Difference between revisions of "Netctl"

From ArchWiki
Jump to: navigation, search
(Explained minimal usage of WPAConfigSection)
 
(287 intermediate revisions by 83 users not shown)
Line 1: Line 1:
 
{{Lowercase title}}
 
{{Lowercase title}}
[[Category:Networking]]
+
[[Category:Network configuration]]
 
[[cs:Netctl]]
 
[[cs:Netctl]]
 
[[es:Netctl]]
 
[[es:Netctl]]
 
[[fr:Netctl]]
 
[[fr:Netctl]]
 +
[[it:Netcfg]]
 
[[ja:Netctl]]
 
[[ja:Netctl]]
[[zh-CN:Netctl]]
 
 
[[ru:Netctl]]
 
[[ru:Netctl]]
{{Article summary start}}
+
[[zh-CN:Netctl]]
{{Article summary text|A guide to configuring the network using netctl and network profile scripts.}}
+
{{Related articles start}}
{{Article summary heading|Overview}}
+
{{Related|Bridge with netctl}}
{{Article summary text|{{Networking overview}}}}
+
{{Related|Network configuration}}
{{Article summary heading|Resources}}
+
{{Related|Wireless network configuration}}
{{Article summary wiki|Bridge with netctl}}
+
{{Related|:Category:Network configuration}}
{{Article summary end}}
+
{{Related articles end}}
Netctl is a new Arch project that replaces [[netcfg]]. Netctl is the future (and present) of CLI-based network management on Arch Linux.
+
[https://projects.archlinux.org/netctl.git/ netctl] is a CLI-based tool used to configure and manage network connections via profiles.
  
 
== Installation ==
 
== Installation ==
  
The {{Pkg|netctl}} package is available in the [[official repositories]]. Installing netctl will replace {{Pkg|netcfg}}.
+
{{Pkg|netctl}} is part of the {{Grp|base}} group, so it should already be installed on your system. Otherwise [[install]] it as usual.
 +
 
 +
Optional dependencies are shown in the table below.
 +
 
 +
{| class="wikitable"
 +
! Feature
 +
! Dependency
 +
! netctl program <br /> (if relevant)
 +
|-
 +
| Automatic wireless connections || {{Pkg|wpa_actiond}} || {{ic|netctl-auto}}
 +
|-
 +
| Automatic wired connections || {{Pkg|ifplugd}} || {{ic|netctl-ifplugd}}
 +
|-
 +
| WPA || {{Pkg|wpa_supplicant}} ||
 +
|-
 +
| DHCP || {{Pkg|dhcpcd}} or {{Pkg|dhclient}} ||
 +
|-
 +
| Wifi menus || {{Pkg|dialog}} ||
 +
|-
 +
| PPPoE || {{Pkg|ppp}} ||
 +
|-
 +
|}
  
{{Pkg|netctl}} and {{Pkg|netcfg}} are conflicting packages. You will be potentially connectionless after installing '''netctl''' if your profiles are misconfigured.
+
{{Warning|Do not enable concurrent, conflicting network service. Use {{ic|1=systemctl --type=service}} to ensure that no other network service is running before enabling a ''netctl'' profile/service.}}
  
== Required reading ==
+
== Usage ==
  
 
It is advisable to read the following man pages before using netctl:
 
It is advisable to read the following man pages before using netctl:
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.1.txt netctl]
+
 
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile]
+
* [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.1.txt netctl]
*[https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.special.7.txt netctl.special]
+
* [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile]
 +
* [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.special.7.txt netctl.special]
  
 
== Configuration ==
 
== Configuration ==
  
{{ic|netctl}} may be used to introspect and control the state of the systemd services for the network profile manager. Example configuration files are provided for the user to assist them in configuring their network connection. These example profiles are located in {{ic|/etc/netctl/examples/}}. The common configurations include:
+
''netctl'' uses profiles to manage network connections and different modes of operation to start profiles automatically or manually on demand.
 +
 
 +
=== Profile configuration ===
 +
 
 +
The ''netctl'' profile files are stored in {{ic|/etc/netctl/}} and example configuration files are available in {{ic|/etc/netctl/examples/}}. Common configurations include:
 +
 
 
* ethernet-dhcp
 
* ethernet-dhcp
 
* ethernet-static
 
* ethernet-static
Line 37: Line 64:
 
* wireless-wpa-static
 
* wireless-wpa-static
  
For wireless settings, use '''wifi-menu -o''' will generate the config file in /etc/netctl.
+
To use an example profile, simply copy it from {{ic|/etc/netctl/examples/}} to {{ic|/etc/netctl/}} and configure it to your needs; see basic [[#Example profiles]] below. The first parameter you need to create a profile is the network {{ic|Interface}}, see [[Network configuration#Device names]] for details.
  
To use an example profile, simply copy one of them from {{ic|/etc/netctl/examples/}} to {{ic|/etc/netctl/}} and configure it to your needs:
+
{{Tip|
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/
+
* For wireless settings, you can use {{ic|wifi-menu -o}} as root to generate the profile file in {{ic|/etc/netctl/}}.
 +
* To enable a static IP profile on wired interface no matter if the cable is connected or not, use {{ic|1=SkipNoCarrier=yes}} in your profile.
 +
}}
 +
 
 +
Once you have created your profile, attempt to establish a connection (use only the profile name, not the full path):
  
Once you have created your profile, make an attempt to establish a connection using the newly created profile by running:
 
 
  # netctl start ''profile''
 
  # netctl start ''profile''
  
If issuing the above command results in a failure, then use {{ic|journalctl -xn}} and {{ic|netctl status <profile>}} in order to obtain a more in depth explanation of the failure. Make the needed corrections to the failed configuration and retest.
+
If the above command results in a failure, then use {{ic|journalctl -xn}} and {{ic|netctl status ''profile''}} to obtain a more in depth explanation of the failure.
  
 
=== Automatic operation ===
 
=== Automatic operation ===
  
==== Just one profile ====
+
If you use only one profile (per interface) or want to switch profiles manually, the [[#Basic method|Basic method]] will do. Most common examples are servers, workstations, routers etc.
  
If you are using only one profile, once that profile is started successfully, it can be {{ic|enabled}} using
+
If you need to switch multiple profiles frequently, use [[#Automatic switching of profiles|Automatic switching of profiles]]. Most common examples are laptops.
# netctl enable ''profile''
+
This will create and enable a [[systemd]] service that will start when the computer boots.
+
  
{{Note|The connection to a dhcp-server is only established if the interface is connected and up at boot time (or when the service starts). In order to have an automatic connection established on cable connect, proceed to [[#Multiple Profiles]].}}
+
==== Basic method ====
  
==== Multiple profiles ====
+
With this method, you can statically start only one profile per interface. First manually check that the profile can be started successfully with:
  
Whereas with {{ic|netcfg}} there was {{ic|net-auto-wireless.service}} and {{ic|net-auto-wired.service}}, {{ic|netctl}} uses {{ic|netctl-auto@''interface''.service}} for wireless profiles, and {{ic|netctl-ifplugd@''interface''.service}} for wired profiles. In order to make the {{ic|netctl-auto@''interface''.service}} work for wireless interfaces, the package {{Pkg|wpa_actiond}} is required to be installed. In order to make the {{ic|netctl-ifplugd@''interface''.service}} work for wired interfaces, the package {{pkg|ifplugd}} is required to be installed.  Configure {{ic|/etc/ifplugd/ifplugd.conf}} accordingly. Automatic selection of a WPA-enabled profile by netctl-auto is not possible with option {{ic|1=Security=wpa-config}}, please use {{ic|1=Security=wpa-configsection}} instead.
+
# netctl start ''profile''  
  
