Difference between revisions of "Netctl"
(Added note to use 'wpa-configsection' if automatic profile selection is desired.) |
Filipzeman (talk | contribs) |
||
(29 intermediate revisions by 19 users not shown) | |||
Line 1: | Line 1: | ||
{{Lowercase title}} | {{Lowercase title}} | ||
[[Category:Networking]] | [[Category:Networking]] | ||
+ | [[cs:Netctl]] | ||
+ | [[es:Netctl]] | ||
[[fr:Netctl]] | [[fr:Netctl]] | ||
− | |||
[[ja:Netctl]] | [[ja:Netctl]] | ||
[[zh-CN:Netctl]] | [[zh-CN:Netctl]] | ||
Line 8: | Line 9: | ||
{{Article summary start}} | {{Article summary start}} | ||
{{Article summary text|A guide to configuring the network using netctl and network profile scripts.}} | {{Article summary text|A guide to configuring the network using netctl and network profile scripts.}} | ||
+ | {{Article summary heading|Overview}} | ||
+ | {{Article summary text|{{Networking overview}}}} | ||
+ | {{Article summary heading|Resources}} | ||
+ | {{Article summary wiki|Bridge with netctl}} | ||
{{Article summary end}} | {{Article summary end}} | ||
Netctl is a new Arch project that replaces [[netcfg]]. Netctl is the future (and present) of CLI-based network management on Arch Linux. | Netctl is a new Arch project that replaces [[netcfg]]. Netctl is the future (and present) of CLI-based network management on Arch Linux. | ||
− | ==Installation== | + | == Installation == |
− | The {{Pkg|netctl}} package is available in the [[ | + | |
+ | The {{Pkg|netctl}} package is available in the [[official repositories]]. Installing netctl will replace {{Pkg|netcfg}}. | ||
− | ==Required reading== | + | {{Pkg|netctl}} and {{Pkg|netcfg}} are conflicting packages. You will be potentially connectionless after installing '''netctl''' if your profiles are misconfigured. |
− | + | ||
+ | == Required reading == | ||
+ | |||
+ | It is advisable to read the following man pages before using netctl: | ||
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.1.txt netctl] | *[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.1.txt netctl] | ||
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile] | *[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile] | ||
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.special.7.txt netctl.special] | *[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.special.7.txt netctl.special] | ||
− | + | == Configuration == | |
− | + | {{ic|netctl}} may be used to introspect and control the state of the systemd services for the network profile manager. Example configuration files are provided for the user to assist them in configuring their network connection. These example profiles are located in {{ic|/etc/netctl/examples/}}. The common configurations include: | |
+ | * ethernet-dhcp | ||
+ | * ethernet-static | ||
+ | * wireless-wpa | ||
+ | * wireless-wpa-static | ||
− | + | For wireless settings, use '''wifi-menu -o''' will generate the config file in /etc/netctl. | |
− | |||
− | |||
− | |||
− | |||
To use an example profile, simply copy one of them from {{ic|/etc/netctl/examples/}} to {{ic|/etc/netctl/}} and configure it to your needs: | To use an example profile, simply copy one of them from {{ic|/etc/netctl/examples/}} to {{ic|/etc/netctl/}} and configure it to your needs: | ||
Line 34: | Line 43: | ||
Once you have created your profile, make an attempt to establish a connection using the newly created profile by running: | Once you have created your profile, make an attempt to establish a connection using the newly created profile by running: | ||
− | # netctl start | + | # netctl start ''profile'' |
If issuing the above command results in a failure, then use {{ic|journalctl -xn}} and {{ic|netctl status <profile>}} in order to obtain a more in depth explanation of the failure. Make the needed corrections to the failed configuration and retest. | If issuing the above command results in a failure, then use {{ic|journalctl -xn}} and {{ic|netctl status <profile>}} in order to obtain a more in depth explanation of the failure. Make the needed corrections to the failed configuration and retest. | ||
− | ===Automatic | + | === Automatic operation === |
− | ====Just | + | |
+ | ==== Just one profile ==== | ||
+ | |||
If you are using only one profile, once that profile is started successfully, it can be {{ic|enabled}} using | If you are using only one profile, once that profile is started successfully, it can be {{ic|enabled}} using | ||
− | # netctl enable | + | # netctl enable ''profile'' |
