Wicd

From ArchWiki
Revision as of 23:43, 3 November 2012 by Jstjohn (Talk | contribs) (Initial Setup: mostly update this for systemd)

Jump to: navigation, search

Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary text Template:Article summary end

Wicd is a network connection manager that can manage wireless and wired interfaces, similar and an alternative to NetworkManager. Wicd is written in Python and GTK+, requiring fewer dependencies than other network managers. Alternatively, a version of Wicd for KDE, written in Qt, is available from the Arch User Repository. Wicd can also run from the terminal in a curses interface, requiring no X server session or task panel (see #Running Wicd).

Installation

Install wicd, available in the Official Repositories.

Note: Wicd is split into two packages.
wicd
Includes everything needed to run the wicd daemon and the wicd-cli and wicd-curses interfaces.
wicd-gtk
Includes everything needed to run the GTK interface of wicd and the autostart file for the client to appear in the system tray.

GTK client

For a GTK front-end, install wicd-gtk, available in the official repositories.

KDE client

For a KDE front-end, install wicd-kdeAUR, available in the Arch User Repository.

Notifications

To enable visual notifications about network status, you need to install the notification-daemon.

If you are not using GNOME, you will want to install xfce4-notifyd instead of the notification-daemon, because it pulls a lot of unnecessary GNOME packages.

Alternative

The wicd-bzrAUR buildscript is available in the AUR, which should build the latest development branch. If you need an alternative version or you just want to roll your own package, you can easily build it using ABS.

Getting Started

Initial Setup

Wicd provides a daemon that must be started.

Warning: Running multiple network managers will cause problems, so it is important to disable all other network management daemons.

First, stop all previously running network daemons:

# systemctl stop network
# systemctl stop dhcpcd
# systemctl stop NetworkManager

Disable any existing network management services, including network, dhcpcd, and networkmanager. Refer to Systemd#Using_units.

Enable the wicd service

# systemctl enable wicd

Add your account to network group:

# gpasswd -a USERNAME network
Note: The Unix group that dbus allows to access wicd is subject to change, and may be different than network. Check which policy group is specified in /etc/dbus-1/system.d/wicd.conf, and add your user to that group.

Reboot your computer or start the service.

# systemctl start wicd

If you added your user to a new group, log out and then log in.

Running Wicd

To load Wicd, run:

$ wicd-client

To force it to start minimized in the notification area, run:

$ wicd-client --tray

If your desktop environment does not have a notification area, run:

$ wicd-client -n
Note: The above commands will only work if you have installed the wicd-gtk package. If you did not install wicd-gtk then use wicd-cli or wicd-curses

You can add wicd-client to your DE/WM startup to have the application start when you log in.

Note: Some users have had an issue with two wicd-client processes when using this method. There has been discussion about this in the Arch forums and Arch bug reports (see #External_links). It appears that the wicd package puts a file in /etc/xdg/autostart/wicd-tray.desktop, which will autostart wicd-client upon login to your DE/WM. If this is the case, you will have two wicd-clients running if you add an additional wicd-client to your DE/WM startup file. Should that occur, confirm that the wicd-tray.desktop file exists in /etc/xdg/autostart; if so, having wicd in the daemons list of /etc/rc.conf is sufficient.

You can also run wicd as a curses application from the terminal like so:

$ wicd-curses
Note: Wicd does not prompt you for a passkey. To use encrypted connections (WPA/WEP), expand the network you want to connect to, click Advanced and enter the needed info.

Scripts

Wicd has the ability to run scripts during all stages of the connection process (post/pre connect/disconnect). Simply place a script inside the relevant stage folder within /etc/wicd/scripts/ and make it executable.

The scripts are able to receive three parameters, these being:

$1 - the connection type (wireless/wired).
$2 - the ESSID (network name).
$3 - the BSSID (gateway MAC).

As an example, the script below can be used to set a static ARP, to stop ARP spoofing attacks. Simply change the values within the case statement to match those of the networks you want to set static ARP entries for.

#!/bin/bash
#Set the parameters passed to this script to meaningful variable names.
connection_type="$1"
essid="$2"
bssid="$3"

if [ "${connection_type}" == "wireless" ]; then

       #Change below to match your networks.
       case "$essid" in
               YOUR-NETWORK-NAME-ESSID)
                       sudo arp -s 192.168.0.1 00:11:22:33:44:55
                       ;;
               Netgear01923)
                       sudo arp -s 192.168.0.1 10:11:20:33:40:50
                       ;;
               ANOTHER-ESSID)
                       sudo arp -s 192.168.0.1 11:33:55:77:99:00
                       ;;
               *)
                       echo "Static ARP not set. No network defined."
                       ;;
       esac
fi


Troubleshooting

Failed to get IP address

If wicd repeatedly fails to get an IP address using the default dhcpcd client, try installing and using dhclient instead:

# pacman -S dhclient

Do not forget to select dhclient as the primary dhcp client in wicd options afterwards!