To set preferred wired profile for auto-connecting specify {{ic|1=AutoWired=yes}} in that profile. By default on failure {{Pkg|ifplugd}} will pass to other DHCP wired profiles, then to static ones. If you don't want it to do so, set {{ic|1=ForceConnect=yes}}.
+
then it can be enabled using:
  
Once your profiles are set and verified to be working, simply enable these services with
+
  # netctl enable ''profile''
  # systemctl enable netctl-auto@''interface''.service
+
# systemctl enable netctl-ifplugd@''interface''.service 
+
  
{{Note|If any of the profiles contain errors, such as an empty {{ic|Key&#61;}} variable, the unit will fail to load at boot.}}
+
This will create and enable a [[systemd]] service that will start when the computer boots. Changes to the profile file will not propagate to the service file automatically. After such changes, it is necessary to reenable the profile:
  
If you have previously enabled a profile through {{ic|netctl}}, run
+
  # netctl reenable ''profile''
  # netctl disable ''profile''
+
to prevent the profile from starting twice at boot, and possibly causing issues with wpa_supplicant.
+
  
{{Note|
+
After enabling a profile, it will be started at next boot. Obviously this can only be successful, if the network cable for a wired connection is plugged in, or the wireless access point used in a profile is in range respectively.
* If there is ever a need to alter a currently enabled profile, execute {{ic|netctl reenable <profile>}} to apply the changes.
+
 
* ''interface'' is hardware minus, e.g netctl-auto@wlan0.service or netctl-auto@wlo1.service
+
==== Automatic switching of profiles ====
 +
 
 +
''netctl'' provides special [[systemd]] services for automatically switching of profile for wired and wireless connections:
 +
 
 +
* For wired interfaces, install package {{Pkg|ifplugd}}: After [[Start|starting and enabling]] {{ic|netctl-ifplugd@''interface''.service}} DHCP profiles are started/stopped when the network cable is plugged in/unplugged.
 +
** The {{ic|netctl-ifplugd@''interface''.service}} will prefer profiles which use [[Wikipedia:DHCP|DHCP]].
 +
** To automatically start a static IP profile the option {{ic|1=ExcludeAuto=no}} needs to be set in it.
 +
** To prioritize a profile with a static IP over DHCP profiles, you can set {{ic|1=Priority=2}}, which is higher than the default priority given to DHCP profiles of {{ic|1=Priority=1}}.
 +
 
 +
* For wireless interfaces, install package {{Pkg|wpa_actiond}}: After [[Start|starting and enabling]] {{ic|netctl-auto@''interface''.service}} profiles are started/stopped automatically as you move from the range of one network into the range of another network (roaming).
 +
** Profiles must use {{ic|1=Security=wpa-configsection}} to work with ''netctl-auto'' rather than {{ic|1=Security=wpa-config}}.
 +
** If you want some wireless profile '''not''' to be started automatically by {{ic|netctl-auto@''interface''.service}}, you have to explicitly add {{ic|1=ExcludeAuto=yes}} to that profile.  
 +
** You can use {{ic|1=priority=}} in the ''WPAConfigSection'' (see {{ic|/etc/netctl/examples/wireless-wpa-configsection}}) to set priority of a profile when multiple wireless access points are available.
 +
 
 +
Note that ''interface'' is not literal, but to be substituted by the name of your device's interface, e.g. {{ic|netctl-auto@wlp4s0.service}}. See {{ic|netctl.profile(5)}} for details.
 +
 
 +
{{Warning|
 +
* If any of the profiles contain errors, such as an empty or misquoted {{ic|1=Key=}} variable, the unit will fail to load with the message {{ic|"Failed to read or parse configuration '/run/network/wpa_supplicant_wlan0.conf'}}, even when that profile is not being used.
 +
* This method conflicts with the [[#Basic method|Basic method]]. If you have previously enabled a profile through ''netctl'', run {{ic|netctl disable ''profile''}} to prevent the profile from starting twice at boot.
 
}}
 
}}
  
=== Migrating from netcfg ===
+
Since netctl 1.3 it is possible to manually control an interface otherwise managed by ''netctl-auto'' without having to stop {{ic|netctl-auto.service}}. This is done using the ''netctl-auto'' command. For a list of available actions run:
 +
  # netctl-auto --help
  
{{Warning|{{ic|netctl}} conflicts with {{ic|netcfg}} so disable existing {{ic|netcfg@''profile''}} service before installing {{ic|netctl}}.}}
+
=== Example profiles ===
  
{{ic|netctl}} uses {{ic|/etc/netctl}} to store its profiles, ''not'' {{ic|/etc/network.d}} ({{ic|netcfg}}'s profile storage location).
+
==== Wired ====
  
In order to migrate from netcfg, at least the following is needed:
+
For a DHCP connection, only the {{ic|Interface}} has to be configured after copying the {{ic|/etc/netctl/examples/ethernet-dhcp}} example profile to {{ic|/etc/netctl}}.  
* Move network profile files to the new directory.
+
* Rename variables therein according to netctl.profile(5) (Most variable names have only UpperCamelCase i.e CONNECTION= becomes Connection=).
+
* For static IP configuration make sure the Address= variables have a netmask after the IP (e.g. Address=('192.168.1.23'''/24'''' '192.168.1.87'''/24'''') in the example profile).
+
* If you setup a wireless profile according in the {{ic|wireless-wpa-configsection}} example, note that this overrides {{ic|wpa_supplicant}} options defined above the brackets. For a connection to a hidden wireless network, add {{ic|scan_ssid<nowiki>=1</nowiki>}} to the options in the {{ic|wireless-wpa-configsection}}; {{ic|Hidden<nowiki>=</nowiki>yes}} does not work there.
+
* Unquote interface variables and other variables that don't strictly need quoting (this is mainly a style thing).
+
* Run {{ic|netctl enable ''profile''}} for every profile in the old NETWORKS array. 'last' doesn't work this way, see netctl.special(7).
+
* Use {{ic|netctl list}}/{{ic|netctl start ''profile''}} instead of '''netcfg-menu'''. '''wifi-menu''' remains available.
+
* It may be a good idea to use {{ic|1=systemctl --type=service}} to ensure that no other service is running that may want to configure the network.  Multiple networking services will conflict.
+
  
=== Passphrase obfuscation (256-bit PSK) ===
+
For example:
 +
{{hc|/etc/netctl/''my_dhcp_profile''|<nowiki>
 +
Interface=enp1s0
 +
Connection=ethernet
 +
IP=dhcp</nowiki>
 +
}}
 +
 
 +
For a static IP configuration copy the {{ic|/etc/netctl/examples/ethernet-static}} example profile to {{ic|/etc/netctl}} and modify {{ic|Interface}}, {{ic|Address}}, {{ic|Gateway}} and {{ic|DNS}}) as needed.
 +
 
 +
For example:
 +
{{hc|/etc/netctl/''my_static_profile''|<nowiki>
 +
Interface=enp1s0
 +
Connection=ethernet
 +
IP=static
 +
Address=('10.1.10.2/24')
 +
Gateway=('10.1.10.1')
 +
DNS=('10.1.10.1')</nowiki>
 +
}}
 +
 
 +
Take care to include the subnet notation of {{ic|/24}}. It equates to a netmask of {{ic|255.255.255.0}}) and without out it the profile will fail to start. See also [[wikipedia:Classless Inter-Domain Routing#CIDR notation|CIDR notation]]. To alias more than one IP address per a NIC set {{ic|Address&#61;('10.1.10.2/24' '192.168.1.2/24')}}.
 +
 
 +
==== Wireless (WPA-PSK) ====
 +
 
 +
The following applies for the standard wireless connections using a pre-shared key (WPA-PSK). See [[WPA2 Enterprise#netctl]] for example profiles with other authentication methods.
 +
 
 +
The standard ''netctl'' tool to connect to a wireless network (WPA-PSK, WEP) interactively is ''wifi-menu''; used with the {{ic|-o}} option:
 +
 
 +
wifi-menu -o
 +
 
 +
it generates the configuration file in {{ic|/etc/netctl/}} for the network to use for [[#Automatic operation]] at the same time.
 +
 
 +
Alternatively, the profile may also be configured manually, as follows:
 +
 
 +
Copy the example file {{ic|wireless-wpa}} from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}} (name of your choice):
 +
 
 +
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/.
 +
 
 +
Edit the profile as needed (modifying {{ic|Interface}}, {{ic|ESSID}} and {{ic|Key}}) and it is done.
 +
 
 +
At this step you may want to re-confirm the new profile you created is {{ic|chmod 600}} and confirm it works by starting it:
 +
 
 +
netctl start wireless-wpa
  
Users ''not'' wishing to have the passphrase to their wireless network stored in ''plain text'' have the option of storing the corresponding 256-bit pre-shared key (PSK) instead, which is calculated from the passphrase and the SSID using standard algorithms.
+
before configuring any [[#Automatic operation]].
  
