Difference between revisions of "Netctl"

From ArchWiki
Jump to: navigation, search
m
(8 intermediate revisions by 6 users not shown)
Line 20: Line 20:
 
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.special.7.txt netctl.special]
 
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.special.7.txt netctl.special]
  
{{Pkg|netctl}} and {{Pkg|netcfg}} are conflicting packages. You will be potentially connectionless after installing {{Pkg|netctl}}, IF your profiles are misconfigured.
+
{{Pkg|netctl}} and {{Pkg|netcfg}} are conflicting packages. You will be potentially connectionless after installing {{Pkg|netctl}} '''if''' your profiles are misconfigured.
  
 
==Configuration==
 
==Configuration==
Line 44: Line 44:
 
This will create and enable a [[systemd]] service that will start when the computer boots.
 
This will create and enable a [[systemd]] service that will start when the computer boots.
  
{{Note|The connection to a dhcp-server is only established, if the interface is connected and up at boot time (or when the service starts). In order to have an automatic connection established on cable connect, proceed to the [[Netctl#Multiple_Profiles|Multiple Profiles]] section.}}
+
{{Note|The connection to a dhcp-server is only established if the interface is connected and up at boot time (or when the service starts). In order to have an automatic connection established on cable connect, proceed to [[#Multiple Profiles]].}}
  
 
====Multiple Profiles====
 
====Multiple Profiles====
Whereas with {{ic|netcfg}} there was {{ic|net-auto-wireless.service}} and {{ic|net-auto-wired.service}}, {{ic|netctl}} uses {{ic|netctl-auto@<interface>.service}} for wireless profiles, and {{ic|netctl-ifplugd@<interface>.service}} for wired profiles. In order to make the {{ic|netctl-auto@<interface>.service}} work for wireless interfaces, the package {{pkg|wpa_actiond}} is required to be installed. In order to make the {{ic|netctl-ifplugd@<interface>.service}} work for wired interfaces, the package {{pkg|ifplugd}} is required to be installed.  Configure {{ic|/etc/ifplugd/ifplugd.conf}} accordingly.
+
Whereas with {{ic|netcfg}} there was {{ic|net-auto-wireless.service}} and {{ic|net-auto-wired.service}}, {{ic|netctl}} uses {{ic|netctl-auto@<interface>.service}} for wireless profiles, and {{ic|netctl-ifplugd@<interface>.service}} for wired profiles. In order to make the {{ic|netctl-auto@<interface>.service}} work for wireless interfaces, the package {{pkg|wpa_actiond}} is required to be installed. In order to make the {{ic|netctl-ifplugd@<interface>.service}} work for wired interfaces, the package {{pkg|ifplugd}} is required to be installed.  Configure {{ic|/etc/ifplugd/ifplugd.conf}} accordingly. Automatic selection of a WPA-enabled profile by netctl-auto is not possible with option {{ic|1=Security=wpa-config}}, please use {{ic|1=Security=wpa-configsection}} instead.
  
 
Once your profiles are set and verified to be working, simply enable these services with  
 
Once your profiles are set and verified to be working, simply enable these services with  
Line 73: Line 73:
 
*Use {{ic|netctl list}} / {{ic|netctl start <profile>}} instead of netcfg-menu. wifi-menu remains available.
 
*Use {{ic|netctl list}} / {{ic|netctl start <profile>}} instead of netcfg-menu. wifi-menu remains available.
  
===Password encryption (256-bit PSK)===
+
===Passphrase obfuscation (256-bit PSK)===
  
Users ''not'' wishing to have their passwords stored in ''plain text'' have the option of generating a 256-bit Encrypted PSK.
+
Users ''not'' wishing to have their passphrase stored in ''plain text'' have the option of storing the corresponding 256-bit PSK instead, which is calculated from the passphrase and the SSID using standard algorithms.
  
