br />
You'll need additional packages from the official repositories: <s>{{Pkg|ifplugd}}</s>, {{Pkg|ifenslave}} and {{Pkg|wpa_supplicant}}.<br />
<br />
First configure the {{ic|bonding}} driver to use {{ic|active-backup}}:<br />
<br />
{{hc|/etc/modprobe.d/bonding.conf|2=<br />
options bonding mode=active-backup<br />
options bonding miimon=100<br />
options bonding primary=eth0<br />
options bonding max_bonds=0<br />
}}<br />
<br />
The {{ic|max_bonds}} option avoids the {{ic|Interface bond0 already exists}} error. {{ic|fail_over_mac<nowiki>=</nowiki>active}} setting may be added if MAC filtering is used. <br />
<br />
Next, configure a netctl profile to enslave the two hardware interfaces:<br />
<br />
{{hc|/etc/netctl/failover|2=<br />
Description='A wired connection with failover to wireless'<br />
Interface='bond0'<br />
Connection=bond<br />
BindsToInterfaces=('eth0' 'wlan0')<br />
IP='dhcp'<br />
SkipNoCarrier='no'<br />
}}<br />
<br />
Enable the profile on startup.<br />
<br />
# netctl enable failover<br />
<br />
Configure ''wpa_supplicant'' to associate with known networks. This can be done with a netctl profile (remember to use {{ic|1=IP='no'}}) and a ''wpa_supplicant'' service running constantly, or on-demand with ''wpa_cli''. Ways to do this are covered on the [[wpa_supplicant]] page. To run ''wpa_supplicant'' constantly create ''wpa_supplicant'' config file {{ic|/etc/wpa_supplicant/wpa_supplicant-wlan0.conf}} and then run:<br />
<br />
# systemctl enable wpa_supplicant@wlan0<br />
<br />
Set {{ic|1=IP='no'}} in wired network profile. IP address should be assigned to ''bond0'' interface only.<br />
<br />
If you have a wired and wireless connection to the same network, you can probably now disconnect and reconnect the wired connection without losing connectivity. In most cases, even streaming music won't skip!<br />
<br />
=== Remove old dhcpcd lease ===<br />
<br />
{{Expansion|missing description}}<br />
<br />
# rm /var/lib/dhcpcd/dhcpcd-wlan0.lease<br />
<br />
=== DHCP timeout issues ===<br />
<br />
If you are having timeout issues when requesting leases via DHCP you can set the timeout value higher than netctl's 10 seconds by default. Create a file in {{ic|/etc/netctl/hooks/}} or {{ic|/etc/netctl/interfaces/}}, add {{ic|1=TimeoutDHCP=30}} to it for a timeout of 30 seconds and make the file executable.<br />
<br />
== See also ==<br />
<br />
* [https://bbs.archlinux.org/viewtopic.php?id=157670 Official announcement thread]<br />
* There is a cinnamon applet available in the AUR: {{AUR|cinnamon-applet-netctl-systray-menu}}</div>Griph