If wicd can get an IP address for a wired interface and is unable to get an IP address for a wireless interface, try disabling the wireless card's powersaving features:

# iwconfig wlan0 power off

Random disconnecting

If dmesg says wlan0: deauthenticating from MAC by local choice (reason=3) and you lose your wifi connection, it is likely that you have a bit too agressive powersaving on your wifi card[1]. Try disabling the wireless card's powersaving features:

# iwconfig wlan0 power off
If you have the package pm-utils installed, it may be the reason powersaving is on in your system[2]. You can put
#!/bin/sh
/sbin/iwconfig wlan0 power off
into the file /etc/pm/power.d/wireless (create it if it does not exist and make it executable) and see if things get better.

If your card does not support "iwconfig wlan0 power off", check the BIOS for power management options. Disabling PCI-Express power management in bios on a Lenovo W520 resolved this issue.

Importing pynotify failed, notifications disabled

In case the package did not get installed automatically -- the package's name is "python-notify":

# pacman -S python-notify

Dbus connection error message

Otherwise you will get dbus error messages and not be able to connect to networks.

  • NOTE: If wicd suddenly stopped working and it complains about dbus, it is quite likely that you just need to remove wicd fully, including and all its configuration files, and re-install it from scratch:
pacman -R wicd
rm -Rf /etc/wicd /var/log/wicd /etc/dbus-1/system.d/wicd*
pacman -S wicd

Check this link for more details: http://bbs.archlinux.org/viewtopic.php?pid=577141#p577141

Wicd-client also throws a dbus connection error message ("Could not connect to wicd's D-Bus interface.") when wicd is not running due to a problem with a config file. It seems that sometimes an empty account gets added to /etc/wicd/wired-settings.conf in which case you simply have to remove the

[] 

and restart wicd.

When running wicd daemon with `rc.d` it won't print error that `pid` file is created. If you are sure wicd isn't running remove this file:

 rm /var/run/wicd/wicd.pid

Problems after package update

Sometimes the wicd client fails to load after a package update due to dbus errors.

A solution is to remove the config files in the /etc/wicd/ directory.

# rc.d stop wicd
# rm /etc/wicd/*.conf
# rc.d start wicd

Note about graphical sudo programs

If you are receiving an error about wicd failing to find a graphical sudo program, run one of the following commands:

$ ktsuss wicd-client -n
$ gksudo wicd-client -n
$ kdesu wicd-client -n

These programs require the ktsuss (found in the AUR), gksu, and kdesu packages, respectively.

Making eduroam work with wicd

Note: You may try the AUR package wicd-eduroamAUR first. It will appear in wicd as "eduroam". If it does not work for you, try the following.

This profile will only work for eduroam institutions which use TTLS and will not work for PEAP.

Save the following as /etc/wicd/encryption/templates/ttls-80211

name = TTLS for Wireless
author = Alexander Clouter
version = 1
require anon_identity *Anonymous_Username identity *Identity password *Password 
optional ca_cert *Path_to_CA_Cert cert_subject *Certificate_Subject
-----
ctrl_interface=/var/run/wpa_supplicant
network={
       ssid="$_ESSID"
       scan_ssid=$_SCAN

       key_mgmt=WPA-EAP
       eap=TTLS

       ca_cert="$_CA_CERT"
       subject_match="$_CERT_SUBJECT"
 
       phase2="auth=MSCHAPv2 auth=PAP"

       anonymous_identity="$_ANON_IDENTITY"
       identity="$_IDENTITY"
       password="$_PASSWORD"
}

Open a terminal

cd /etc/wicd/encryption/templates
echo ttls-80211 >> active

Open wicd, choose TTLS for Wireless in the properties of eduroam, and enter the appropriate settings for your institution. The format of the subject match should be something like "/CN=server.example.com".

NB. This only works in my institution by commenting subject_match, which is not secure, but at least it connects.

Two instances of wicd-client (and possibly two icons in tray)

See the note in Wicd#Running_Wicd about the autostart file in /etc/xdg/autostart and the forum post and bug report provided in Wicd#External_Links. Essentially, if /etc/xdg/autostart/wicd-tray.desktop exists, you only need wicd in /etc/rc.conf daemons and should remove it from your DE/WM autostart file.

Bad password using PEAP with TKIP/MSCHAPV2

The connection template PEAP with TKIP/MSCHAPV2 requires the user to enter the path to a CA certificate besides entering username and password. However this can cause troubles resulting in a error message of a bad password *. A possible solution is the usage of PEAP with GTC instead of TKIP/MSCHAPV2 which does not require to enter the path of the CA cert.

External links