This will create and enable a [[systemd]] service that will start when the computer boots. | This will create and enable a [[systemd]] service that will start when the computer boots. | ||
− | {{Note|The connection to a dhcp-server is only established | + | {{Note|The connection to a dhcp-server is only established if the interface is connected and up at boot time (or when the service starts). In order to have an automatic connection established on cable connect, proceed to [[#Multiple Profiles]].}} |
+ | |||
+ | ==== Multiple profiles ==== | ||
+ | |||
+ | Whereas with {{ic|netcfg}} there was {{ic|net-auto-wireless.service}} and {{ic|net-auto-wired.service}}, {{ic|netctl}} uses {{ic|netctl-auto@''interface''.service}} for wireless profiles, and {{ic|netctl-ifplugd@''interface''.service}} for wired profiles. In order to make the {{ic|netctl-auto@''interface''.service}} work for wireless interfaces, the package {{Pkg|wpa_actiond}} is required to be installed. In order to make the {{ic|netctl-ifplugd@''interface''.service}} work for wired interfaces, the package {{pkg|ifplugd}} is required to be installed. Configure {{ic|/etc/ifplugd/ifplugd.conf}} accordingly. Automatic selection of a WPA-enabled profile by netctl-auto is not possible with option {{ic|1=Security=wpa-config}}, please use {{ic|1=Security=wpa-configsection}} instead. | ||
− | + | To set preferred wired profile for auto-connecting specify {{ic|1=AutoWired=yes}} in that profile. By default on failure {{Pkg|ifplugd}} will pass to other DHCP wired profiles, then to static ones. If you don't want it to do so, set {{ic|1=ForceConnect=yes}}. | |
− | |||
Once your profiles are set and verified to be working, simply enable these services with | Once your profiles are set and verified to be working, simply enable these services with | ||
− | # systemctl enable netctl-auto@ | + | # systemctl enable netctl-auto@''interface''.service |
− | # systemctl enable netctl-ifplugd@ | + | # systemctl enable netctl-ifplugd@''interface''.service |
+ | |||
+ | {{Note|If any of the profiles contain errors, such as an empty {{ic|Key=}} variable, the unit will fail to load at boot.}} | ||
If you have previously enabled a profile through {{ic|netctl}}, run | If you have previously enabled a profile through {{ic|netctl}}, run | ||
− | # netctl disable | + | # netctl disable ''profile'' |
to prevent the profile from starting twice at boot, and possibly causing issues with wpa_supplicant. | to prevent the profile from starting twice at boot, and possibly causing issues with wpa_supplicant. | ||
− | {{Note|If there is ever a need to alter a currently enabled profile, execute {{ic|netctl reenable <profile>}} to apply the changes.}} | + | {{Note| |
+ | * If there is ever a need to alter a currently enabled profile, execute {{ic|netctl reenable <profile>}} to apply the changes. | ||
+ | * ''interface'' is hardware minus, e.g netctl-auto@wlan0.service or netctl-auto@wlo1.service | ||
+ | }} | ||
− | ===Migrating from netcfg=== | + | === Migrating from netcfg === |
− | {{Warning|{{ic|netctl}} conflicts with {{ic|netcfg}} so disable existing {{ic|netcfg@ | + | |
+ | {{Warning|{{ic|netctl}} conflicts with {{ic|netcfg}} so disable existing {{ic|netcfg@''profile''}} service before installing {{ic|netctl}}.}} | ||
{{ic|netctl}} uses {{ic|/etc/netctl}} to store its profiles, ''not'' {{ic|/etc/network.d}} ({{ic|netcfg}}'s profile storage location). | {{ic|netctl}} uses {{ic|/etc/netctl}} to store its profiles, ''not'' {{ic|/etc/network.d}} ({{ic|netcfg}}'s profile storage location). | ||
In order to migrate from netcfg, at least the following is needed: | In order to migrate from netcfg, at least the following is needed: | ||
− | *Move network profile files to the new directory. | + | * Move network profile files to the new directory. |
− | *Rename variables therein according to netctl.profile(5) (Most variable names have only UpperCamelCase i.e CONNECTION= becomes Connection=). | + | * Rename variables therein according to netctl.profile(5) (Most variable names have only UpperCamelCase i.e CONNECTION= becomes Connection=). |
− | *For static IP configuration make sure the Address= variables have a netmask after the IP (e.g. Address=('192.168.1.23 | + | * For static IP configuration make sure the Address= variables have a netmask after the IP (e.g. Address=('192.168.1.23'''/24'''' '192.168.1.87'''/24'''') in the example profile). |