* Method 1: Use {{ic|wifi-menu -o}} to generate a config file in {{ic|/etc/netctl}}
+
Optionally you can also follow the following step to obfuscate the wireless passphrase (''wifi-menu'' does it automatically):
* Method 2: Manual settings as follows. If the passphrase fails, try removing the \" in Key= (see note below)
+
  
For both methods it is suggested to {{ic|chmod 600 /etc/netctl/<config_file>}} to prevent user access to the password.
+
Users '''not''' wishing to have the passphrase to their wireless network stored in ''plain text'' have the option of storing the corresponding 256-bit pre-shared key instead, which is calculated from the passphrase and the SSID using standard algorithms.
  
Calculate your 256-bit PSK using [[WPA_supplicant#Configuration_file|wpa_passphrase]]:
+
Calculate your 256-bit PSK using [[WPA_supplicant#Connecting_with_wpa_passphrase|wpa_passphrase]]:
{{hc|Usage: wpa_passphrase [ssid] [passphrase]|
+
{{hc|$ wpa_passphrase ''your_essid'' ''passphrase''|2=
2=$ wpa_passphrase archlinux freenode|
+
 
   network={
 
   network={
   ssid="archlinux"
+
   ssid="''your_essid''"
   #psk="freenode"
+
   #psk="''passphrase''"
 
   psk=64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
 
   psk=64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
 
}
 
}
{{Note|This information will be used in your profile, so do not close the terminal.}}
 
 
}}
 
}}
  
In a second terminal window, copy the example file {{ic|wireless-wpa}} from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}}:
+
The ''pre-shared key'' (psk) now needs to replace the plain text passphrase of the {{ic|Key}} variable in the profile. Once completed your network profile {{ic|wireless-wpa}} containing a 256-bit PSK should resemble:
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa
+
  
You will then need to edit {{ic|/etc/netctl/wireless-wpa}} using your favorite text editor and add the ''pre-shared key'', that was generated earlier using wpa_passphrase, to the {{ic|'''Key'''}} variable of this profile.
 
 
Once completed your network profile {{ic|wireless-wpa}} containing a 256-bit PSK should resemble:
 
 
{{hc|/etc/netctl/wireless-wpa|2=
 
{{hc|/etc/netctl/wireless-wpa|2=
 
Description='A simple WPA encrypted wireless connection using 256-bit PSK'
 
Description='A simple WPA encrypted wireless connection using 256-bit PSK'
Line 126: Line 195:
 
Security=wpa
 
Security=wpa
 
IP=dhcp
 
IP=dhcp
ESSID=archlinux
+
ESSID=''your_essid''
 
Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
 
Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
 
}}
 
}}
 +
 
{{Note|
 
{{Note|
* Make sure to use the '''special non-quoted rules''' for {{ic|1=Key=}} that are explained at the end of [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile(5)].
+
* Make sure to use the '''special quoting rules''' for the {{ic|Key}} variable as explained at the end of [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile(5)].
* The key that you put in the profile configuration is enough to connect to a WPA-PSK network, which means this procedure is only good to hide the human-readable passphrase but will not prevent anyone with read access to this file from connecting to the network. You should ask yourself if there is any use in this at all, since using the same passphrase for anything else is a very poor security measure.
+
* If the passphrase fails, try removing the {{ic|\"}} in the {{ic|Key}} variable.
}}
+
* Although "encrypted", the key that you put in the profile configuration is enough to connect to a WPA-PSK network. Therefore this process is only useful for hiding the human-readable version of the passphrase. This will not prevent anyone with read access to this file from connecting to the network.}}
 
+
== Support ==
+
 
+
Official announcement thread: https://bbs.archlinux.org/viewtopic.php?id=157670
+
  
 
== Tips and tricks ==
 
== Tips and tricks ==
  
=== Replace 'netcfg current' ===
+
=== Using an Experimental GUI ===
  
As of April 2013 there is no netctl alternative to {{ic|netcfg current}}. If you relied on it for something, like a status bar for a tiling window manager, you can now use:
+
If you want a graphical user interface to manage ''netctl'' and your connections and you are not afraid of highly experimental unofficial packages you can install {{AUR|netgui}}{{Broken package link|{{aur-mirror|netgui}}}} from [[AUR]]. Note, however, that ''netgui'' is still in beta status and you should be familiar with the general ''netctl'' syntax to debug possible issues. Another GUI alternative is {{AUR|netctl-gui}} which provides a Qt-based graphical interface, DBus daemon and KDE widget. A third alternative is {{AUR|netmenu}}, which uses {{Pkg|dmenu}} as its graphical interface.
# netctl list | awk '/*/ {print $2}'
+
or, when {{ic|netctl-auto}} was used to connect:
+
# wpa_cli -i ''interface'' status | sed -n 's/^id_str=//p'
+
  
 
=== Eduroam ===
 
=== Eduroam ===
  
To connect ta a wireless network at university it is very likely you need a profile looking like this (tested in Freiburg, Germany):
+
See [[WPA2 Enterprise#netctl]].
{{hc|/etc/netctl/wlan0-eduroam|<nowiki>
+
 
Description='Eduroam-profile for <user>'
+
=== Bonding ===
Interface=wlan0
+
 
Connection=wireless
+
From [https://www.kernel.org/doc/Documentation/networking/bonding.txt kernel documentation]:
Security=wpa-configsection
+
 
 +
:''The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interfaces depends on the mode. Generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed.''
 +
 
 +
==== Load balancing ====
 +
 
 +
To use bonding with netctl, additional package from official repositories is required: {{Pkg|ifenslave}}.
 +
 
 +
Copy {{ic|/etc/netctl/examples/bonding}} to {{ic|/etc/netctl/bond0}} and edit it, for example:
 +
 
 +
{{hc|/etc/netctl/bond0|2=
 +
Description='Bond Interface'
 +
Interface='bond0'
 +
Connection=bond
 +
BindsToInterfaces=('eth0' 'eth1')
 
IP=dhcp
 
IP=dhcp
WPAConfigSection=(
+
IP6=stateless}}
'ssid="eduroam"'
+
 
'proto=RSN'
+
Now you can disable your old configuration and set ''bond0'' to be started automatically. Switch to the new profile, for example:
  'key_mgmt=WPA-EAP'
+
 
'pairwise=CCMP'
+
  # netctl switch-to bond0
'auth_alg=OPEN'
+
 
'eap=PEAP'
+
{{Note|This uses the round-robin policy, which is the default for the {{ic|bonding}} driver. See [https://www.kernel.org/doc/Documentation/networking/bonding.txt official documentation] for details.}}
'identity="<user>"'
+
 