If you have not done so already, [[pacman|install]] {{pkg|wpa_actiond}} from the [[Official Repositories]].
+
Calculate your 256-bit PSK using [[WPA_supplicant#Configuration_file|wpa_passphrase]]:
 
+
Next, generate your 256-bit Encrypted PSK using [[WPA_supplicant#Configuration_file|wpa_passphrase]]:
+
 
{{hc|Usage: wpa_passphrase [ssid] [passphrase]|
 
{{hc|Usage: wpa_passphrase [ssid] [passphrase]|
 
2=$ wpa_passphrase archlinux freenode|
 
2=$ wpa_passphrase archlinux freenode|
Line 93: Line 91:
 
  # cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa
 
  # cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa
  
You will then need to edit {{ic|/etc/netctl/wireless-wpa}} using your favorite text editor and add the ''Encrypted Pre-shared Key'' that was generated earlier using wpa_passphrase, to the {{ic|'''Key'''}} variable of this profile.
+
You will then need to edit {{ic|/etc/netctl/wireless-wpa}} using your favorite text editor and add the ''Pre-shared Key'' that was generated earlier using wpa_passphrase, to the {{ic|'''Key'''}} variable of this profile.
  
Once completed your network profile {{ic|wireless-wpa}} containing a 256-bit Encrypted PSK should resemble:
+
Once completed your network profile {{ic|wireless-wpa}} containing a 256-bit PSK should resemble:
 
{{hc|/etc/netctl/wireless-wpa|2=
 
{{hc|/etc/netctl/wireless-wpa|2=
Description='A simple WPA encrypted wireless connection using 256-bit Encrypted PSK'
+
Description='A simple WPA encrypted wireless connection using 256-bit PSK'
 
Interface=wlp2s2
 
Interface=wlp2s2
 
Connection=wireless
 
Connection=wireless
Line 106: Line 104:
 
}}
 
}}
 
{{Note|1=Make sure to use the '''special non-quoted rules''' for {{ic|1=Key=}} that are explained at the end of [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile(5)].}}
 
{{Note|1=Make sure to use the '''special non-quoted rules''' for {{ic|1=Key=}} that are explained at the end of [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile(5)].}}
 +
{{Note|1=The key that you put in the profile configuration is enough to connect to a WPA-PSK network, which means this procedure is only good to hide the human-readable passphrase, but will not prevent anyone with read access to this file from connecting to the network. You should ask yourself if there is any use in this at all, since using the same passphrase for anything else is a very poor security measure.}}
  
 
==Support==
 
==Support==

Revision as of 17:09, 9 May 2013

Template:Article summary start Template:Article summary text Template:Article summary end Netctl is a new Arch project that replaces netcfg. Netctl is the future (and present) of CLI-based network management on Arch Linux.

Installation

The netctl package is available in the Official Repositories. Installing netctl will replace netcfg.

Required reading

Considerable effort has gone into the construction of quality man pages. Users should read the following man pages prior to using netctl:

netctl and netcfg are conflicting packages. You will be potentially connectionless after installing netctl if your profiles are misconfigured.

Configuration

netctl may be used to introspect and control the state of the systemd services for the network profile manager. Example configuration files are provided for the user to assist them in configuring their network connection. These example profiles are located in /etc/netctl/examples/. The common configurations include:

  • ethernet-dhcp
  • ethernet-static
  • wireless-wpa
  • wireless-wpa-static

To use an example profile, simply copy one of them from /etc/netctl/examples/ to /etc/netctl/ and configure it to your needs:

# cp /etc/netctl/examples/wireless-wpa /etc/netctl/

Once you have created your profile, make an attempt to establish a connection using the newly created profile by running:

# netctl start <profile>

If issuing the above command results in a failure, then use journalctl -xn and netctl status <profile> in order to obtain a more in depth explanation of the failure. Make the needed corrections to the failed configuration and retest.

Automatic Operation

Just One Profile

If you are using only one profile, once that profile is started successfully, it can be enabled using

# netctl enable <profile> 

This will create and enable a systemd service that will start when the computer boots.

Note: The connection to a dhcp-server is only established if the interface is connected and up at boot time (or when the service starts). In order to have an automatic connection established on cable connect, proceed to #Multiple Profiles.