− | *If you setup a wireless profile according in the {{ic|wireless-wpa-configsection}} example, note that this overrides {{ic|wpa_supplicant}} options defined above the brackets. For a connection to a hidden wireless network, add {{ic|scan_ssid<nowiki>=1</nowiki>}} to the options in the {{ic|wireless-wpa-configsection}}; {{ic|Hidden<nowiki>=</nowiki>yes}} does not work there. | + | * If you setup a wireless profile according in the {{ic|wireless-wpa-configsection}} example, note that this overrides {{ic|wpa_supplicant}} options defined above the brackets. For a connection to a hidden wireless network, add {{ic|scan_ssid<nowiki>=1</nowiki>}} to the options in the {{ic|wireless-wpa-configsection}}; {{ic|Hidden<nowiki>=</nowiki>yes}} does not work there. |
− | *Unquote interface variables and other variables that don't strictly need quoting (this is mainly a style thing). | + | * Unquote interface variables and other variables that don't strictly need quoting (this is mainly a style thing). |
− | *Run {{ic|netctl enable | + | * Run {{ic|netctl enable ''profile''}} for every profile in the old NETWORKS array. 'last' doesn't work this way, see netctl.special(7). |
− | *Use {{ic|netctl list}} / {{ic|netctl start | + | * Use {{ic|netctl list}}/{{ic|netctl start ''profile''}} instead of '''netcfg-menu'''. '''wifi-menu''' remains available. |
+ | * It may be a good idea to use {{ic|1=systemctl --type=service}} to ensure that no other service is running that may want to configure the network. Multiple networking services will conflict. | ||
+ | |||
+ | === Passphrase obfuscation (256-bit PSK) === | ||
+ | |||
+ | Users ''not'' wishing to have the passphrase to their wireless network stored in ''plain text'' have the option of storing the corresponding 256-bit pre-shared key (PSK) instead, which is calculated from the passphrase and the SSID using standard algorithms. | ||
− | = | + | * Method 1: Use {{ic|wifi-menu -o}} to generate a config file in {{ic|/etc/netctl}} |
+ | * Method 2: Manual settings as follows. If the passphrase fails, try removing the \" in Key= (see note below) | ||
− | + | For both methods it is suggested to {{ic|chmod 600 /etc/netctl/<config_file>}} to prevent user access to the password. | |
Calculate your 256-bit PSK using [[WPA_supplicant#Configuration_file|wpa_passphrase]]: | Calculate your 256-bit PSK using [[WPA_supplicant#Configuration_file|wpa_passphrase]]: | ||
Line 85: | Line 111: | ||
psk=64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a | psk=64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a | ||
} | } | ||
− | {{Note|This information will be used in your profile so do not close the terminal}} | + | {{Note|This information will be used in your profile, so do not close the terminal.}} |
}} | }} | ||
− | In a second terminal window copy the example file {{ic|wireless-wpa}} from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}} | + | In a second terminal window, copy the example file {{ic|wireless-wpa}} from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}}: |
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa | # cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa | ||
− | You will then need to edit {{ic|/etc/netctl/wireless-wpa}} using your favorite text editor and add the '' | + | You will then need to edit {{ic|/etc/netctl/wireless-wpa}} using your favorite text editor and add the ''pre-shared key'', that was generated earlier using wpa_passphrase, to the {{ic|'''Key'''}} variable of this profile. |
Once completed your network profile {{ic|wireless-wpa}} containing a 256-bit PSK should resemble: | Once completed your network profile {{ic|wireless-wpa}} containing a 256-bit PSK should resemble: | ||
Line 103: | Line 129: | ||
Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a | Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a | ||
}} | }} | ||
− | {{Note| | + | {{Note| |
− | + | * Make sure to use the '''special non-quoted rules''' for {{ic|1=Key=}} that are explained at the end of [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile(5)]. | |
+ | * The key that you put in the profile configuration is enough to connect to a WPA-PSK network, which means this procedure is only good to hide the human-readable passphrase but will not prevent anyone with read access to this file from connecting to the network. You should ask yourself if there is any use in this at all, since using the same passphrase for anything else is a very poor security measure. | ||
+ | }} | ||
+ | |||
+ | == Support == | ||
− | |||
Official announcement thread: https://bbs.archlinux.org/viewtopic.php?id=157670 | Official announcement thread: https://bbs.archlinux.org/viewtopic.php?id=157670 | ||
− | ==Tips and | + | == Tips and tricks == |
+ | |||