'password="<password>"'
+
{{Tip|To check the status and bonding mode: {{bc|$ cat /proc/net/bonding/bond0}}}}
)</nowiki>
+
 
 +
==== Wired to wireless failover ====
 +
This example describes how to use ''bonding'' to fallback to wireless when the wired ethernet goes down. This is most useful when both the wired and wireless interface will be connected to the same network. Your wireless router/access point must be configured in ''bridge'' mode.
 +
 
 +
You will need additional packages from the official repositories: {{Pkg|ifenslave}} and {{Pkg|wpa_supplicant}}.
 +
 
 +
First enable the bonding module to be loaded upon boot time, as instructed on [[Kernel modules#Automatic module handling]]:
 +
 
 +
{{hc|/etc/modules-load.d/bonding.conf|2=
 +
bonding
 
}}
 
}}
 +
 +
Then, configure the options of the {{ic|bonding}} driver to use {{ic|active-backup}} and configure the {{ic|primary}} parameter to the device you want to be the active one (normally the wired interface). Also, be sure to use the same device name as returned when running {{ic|ip link}}:
 +
 +
{{hc|/etc/modprobe.d/bonding.conf|2=
 +
options bonding mode=active-backup miimon=100 primary=eth0 max_bonds=0
 +
}}
 +
 +
The {{ic|miimon}} option is needed, for the link failure detection. The {{ic|max_bonds}} option avoids the {{ic|Interface bond0 already exists}} error. More information can be obtained on the [https://www.kernel.org/doc/Documentation/networking/bonding.txt kernel documentation].
 +
 +
Next, configure a netctl profile to enslave the two hardware interfaces. Use the name of all the devices you want to enslave. If you have more than two wired or wireless interfaces, you can enslave all of them on a bond interface. But, for most cases you will have only two devices, a wired and a wireless one:
 +
 +
{{hc|/etc/netctl/failover|2=
 +
Description='A wired connection with failover to wireless'
 +
Interface='bond0'
 +
Connection=bond
 +
BindsToInterfaces=('eth0' 'wlan0')
 +
IP='dhcp'
 +
}}
 +
 +
Disable any other profiles (specially a wired or wireless) you had enabled before and then enable the failover profile on startup:
 +
 +
# netctl enable failover
 +
 +
Now you need to configure ''wpa_supplicant'' to connect to any know network you wish. You should create a file for each interface and enable it on systemd. Create the following file with this content:
 +
 +
{{hc|/etc/wpa_supplicant/wpa_supplicant-wlan0.conf|2=
 +
ctrl_interface=/run/wpa_supplicant
 +
update_config=1
 +
}}
 +
 +
And append to the end of this file any networks you want to connect:
 +
 +
network={
 +
    ssid="SSID"
 +
    psk=PSK
 +
}
 +
 +
To generate the obfuscated PSK you can run ''wpa_passphrase'' as on the [[WPA supplicant#Connecting with wpa_passphrase]] page.
 +
 +
Now, [[enable]] the {{ic|wpa_supplicant@}} template service on the network interface, for example {{ic|wpa_supplicant@wlan0}}.
 +
 +
You can try now to reboot your machine and see if your configuration worked.
 +
 +
{{Note|If you get this error on boot bonding:
 +
 +
wlan0 is up - this may be due to an out of date ifenslave
 +
 +
Then this is happening because the ''wpa_supplicant'' is being run before the {{ic|failover}} netctl profile. This happens because [[systemd]] runs everything in parallel, unless told otherwise. ''ifenslave'' need all the interfaces to be down before bonding them to the {{ic|bond0}} interface. And, since the ''wpa_supplicant'' need to put the interface up to be able to scan for networks, this might cause the interface to not be enslaved and your bonding to only have the wired interface.
 +
 +
If this is your case, then you will need to setup a custom dependency on the {{ic|wpa_supplicant@wlan0}} service in relation with the {{ic|netctl@failover}} profile. More specifically, the ''wpa_supplicant'' must be started '''after''' the netctl profile. To accomplish this, create a custom dependency file based on the instructions provided here: [[systemd#Handling dependencies]]
 +
 +
{{hc|/etc/systemd/system/wpa_supplicant@wlan0.service.d/customdependency.conf|2=
 +
[Unit]
 +
After=netctl@failover.service
 +
}}
 +
 +
After that you can try to reboot your system again and see if it works. You can check the status of your bonding by checking [[journalctl]] for the {{ic|netctl@failover.service}} unit.
 +
 +
And by checking:
 +
 +
# ip link
 +
 +
You should see something like this:
 +
 +
1: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT group default qlen 1000
 +
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
 +
2: wlan0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DORMANT group default qlen 1000
 +
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
 +
3: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
 +
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
 +
}}
 +
 +
Now, you can test your failover setup, by initiating a big download. Unplug your wired interface. Your download should keep going over the wireless interface. Then, plug your wired interface again and it should keep working. You can debug by checking [[journalctl]] for the {{ic|netctl@failover.service}} and {{ic|wpa_supplicant@wlan0.service}} units.
 +
 +
=== Using any interface ===
 +
In some cases it may be desirable to allow a profile to use any interface on the system. A common example use case is using a common disk image across many machines with differing hardware (this is especially useful if they are headless). If you use the kernel's naming scheme, and your machine has only one ethernet interface, you can probably guess that eth0 is the right interface. If you use udev's [http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ Predictable Network Interface Names], however, names will be assigned based on the specific hardware itself (e.g. enp1s0), rather than simply the order that the hardware was detected (e.g. eth0, eth1). This means that a netctl profile may work on one machine and not another, because they each have different interface names.
 +
 +
A quick and dirty solution is to make use of the {{ic|/etc/netctl/interfaces/}} directory. Choose a name for your interface alias ({{ic|en-any}} in this example), and write the following to a file with that name (making sure it is executable).
 +
{{hc|/etc/netctl/interfaces/en-any|<nowiki>
 +
#!/bin/bash
 +
for interface in /sys/class/net/en*; do
 +
        break;
 +
done
 +
Interface=$(basename $interface)
 +
echo "en-any: using interface $Interface";
 +
</nowiki>}}
 +
Then create a profile that uses the interface. Pay special attention to the {{ic|Interface}} directive. The rest are only provided as examples.
 +
{{hc|/etc/netctl/wired|<nowiki>
 +
Description='Wired'
 +
Interface=en-any
 +
Connection=ethernet
 +
IP=static
 +
Address=('192.168.1.15/24')
 +
Gateway='192.168.1.1'
 +
DNS=('192.168.1.1')
 +
</nowiki>}}
 +
 +
When the {{ic|wired}} profile is started, any machine using the two files above will automatically bring up and configure the first ethernet interface found on the system, regardless of what name udev assigned to it. Note that this is not the most robust way to go about configuring interfaces. If you use multiple interfaces, netctl may try to assign the same interface to them, and will likely cause a disruption in connectivity. If you do not mind a more complicated solution, {{ic|netctl-auto}} is likely to be more reliable.
 +
 +
=== Using hooks ===
 +
 +
netctl supports hooks in {{ic|/etc/netctl/hooks/}} and per interface hooks in {{ic|/etc/netctl/interfaces/}}. You can set any option in a hook/interface that you can
 +
in a profile. They are read the same way! Most importantly this includes {{ic|ExecUpPost}} and {{ic|ExecDownPre}}.
 +
 +
When a profile is read, netctl sources '''all executable''' scripts in {{ic|hooks}}, then it reads the profile file for the connection and finally it sources an executable script with the name of the interface used in the profile from the {{ic|interfaces}} directory. Therefore, declarations in an interface script override declarations in the profile, which override declarations in hooks.
 +
 +
The variables {{ic|$INTERFACE}}, {{ic|$SSID}}, {{ic|$ACTION}} and {{ic|$Profile}} are available in hooks/interfaces '''only''' when using {{ic|netctl-auto}}
 +
 +
==== Examples ====
 +
 +
===== Execute commands on established connection =====
 +
{{hc|/etc/netctl/hooks/myservices|<nowiki>
 +
#!/bin/sh
 +
ExecUpPost="systemctl start crashplan.service; systemctl start dropbox@<username>.service"
 +
ExecDownPre="systemctl stop crashplan.service; systemctl stop dropbox@<username>.service"
 +
</nowiki>}}
 +
 +