Multiple Profiles

Whereas with netcfg there was net-auto-wireless.service and net-auto-wired.service, netctl uses netctl-auto@<interface>.service for wireless profiles, and netctl-ifplugd@<interface>.service for wired profiles. In order to make the netctl-auto@<interface>.service work for wireless interfaces, the package wpa_actiond is required to be installed. In order to make the netctl-ifplugd@<interface>.service work for wired interfaces, the package ifplugd is required to be installed. Configure /etc/ifplugd/ifplugd.conf accordingly. Automatic selection of a WPA-enabled profile by netctl-auto is not possible with option Security=wpa-config, please use Security=wpa-configsection instead.

Once your profiles are set and verified to be working, simply enable these services with

# systemctl enable netctl-auto@<interface>.service 
# systemctl enable netctl-ifplugd@<interface>.service  

If you have previously enabled a profile through netctl, run

# netctl disable <profile> 

to prevent the profile from starting twice at boot, and possibly causing issues with wpa_supplicant.

Note: If there is ever a need to alter a currently enabled profile, execute netctl reenable <profile> to apply the changes.

Migrating from netcfg

Warning: netctl conflicts with netcfg so disable existing netcfg@<profile> service before installing netctl.

netctl uses /etc/netctl to store its profiles, not /etc/network.d (netcfg's profile storage location).

In order to migrate from netcfg, at least the following is needed:

  • Move network profile files to the new directory.
  • Rename variables therein according to netctl.profile(5) (Most variable names have only UpperCamelCase i.e CONNECTION= becomes Connection=).
  • For static IP configuration make sure the Address= variables have a netmask after the IP (e.g. Address=('192.168.1.23/24' '192.168.1.87/24') in the example profile).
  • If you setup a wireless profile according in the wireless-wpa-configsection example, note that this overrides wpa_supplicant options defined above the brackets. For a connection to a hidden wireless network, add scan_ssid=1 to the options in the wireless-wpa-configsection; Hidden=yes does not work there.
  • Unquote interface variables and other variables that don't strictly need quoting (this is mainly a style thing).
  • Run netctl enable <profile> for every profile in the old NETWORKS array. 'last' doesn't work this way, see netctl.special(7).
  • Use netctl list / netctl start <profile> instead of netcfg-menu. wifi-menu remains available.

Passphrase obfuscation (256-bit PSK)

Users not wishing to have their passphrase stored in plain text have the option of storing the corresponding 256-bit PSK instead, which is calculated from the passphrase and the SSID using standard algorithms.

Calculate your 256-bit PSK using wpa_passphrase:

Usage: wpa_passphrase [ssid] [passphrase]
$ wpa_passphrase archlinux freenode

In a second terminal window copy the example file wireless-wpa from /etc/netctl/examples to /etc/netctl.

# cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa

You will then need to edit /etc/netctl/wireless-wpa using your favorite text editor and add the Pre-shared Key that was generated earlier using wpa_passphrase, to the Key variable of this profile.

Once completed your network profile wireless-wpa containing a 256-bit PSK should resemble:

/etc/netctl/wireless-wpa
Description='A simple WPA encrypted wireless connection using 256-bit PSK'
Interface=wlp2s2
Connection=wireless
Security=wpa
IP=dhcp
ESSID=archlinux
Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
Note: Make sure to use the special non-quoted rules for Key= that are explained at the end of netctl.profile(5).
Note: The key that you put in the profile configuration is enough to connect to a WPA-PSK network, which means this procedure is only good to hide the human-readable passphrase, but will not prevent anyone with read access to this file from connecting to the network. You should ask yourself if there is any use in this at all, since using the same passphrase for anything else is a very poor security measure.

Support

Official announcement thread: https://bbs.archlinux.org/viewtopic.php?id=157670

Tips and Tricks

As of April 2013 there is no netctl alternative to netcfg current. If you relied on it for something, like a status bar for a tiling window manager, you can now use:

# netctl list | sed -n 's/^\* //p'

or, when netctl-auto was used to connect:

# wpa_cli -i <interface> status | sed -n 's/^id_str=//p'