+ | === Replace 'netcfg current' === | ||
+ | |||
As of April 2013 there is no netctl alternative to {{ic|netcfg current}}. If you relied on it for something, like a status bar for a tiling window manager, you can now use: | As of April 2013 there is no netctl alternative to {{ic|netcfg current}}. If you relied on it for something, like a status bar for a tiling window manager, you can now use: | ||
− | # netctl list | | + | # netctl list | awk '/*/ {print $2}' |
or, when {{ic|netctl-auto}} was used to connect: | or, when {{ic|netctl-auto}} was used to connect: | ||
− | # wpa_cli -i | + | # wpa_cli -i ''interface'' status | sed -n 's/^id_str=//p' |
+ | |||
+ | === Eduroam === | ||
+ | |||
+ | To connect ta a wireless network at university it is very likely you need a profile looking like this (tested in Freiburg, Germany): | ||
+ | {{hc|/etc/netctl/wlan0-eduroam|<nowiki> | ||
+ | Description='Eduroam-profile for <user>' | ||
+ | Interface=wlan0 | ||
+ | Connection=wireless | ||
+ | Security=wpa-configsection | ||
+ | IP=dhcp | ||
+ | WPAConfigSection=( | ||
+ | 'ssid="eduroam"' | ||
+ | 'proto=RSN' | ||
+ | 'key_mgmt=WPA-EAP' | ||
+ | 'pairwise=CCMP' | ||
+ | 'auth_alg=OPEN' | ||
+ | 'eap=PEAP' | ||
+ | 'identity="<user>"' | ||
+ | 'password="<password>"' | ||
+ | )</nowiki> | ||
+ | }} |
Revision as of 21:20, 2 July 2013
zh-CN:NetctlTemplate:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary end Netctl is a new Arch project that replaces netcfg. Netctl is the future (and present) of CLI-based network management on Arch Linux.
Contents
Installation
The netctl package is available in the official repositories. Installing netctl will replace netcfg.
netctl and netcfg are conflicting packages. You will be potentially connectionless after installing netctl if your profiles are misconfigured.
Required reading
It is advisable to read the following man pages before using netctl:
Configuration
netctl
may be used to introspect and control the state of the systemd services for the network profile manager. Example configuration files are provided for the user to assist them in configuring their network connection. These example profiles are located in /etc/netctl/examples/
. The common configurations include:
- ethernet-dhcp
- ethernet-static
- wireless-wpa
- wireless-wpa-static
For wireless settings, use wifi-menu -o will generate the config file in /etc/netctl.
To use an example profile, simply copy one of them from /etc/netctl/examples/
to /etc/netctl/
and configure it to your needs:
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/
Once you have created your profile, make an attempt to establish a connection using the newly created profile by running:
# netctl start profile
If issuing the above command results in a failure, then use journalctl -xn
and netctl status <profile>
in order to obtain a more in depth explanation of the failure. Make the needed corrections to the failed configuration and retest.
Automatic operation
Just one profile
If you are using only one profile, once that profile is started successfully, it can be enabled
using
# netctl enable profile
This will create and enable a systemd service that will start when the computer boots.
Multiple profiles
Whereas with netcfg
there was net-auto-wireless.service
and net-auto-wired.service
, netctl
uses netctl-auto@interface.service
for wireless profiles, and netctl-ifplugd@interface.service
for wired profiles. In order to make the netctl-auto@interface.service
work for wireless interfaces, the package wpa_actiond is required to be installed. In order to make the netctl-ifplugd@interface.service
work for wired interfaces, the package ifplugd is required to be installed. Configure /etc/ifplugd/ifplugd.conf
accordingly. Automatic selection of a WPA-enabled profile by netctl-auto is not possible with option Security=wpa-config
, please use Security=wpa-configsection
instead.
To set preferred wired profile for auto-connecting specify AutoWired=yes
in that profile. By default on failure ifplugd will pass to other DHCP wired profiles, then to static ones. If you don't want it to do so, set ForceConnect=yes
.
Once your profiles are set and verified to be working, simply enable these services with
# systemctl enable netctl-auto@interface.service # systemctl enable netctl-ifplugd@interface.service
Key=
variable, the unit will fail to load at boot.If you have previously enabled a profile through netctl
, run
# netctl disable profile
to prevent the profile from starting twice at boot, and possibly causing issues with wpa_supplicant.