===== Activate network-online.target =====
 +
 +
{{hc|/etc/netctl/hooks/status|<nowiki>
 +
#!/bin/sh
 +
ExecUpPost="systemctl start network-online.target"
 +
ExecDownPre="systemctl stop network-online.target"
 +
</nowiki>}}
 +
 +
Using this, systemd services requiring an active network connection can be [[Systemd#Handling_dependencies|ordered]] to start only after the {{ic|network-online.target}} is reached, and can be stopped before the connection is brought down.
 +
 +
===== Set default DHCP client =====
 +
 +
To set or change the DHCP client used for all profiles:
 +
 +
{{hc|/etc/netctl/hooks/dhcp|<nowiki>
 +
#!/bin/sh
 +
DHCPClient='dhclient'
 +
</nowiki>}}
 +
 +
Alternatively, it may also be specified for a specific network interface by creating an executable file {{ic|/etc/netctl/interfaces/<interface>}} with the following line:
 +
 +
DHCPClient='dhclient'
 +
 +
{{Expansion|It would be useful to replace the example with a general hook that executes different actions depending on {{ic|$ACTION}} being CONNECT and DISCONNECT.}}
 +
 +
=== Minimal WPAConfigSection ===
 +
As stated in the [https://projects.archlinux.org/netctl.git/tree/docs/netctl.profile.5.txt#n281 netctl.profile(5)] man page, the {{ic|WPAConfigSection}} variable is an array of config lines passed to [[wpa_supplicant]]. So, a minimal WPAConfigSection would contain:
 +
Description='A wireless connection using a custom network block configuration'
 +
Interface=wlan0
 +
Connection=wireless
 +
Security=wpa-configsection
 +
IP=dhcp
 +
WPAConfigSection=(
 +
    'ssid="University"'
 +
    'psk="very secret passphrase"'
 +
)
 +
 +
== Troubleshooting ==
 +
 +
=== Job for netctl@wlan(...).service failed ===
 +
 +
Some people have an issue when they connect to a network with ''netctl'', for example:
 +
 +
{{hc|# netctl start wlan0-ssid|<nowiki>
 +
Job for netctl@wlan0\x2ssid.service failed. See 'systemctl status netctl@wlan0\x2ssid.service' and 'journalctl -xn' for details.
 +
</nowiki>}}
 +
 +
When then looking at {{ic|journalctl -xn}}, either of the following are shown:
 +
 +
1. If your device ({{ic|wlan0}} in this case) is up:
 +
network[2322]: The interface of network profile 'wlan0-ssid' is already up
 +
 +
Setting the interface down should resolve the problem:
 +
# ip link set wlan0 down
 +
 +
Then retry:
 +
# netctl start wlan0-ssid
 +
 +
{{Accuracy|The following is an unsolved issue, using different DHCP client is just a poor/unexplained workaround.}}
 +
 +
2. If it is down:
 +
dhcpcd[261]: wlan0: ipv4_sendrawpacket: Network is down
 +
 +
One way to solve this is to use a different DHCP client, for example {{Pkg|dhclient}}. After installing the package configure ''netctl'' to use it:
 +
 +
{{hc|/etc/netctl/wlan0-ssid|<nowiki>
 +
...
 +
DHCPClient='dhclient'
 +
</nowiki>}}
 +
 +
Adding the {{ic|ForceConnect}} option may also be helpful:
 +
 +
{{hc|/etc/netctl/wlan0-ssid|<nowiki>
 +
 +
...
 +
 +
ForceConnect=yes
 +
</nowiki>}}
 +
 +
Save it and try to connect with the profile:
 +
# netctl start wlan0-ssid
 +
 +
=== dhcpcd: ipv4_addroute: File exists ===
 +
 +
On some systems dhcpcd in combination with netctl causes timeout issues on resume, particularly when having switched networks in the meantime. netctl will report that you are successfully connected but you still receive timeout issues. In this case, the old default route still exists and is not being renewed. A workaround to avoid this misbehaviour is to switch to [[#Set default DHCP client|dhclient]] as the default dhcp client. More information on the issue can be found [https://bbs.archlinux.org/viewtopic.php?pid=1399842#p1399842 here].
 +
 +
=== DHCP timeout issues ===
 +
 +
If you are having timeout issues when requesting leases via DHCP you can set the timeout value higher than netctl's 30 seconds by default. Create a file in {{ic|/etc/netctl/hooks/}} or {{ic|/etc/netctl/interfaces/}}, add {{ic|1=TimeoutDHCP=40}} to it for a timeout of 40 seconds and make the file executable.
 +
 +
=== Connection timeout issues ===
 +
 +
If you are having timeout issues that are unrelated to DHCP (on a static ethernet connection for example), and are experiencing errors similar to the following when starting your profile:
 +
{{hc|# journalctl _SYSTEMD_UNIT&#61;netctl@''profile''.service|
 +
Starting network profile &#39;''profile''&#39;...
 +
No connection found on interface 'eth0' (timeout)
 +
Failed to bring the network up for profile &#39;''profile''&#39;
 +
}}
 +
Then you should increase carrier and up timeouts by adding {{ic|1=TimeoutUp=}} and {{ic|1=TimeoutCarrier=}} to your profile file:
 +
{{hc|/etc/netctl/''profile''|<nowiki>
 +
...
 +
TimeoutUp=300
 +
TimeoutCarrier=300</nowiki>
 +
}}
 +
Do not forget to reenable your profile:
 +
 +
# netctl reenable ''profile''
 +
 +
=== Problems with netctl-auto on resume ===
 +
Sometimes ''netctl-auto'' fails to reconnect when the system resumes from suspend, hibernate or hybrid-sleep. An easy solution is to restart the service for ''netctl-auto''.
 +
This can be automated with an additional service like the following:
 +
 +
{{hc|/etc/systemd/system/netctl-auto-resume@.service|<nowiki>
 +
[Unit]
 +
Description=restart netctl-auto on resume.
 +
Requisite=netctl-auto@%i.service
 +
After=sleep.target
 +
 +
[Service]
 +
Type=oneshot
 +
ExecStart=/usr/bin/systemctl restart netctl-auto@%i.service
 +
 +
[Install]
 +
WantedBy=sleep.target
 +
</nowiki>}}
 +
 +
To [[enable]] this service for your wireless card, for example, enable {{ic|netctl-auto-resume@wlan0.service}} as root. Change {{ic|wlan0}} to the required network interface.
 +
 +
If the device is not yet running on resume when the unit is started, this will fail. It can be fixed by adding the following dependency in the ''After'' line:
 +
 +
{{hc|/etc/systemd/system/netctl-auto-resume@.service|<nowiki>
 +
...
 +
After=sleep.target sys-subsystem-net-devices-%i.device
 +
...
 +
</nowiki>}}
 +
 +
=== netctl-auto suddenly stopped working for WiFi adapters ===
 +
 +
This problem seems to be related to a recent wpa_supplicant update (see {{Bug|44731}}), but a work-around is quite trivial. Just create a file for your interface (e.g. wlp3s0) in /etc/netctl/interfaces with the following content and make it executable:
 +
 +
{{hc|/etc/netctl/interfaces/wlp3s0|<nowiki>
 +
WPAOptions="-m ''"
 +
</nowiki>}}
 +
 +
After that, try to restart your netctl-auto service and WiFi auto detection should work well again.
 +
 +
=== netctl-auto does not automatically unblock a wireless card to use an interface ===
 +
 +
Many laptops have a hardware button (or switch) to turn off wireless card, however, the card can also be blocked by the kernel. This can be handled by [[rfkill]].
 +
 +
If you want ''netctl-auto'' to automatically unblock your wireless card to connect to a particular network, set {{ic|1=RFKill=++auto++}} option for the wireless connection of your choice, as specified in the [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile(5)] man page.
 +
 +
=== RTNETLINK answers: File exists (with multiple NICs) ===
 +
 +
This is a very misleading response, it really means that you have assigned a default gateway in an earlier netctl control file. When netctl starts up the n-th NIC and goes to set its local route, it fails because there is already a default route from n-1.
 +
 +
Remove it and everything works, except you no longer have a default route and so cannot access things such as the internet. {{ic|ExecUpPost}} does not work as it gets executed for each network card.
 +
 +
A possible solution is creating a new service.  Replace "FIRST_INTERFACE" and "SECOND_INTERFACE" with your interface names, and replace "192.168.xxx.yyy" with your default gateway.
 +
 +
{{hc|/etc/systemd/system/defaultrouter.service|<nowiki>
 +
[Unit]
 +
Description="Configure default gateway"
 +
Requires=netctl@FIRST_INTERFACE.service netctl@SECOND_INTERFACE.service
 +
After=netctl@FIRST_INTERFACE.service netctl@SECOND_INTERFACE.service
 +
 +
[Service]
 +
Type=oneshot
 +
ExecStart=/usr/bin/ip route add default via 192.168.xxx.yyy
 +
 +
[Install]
 +
WantedBy=network-online.target
 +
</nowiki>}}
 +
 +
== See also ==
 +
 +
* [https://lists.archlinux.org/pipermail/arch-projects/2012-December/003473.html Initial mailing list announcement]
 +
* [https://bbs.archlinux.org/viewtopic.php?id=157670 Official announcement thread]
 +
* [https://www.archlinux.org/news/netctl-is-now-in-core/ Official news announcement]
 +
* There is a cinnamon applet available in the AUR: {{AUR|cinnamon-applet-netctl-systray-menu}}{{Broken package link|{{aur-mirror|cinnamon-applet-netctl-systray-menu}}}}

