IWD (iNet wireless daemon) is a wireless daemon for Linux, written by Intel aiming to replace WPA supplicant. IWD works standalone or in combination with ConnMan or NetworkManager. It comes with different enhancements like an own crypto-library, called ELL, which docks directly into the Linux Kernel cryptography.
Install the package.
iwctl, the daemon
iwd and the Wi-Fi monitoring tool
Once the iwd daemon is running (start/enable
iwd.service) you can control it using the
iwctl gets you an interactive prompt. From now on commands that need to be run in the
iwctl prompt will be prefixed by
iwctlprompt you can auto-complete commands and device names by hitting
List available commands:
List all wifi devices:
[iwd]# device list
Scan for networks:
[iwd]# device interface scan
[iwd]# device interface get-networks
Connect to a WPA2 protected network (will prompt you for the passphrase):
[iwd]# device interface connect network_name
iwdautomatically stores network passphrases (as encrypted
PreSharedKey) in the
/var/lib/iwddirectory and uses them to auto-connect in the future.
Displaying details of a WiFi device (like MAC address, state and connected network):
[iwd]# device interface show
List known networks:
[iwd]# known-networks list
Forget a known network:
[iwd]# known-networks forget network_name
For connecting to a EAP-PWD protected enterprice access point you need to create a file called:
essid.8021x in the folder
/var/lib/iwd with the following content:
[Security] EAP-Method=PWD EAP-Identity=your_enterprise_email EAP-PWD-Password=your_password [Settings] Autoconnect=True
If you do not want autoconnect to the AP you can set the option to False and connect manually to the access point via
iwctl. The same applies to the password, if you do not want to store it plaintext leave the option out of the file and just connect to the enterprise AP.
/etc/iwd/main.conf can be used for main configuration.
/var/lib/iwd can be used for network (SSID) configuration.
Disable auto-connect for a particular network
Create / edit file
/var/lib/iwd/network.type, where network is network SSID and type is network type i.e. one of "open", "wep", "psk", "8021x". Add the following section to it:
/var/lib/iwd/spaceship.psk (for example)
Deny console (local) user from modifying the settings
iwd D-Bus interface allows any console user to connect to
iwd daemon and modify the settings, even if that user is not a root user.
If you do not want to allow console user to modify the settings but allow reading the status information, then create a D-Bus configuration file as follows.
<!-- prevent local users from changing iwd settings, but allow reading status information. overrides some part of /usr/share/dbus-1/system.d/iwd-dbus.conf. --> <!-- This configuration file specifies the required security policies for iNet Wireless Daemon to work. --> <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <policy at_console="true"> <deny send_destination="net.connman.iwd"/> <allow send_destination="net.connman.iwd" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll" /> <allow send_destination="net.connman.iwd" send_interface="org.freedesktop.DBus.Properties" send_member="Get" /> <allow send_destination="net.connman.iwd" send_interface="org.freedesktop.DBus.ObjectManager" send_member="GetManagedObjects" /> <allow send_destination="net.connman.iwd" send_interface="net.connman.iwd.Device" send_member="RegisterSignalLevelAgent" /> <allow send_destination="net.connman.iwd" send_interface="net.connman.iwd.Device" send_member="UnregisterSignalLevelAgent" /> </policy> </busconfig>