- If there is ever a need to alter a currently enabled profile, execute
netctl reenable <profile>
to apply the changes. - interface is hardware minus, e.g netctl-auto@wlan0.service or netctl-auto@wlo1.service
Migrating from netcfg
netctl
conflicts with netcfg
so disable existing netcfg@profile
service before installing netctl
.netctl
uses /etc/netctl
to store its profiles, not /etc/network.d
(netcfg
's profile storage location).
In order to migrate from netcfg, at least the following is needed:
- Move network profile files to the new directory.
- Rename variables therein according to netctl.profile(5) (Most variable names have only UpperCamelCase i.e CONNECTION= becomes Connection=).
- For static IP configuration make sure the Address= variables have a netmask after the IP (e.g. Address=('192.168.1.23/24' '192.168.1.87/24') in the example profile).
- If you setup a wireless profile according in the
wireless-wpa-configsection
example, note that this overrideswpa_supplicant
options defined above the brackets. For a connection to a hidden wireless network, addscan_ssid=1
to the options in thewireless-wpa-configsection
;Hidden=yes
does not work there. - Unquote interface variables and other variables that don't strictly need quoting (this is mainly a style thing).
- Run
netctl enable profile
for every profile in the old NETWORKS array. 'last' doesn't work this way, see netctl.special(7). - Use
netctl list
/netctl start profile
instead of netcfg-menu. wifi-menu remains available. - It may be a good idea to use
systemctl --type=service
to ensure that no other service is running that may want to configure the network. Multiple networking services will conflict.
Passphrase obfuscation (256-bit PSK)
Users not wishing to have the passphrase to their wireless network stored in plain text have the option of storing the corresponding 256-bit pre-shared key (PSK) instead, which is calculated from the passphrase and the SSID using standard algorithms.
- Method 1: Use
wifi-menu -o
to generate a config file in/etc/netctl
- Method 2: Manual settings as follows. If the passphrase fails, try removing the \" in Key= (see note below)
For both methods it is suggested to chmod 600 /etc/netctl/<config_file>
to prevent user access to the password.
Calculate your 256-bit PSK using wpa_passphrase:
Usage: wpa_passphrase [ssid] [passphrase]
$ wpa_passphrase archlinux freenode
In a second terminal window, copy the example file wireless-wpa
from /etc/netctl/examples
to /etc/netctl
:
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa
You will then need to edit /etc/netctl/wireless-wpa
using your favorite text editor and add the pre-shared key, that was generated earlier using wpa_passphrase, to the Key
variable of this profile.
Once completed your network profile wireless-wpa
containing a 256-bit PSK should resemble:
/etc/netctl/wireless-wpa
Description='A simple WPA encrypted wireless connection using 256-bit PSK' Interface=wlp2s2 Connection=wireless Security=wpa IP=dhcp ESSID=archlinux Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
- Make sure to use the special non-quoted rules for
Key=
that are explained at the end of netctl.profile(5). - The key that you put in the profile configuration is enough to connect to a WPA-PSK network, which means this procedure is only good to hide the human-readable passphrase but will not prevent anyone with read access to this file from connecting to the network. You should ask yourself if there is any use in this at all, since using the same passphrase for anything else is a very poor security measure.
Support
Official announcement thread: https://bbs.archlinux.org/viewtopic.php?id=157670
Tips and tricks
Replace 'netcfg current'
As of April 2013 there is no netctl alternative to netcfg current
. If you relied on it for something, like a status bar for a tiling window manager, you can now use:
# netctl list | awk '/*/ {print $2}'
or, when netctl-auto
was used to connect:
# wpa_cli -i interface status | sed -n 's/^id_str=//p'
Eduroam
To connect ta a wireless network at university it is very likely you need a profile looking like this (tested in Freiburg, Germany):
/etc/netctl/wlan0-eduroam
Description='Eduroam-profile for <user>' Interface=wlan0 Connection=wireless Security=wpa-configsection IP=dhcp WPAConfigSection=( 'ssid="eduroam"' 'proto=RSN' 'key_mgmt=WPA-EAP' 'pairwise=CCMP' 'auth_alg=OPEN' 'eap=PEAP' 'identity="<user>"' 'password="<password>"' )