Latest revision as of 10:37, 25 July 2016

netctl is a CLI-based tool used to configure and manage network connections via profiles.

Installation

netctl is part of the base group, so it should already be installed on your system. Otherwise install it as usual.

Optional dependencies are shown in the table below.

Feature Dependency netctl program
(if relevant)
Automatic wireless connections wpa_actiond netctl-auto
Automatic wired connections ifplugd netctl-ifplugd
WPA wpa_supplicant
DHCP dhcpcd or dhclient
Wifi menus dialog
PPPoE ppp
Warning: Do not enable concurrent, conflicting network service. Use systemctl --type=service to ensure that no other network service is running before enabling a netctl profile/service.

Usage

It is advisable to read the following man pages before using netctl:

Configuration

netctl uses profiles to manage network connections and different modes of operation to start profiles automatically or manually on demand.

Profile configuration

The netctl profile files are stored in /etc/netctl/ and example configuration files are available in /etc/netctl/examples/. Common configurations include:

  • ethernet-dhcp
  • ethernet-static
  • wireless-wpa
  • wireless-wpa-static

To use an example profile, simply copy it from /etc/netctl/examples/ to /etc/netctl/ and configure it to your needs; see basic #Example profiles below. The first parameter you need to create a profile is the network Interface, see Network configuration#Device names for details.

Tip:
  • For wireless settings, you can use wifi-menu -o as root to generate the profile file in /etc/netctl/.
  • To enable a static IP profile on wired interface no matter if the cable is connected or not, use SkipNoCarrier=yes in your profile.

Once you have created your profile, attempt to establish a connection (use only the profile name, not the full path):

# netctl start profile

If the above command results in a failure, then use journalctl -xn and netctl status profile to obtain a more in depth explanation of the failure.

Automatic operation

If you use only one profile (per interface) or want to switch profiles manually, the Basic method will do. Most common examples are servers, workstations, routers etc.

If you need to switch multiple profiles frequently, use Automatic switching of profiles. Most common examples are laptops.

Basic method

With this method, you can statically start only one profile per interface. First manually check that the profile can be started successfully with:

# netctl start profile 

then it can be enabled using:

# netctl enable profile

This will create and enable a systemd service that will start when the computer boots. Changes to the profile file will not propagate to the service file automatically. After such changes, it is necessary to reenable the profile:

# netctl reenable profile

After enabling a profile, it will be started at next boot. Obviously this can only be successful, if the network cable for a wired connection is plugged in, or the wireless access point used in a profile is in range respectively.

Automatic switching of profiles

netctl provides special systemd services for automatically switching of profile for wired and wireless connections:

  • For wired interfaces, install package ifplugd: After starting and enabling netctl-ifplugd@interface.service DHCP profiles are started/stopped when the network cable is plugged in/unplugged.
    • The netctl-ifplugd@interface.service will prefer profiles which use DHCP.
    • To automatically start a static IP profile the option ExcludeAuto=no needs to be set in it.
    • To prioritize a profile with a static IP over DHCP profiles, you can set Priority=2, which is higher than the default priority given to DHCP profiles of Priority=1.
  • For wireless interfaces, install package wpa_actiond: After starting and enabling netctl-auto@interface.service profiles are started/stopped automatically as you move from the range of one network into the range of another network (roaming).
    • Profiles must use Security=wpa-configsection to work with netctl-auto rather than Security=wpa-config.
    • If you want some wireless profile not to be started automatically by netctl-auto@interface.service, you have to explicitly add ExcludeAuto=yes to that profile.
    • You can use priority= in the WPAConfigSection (see /etc/netctl/examples/wireless-wpa-configsection) to set priority of a profile when multiple wireless access points are available.

Note that interface is not literal, but to be substituted by the name of your device's interface, e.g. netctl-auto@wlp4s0.service. See netctl.profile(5) for details.

Warning:
  • If any of the profiles contain errors, such as an empty or misquoted Key= variable, the unit will fail to load with the message "Failed to read or parse configuration '/run/network/wpa_supplicant_wlan0.conf', even when that profile is not being used.
  • This method conflicts with the Basic method. If you have previously enabled a profile through netctl, run netctl disable profile to prevent the profile from starting twice at boot.

Since netctl 1.3 it is possible to manually control an interface otherwise managed by netctl-auto without having to stop netctl-auto.service. This is done using the netctl-auto command. For a list of available actions run:

 # netctl-auto --help

Example profiles

Wired

For a DHCP connection, only the Interface has to be configured after copying the /etc/netctl/examples/ethernet-dhcp example profile to /etc/netctl.

For example:

/etc/netctl/my_dhcp_profile
Interface=enp1s0
Connection=ethernet
IP=dhcp

For a static IP configuration copy the /etc/netctl/examples/ethernet-static example profile to /etc/netctl and modify Interface, Address, Gateway and DNS) as needed.

For example:

/etc/netctl/my_static_profile
Interface=enp1s0
Connection=ethernet
IP=static
Address=('10.1.10.2/24')
Gateway=('10.1.10.1')
DNS=('10.1.10.1')

Take care to include the subnet notation of /24. It equates to a netmask of 255.255.255.0) and without out it the profile will fail to start. See also CIDR notation. To alias more than one IP address per a NIC set Address=('10.1.10.2/24' '192.168.1.2/24').

Wireless (WPA-PSK)

The following applies for the standard wireless connections using a pre-shared key (WPA-PSK). See WPA2 Enterprise#netctl for example profiles with other authentication methods.

The standard netctl tool to connect to a wireless network (WPA-PSK, WEP) interactively is wifi-menu; used with the -o option:

wifi-menu -o 

it generates the configuration file in /etc/netctl/ for the network to use for #Automatic operation at the same time.

Alternatively, the profile may also be configured manually, as follows:

Copy the example file wireless-wpa from /etc/netctl/examples to /etc/netctl (name of your choice):

# cp /etc/netctl/examples/wireless-wpa /etc/netctl/.

Edit the profile as needed (modifying Interface, ESSID and Key) and it is done.

At this step you may want to re-confirm the new profile you created is chmod 600 and confirm it works by starting it:

netctl start wireless-wpa

before configuring any #Automatic operation.

Optionally you can also follow the following step to obfuscate the wireless passphrase (wifi-menu does it automatically):

Users not wishing to have the passphrase to their wireless network stored in plain text have the option of storing the corresponding 256-bit pre-shared key instead, which is calculated from the passphrase and the SSID using standard algorithms.

Calculate your 256-bit PSK using wpa_passphrase:

$ wpa_passphrase your_essid passphrase
network={
  ssid="your_essid"
  #psk="passphrase"
  psk=64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
}

The pre-shared key (psk) now needs to replace the plain text passphrase of the Key variable in the profile. Once completed your network profile wireless-wpa containing a 256-bit PSK should resemble:

/etc/netctl/wireless-wpa
Description='A simple WPA encrypted wireless connection using 256-bit PSK'
Interface=wlp2s2
Connection=wireless
Security=wpa
IP=dhcp
ESSID=your_essid
Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
Note:
  • Make sure to use the special quoting rules for the Key variable as explained at the end of netctl.profile(5).
  • If the passphrase fails, try removing the \" in the Key variable.
  • Although "encrypted", the key that you put in the profile configuration is enough to connect to a WPA-PSK network. Therefore this process is only useful for hiding the human-readable version of the passphrase. This will not prevent anyone with read access to this file from connecting to the network.

Tips and tricks

Using an Experimental GUI

If you want a graphical user interface to manage netctl and your connections and you are not afraid of highly experimental unofficial packages you can install netguiAUR[broken link: archived in aur-mirror] from AUR. Note, however, that netgui is still in beta status and you should be familiar with the general netctl syntax to debug possible issues. Another GUI alternative is netctl-guiAUR which provides a Qt-based graphical interface, DBus daemon and KDE widget. A third alternative is netmenuAUR, which uses dmenu as its graphical interface.

Eduroam

See WPA2 Enterprise#netctl.

Bonding

From kernel documentation:

The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interfaces depends on the mode. Generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed.

Load balancing

To use bonding with netctl, additional package from official repositories is required: ifenslave.

Copy /etc/netctl/examples/bonding to /etc/netctl/bond0 and edit it, for example:

/etc/netctl/bond0
Description='Bond Interface'
Interface='bond0'
Connection=bond
BindsToInterfaces=('eth0' 'eth1')
IP=dhcp
IP6=stateless

Now you can disable your old configuration and set bond0 to be started automatically. Switch to the new profile, for example:

# netctl switch-to bond0
Note: This uses the round-robin policy, which is the default for the bonding driver. See official documentation for details.
Tip: To check the status and bonding mode:
$ cat /proc/net/bonding/bond0

Wired to wireless failover

This example describes how to use bonding to fallback to wireless when the wired ethernet goes down. This is most useful when both the wired and wireless interface will be connected to the same network. Your wireless router/access point must be configured in bridge mode.

You will need additional packages from the official repositories: ifenslave and wpa_supplicant.

First enable the bonding module to be loaded upon boot time, as instructed on Kernel modules#Automatic module handling:

/etc/modules-load.d/bonding.conf
bonding

Then, configure the options of the bonding driver to use active-backup and configure the primary parameter to the device you want to be the active one (normally the wired interface). Also, be sure to use the same device name as returned when running ip link:

/etc/modprobe.d/bonding.conf
options bonding mode=active-backup miimon=100 primary=eth0 max_bonds=0

The miimon option is needed, for the link failure detection. The max_bonds option avoids the Interface bond0 already exists error. More information can be obtained on the kernel documentation.

Next, configure a netctl profile to enslave the two hardware interfaces. Use the name of all the devices you want to enslave. If you have more than two wired or wireless interfaces, you can enslave all of them on a bond interface. But, for most cases you will have only two devices, a wired and a wireless one:

/etc/netctl/failover
Description='A wired connection with failover to wireless'
Interface='bond0'
Connection=bond
BindsToInterfaces=('eth0' 'wlan0')
IP='dhcp'

Disable any other profiles (specially a wired or wireless) you had enabled before and then enable the failover profile on startup:

# netctl enable failover

Now you need to configure wpa_supplicant to connect to any know network you wish. You should create a file for each interface and enable it on systemd. Create the following file with this content:

/etc/wpa_supplicant/wpa_supplicant-wlan0.conf
ctrl_interface=/run/wpa_supplicant
update_config=1

And append to the end of this file any networks you want to connect:

network={
    ssid="SSID"
    psk=PSK
}

To generate the obfuscated PSK you can run wpa_passphrase as on the WPA supplicant#Connecting with wpa_passphrase page.

Now, enable the wpa_supplicant@ template service on the network interface, for example wpa_supplicant@wlan0.

You can try now to reboot your machine and see if your configuration worked.

Note: If you get this error on boot bonding:
wlan0 is up - this may be due to an out of date ifenslave

Then this is happening because the wpa_supplicant is being run before the failover netctl profile. This happens because systemd runs everything in parallel, unless told otherwise. ifenslave need all the interfaces to be down before bonding them to the bond0 interface. And, since the wpa_supplicant need to put the interface up to be able to scan for networks, this might cause the interface to not be enslaved and your bonding to only have the wired interface.

If this is your case, then you will need to setup a custom dependency on the wpa_supplicant@wlan0 service in relation with the netctl@failover profile. More specifically, the wpa_supplicant must be started after the netctl profile. To accomplish this, create a custom dependency file based on the instructions provided here: systemd#Handling dependencies

/etc/systemd/system/wpa_supplicant@wlan0.service.d/customdependency.conf
[Unit]
After=netctl@failover.service

After that you can try to reboot your system again and see if it works. You can check the status of your bonding by checking journalctl for the netctl@failover.service unit.

And by checking:

# ip link

You should see something like this:

1: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT group default qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
2: wlan0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DORMANT group default qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
3: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff

Now, you can test your failover setup, by initiating a big download. Unplug your wired interface. Your download should keep going over the wireless interface. Then, plug your wired interface again and it should keep working. You can debug by checking journalctl for the netctl@failover.service and wpa_supplicant@wlan0.service units.

Using any interface

In some cases it may be desirable to allow a profile to use any interface on the system. A common example use case is using a common disk image across many machines with differing hardware (this is especially useful if they are headless). If you use the kernel's naming scheme, and your machine has only one ethernet interface, you can probably guess that eth0 is the right interface. If you use udev's Predictable Network Interface Names, however, names will be assigned based on the specific hardware itself (e.g. enp1s0), rather than simply the order that the hardware was detected (e.g. eth0, eth1). This means that a netctl profile may work on one machine and not another, because they each have different interface names.

A quick and dirty solution is to make use of the /etc/netctl/interfaces/ directory. Choose a name for your interface alias (en-any in this example), and write the following to a file with that name (making sure it is executable).

/etc/netctl/interfaces/en-any
#!/bin/bash
for interface in /sys/class/net/en*; do
        break;
done
Interface=$(basename $interface)
echo "en-any: using interface $Interface";

Then create a profile that uses the interface. Pay special attention to the Interface directive. The rest are only provided as examples.

/etc/netctl/wired
Description='Wired'
Interface=en-any
Connection=ethernet
IP=static
Address=('192.168.1.15/24')
Gateway='192.168.1.1'
DNS=('192.168.1.1')

When the wired profile is started, any machine using the two files above will automatically bring up and configure the first ethernet interface found on the system, regardless of what name udev assigned to it. Note that this is not the most robust way to go about configuring interfaces. If you use multiple interfaces, netctl may try to assign the same interface to them, and will likely cause a disruption in connectivity. If you do not mind a more complicated solution, netctl-auto is likely to be more reliable.

Using hooks

netctl supports hooks in /etc/netctl/hooks/ and per interface hooks in /etc/netctl/interfaces/. You can set any option in a hook/interface that you can in a profile. They are read the same way! Most importantly this includes ExecUpPost and ExecDownPre.

When a profile is read, netctl sources all executable scripts in hooks, then it reads the profile file for the connection and finally it sources an executable script with the name of the interface used in the profile from the interfaces directory. Therefore, declarations in an interface script override declarations in the profile, which override declarations in hooks.

The variables $INTERFACE, $SSID, $ACTION and $Profile are available in hooks/interfaces only when using netctl-auto

Examples

Execute commands on established connection
/etc/netctl/hooks/myservices
#!/bin/sh
ExecUpPost="systemctl start crashplan.service; systemctl start dropbox@<username>.service"
ExecDownPre="systemctl stop crashplan.service; systemctl stop dropbox@<username>.service"
Activate network-online.target
/etc/netctl/hooks/status
#!/bin/sh
ExecUpPost="systemctl start network-online.target"
ExecDownPre="systemctl stop network-online.target"

Using this, systemd services requiring an active network connection can be ordered to start only after the network-online.target is reached, and can be stopped before the connection is brought down.

Set default DHCP client

To set or change the DHCP client used for all profiles:

/etc/netctl/hooks/dhcp
#!/bin/sh
DHCPClient='dhclient'

Alternatively, it may also be specified for a specific network interface by creating an executable file /etc/netctl/interfaces/<interface> with the following line:

DHCPClient='dhclient'

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: It would be useful to replace the example with a general hook that executes different actions depending on $ACTION being CONNECT and DISCONNECT. (Discuss in Talk:Netctl#)

Minimal WPAConfigSection

As stated in the netctl.profile(5) man page, the WPAConfigSection variable is an array of config lines passed to wpa_supplicant. So, a minimal WPAConfigSection would contain:

Description='A wireless connection using a custom network block configuration'
Interface=wlan0
Connection=wireless
Security=wpa-configsection
IP=dhcp
WPAConfigSection=(
    'ssid="University"'
    'psk="very secret passphrase"'
)

Troubleshooting

Job for netctl@wlan(...).service failed

Some people have an issue when they connect to a network with netctl, for example:

# netctl start wlan0-ssid
Job for netctl@wlan0\x2ssid.service failed. See 'systemctl status netctl@wlan0\x2ssid.service' and 'journalctl -xn' for details.

When then looking at journalctl -xn, either of the following are shown:

1. If your device (wlan0 in this case) is up:

network[2322]: The interface of network profile 'wlan0-ssid' is already up

Setting the interface down should resolve the problem:

# ip link set wlan0 down

Then retry:

# netctl start wlan0-ssid

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: The following is an unsolved issue, using different DHCP client is just a poor/unexplained workaround. (Discuss in Talk:Netctl#)

2. If it is down:

dhcpcd[261]: wlan0: ipv4_sendrawpacket: Network is down

One way to solve this is to use a different DHCP client, for example dhclient. After installing the package configure netctl to use it:

/etc/netctl/wlan0-ssid
...
DHCPClient='dhclient'

Adding the ForceConnect option may also be helpful:

/etc/netctl/wlan0-ssid

...

ForceConnect=yes

Save it and try to connect with the profile:

# netctl start wlan0-ssid

dhcpcd: ipv4_addroute: File exists

On some systems dhcpcd in combination with netctl causes timeout issues on resume, particularly when having switched networks in the meantime. netctl will report that you are successfully connected but you still receive timeout issues. In this case, the old default route still exists and is not being renewed. A workaround to avoid this misbehaviour is to switch to dhclient as the default dhcp client. More information on the issue can be found here.

DHCP timeout issues

If you are having timeout issues when requesting leases via DHCP you can set the timeout value higher than netctl's 30 seconds by default. Create a file in /etc/netctl/hooks/ or /etc/netctl/interfaces/, add TimeoutDHCP=40 to it for a timeout of 40 seconds and make the file executable.

Connection timeout issues

If you are having timeout issues that are unrelated to DHCP (on a static ethernet connection for example), and are experiencing errors similar to the following when starting your profile:

# journalctl _SYSTEMD_UNIT=netctl@profile.service
Starting network profile 'profile'...
No connection found on interface 'eth0' (timeout)
Failed to bring the network up for profile 'profile'

Then you should increase carrier and up timeouts by adding TimeoutUp= and TimeoutCarrier= to your profile file:

/etc/netctl/profile
...
TimeoutUp=300
TimeoutCarrier=300

Do not forget to reenable your profile:

# netctl reenable profile

Problems with netctl-auto on resume

Sometimes netctl-auto fails to reconnect when the system resumes from suspend, hibernate or hybrid-sleep. An easy solution is to restart the service for netctl-auto. This can be automated with an additional service like the following:

/etc/systemd/system/netctl-auto-resume@.service
[Unit]
Description=restart netctl-auto on resume.
Requisite=netctl-auto@%i.service
After=sleep.target

[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl restart netctl-auto@%i.service

[Install]
WantedBy=sleep.target

To enable this service for your wireless card, for example, enable netctl-auto-resume@wlan0.service as root. Change wlan0 to the required network interface.

If the device is not yet running on resume when the unit is started, this will fail. It can be fixed by adding the following dependency in the After line:

/etc/systemd/system/netctl-auto-resume@.service
...
After=sleep.target sys-subsystem-net-devices-%i.device
...

netctl-auto suddenly stopped working for WiFi adapters

This problem seems to be related to a recent wpa_supplicant update (see FS#44731), but a work-around is quite trivial. Just create a file for your interface (e.g. wlp3s0) in /etc/netctl/interfaces with the following content and make it executable:

/etc/netctl/interfaces/wlp3s0
WPAOptions="-m ''"

After that, try to restart your netctl-auto service and WiFi auto detection should work well again.

netctl-auto does not automatically unblock a wireless card to use an interface

Many laptops have a hardware button (or switch) to turn off wireless card, however, the card can also be blocked by the kernel. This can be handled by rfkill.

If you want netctl-auto to automatically unblock your wireless card to connect to a particular network, set RFKill=++auto++ option for the wireless connection of your choice, as specified in the netctl.profile(5) man page.

RTNETLINK answers: File exists (with multiple NICs)

This is a very misleading response, it really means that you have assigned a default gateway in an earlier netctl control file. When netctl starts up the n-th NIC and goes to set its local route, it fails because there is already a default route from n-1.

Remove it and everything works, except you no longer have a default route and so cannot access things such as the internet. ExecUpPost does not work as it gets executed for each network card.

A possible solution is creating a new service. Replace "FIRST_INTERFACE" and "SECOND_INTERFACE" with your interface names, and replace "192.168.xxx.yyy" with your default gateway.

/etc/systemd/system/defaultrouter.service
[Unit]
Description="Configure default gateway"
Requires=netctl@FIRST_INTERFACE.service netctl@SECOND_INTERFACE.service
After=netctl@FIRST_INTERFACE.service netctl@SECOND_INTERFACE.service

[Service]
Type=oneshot
ExecStart=/usr/bin/ip route add default via 192.168.xxx.yyy

[Install]
WantedBy=network-online.target

See also