Jump to content

Iwd: Difference between revisions

From NixOS Wiki
← Older edit
Visual
imported>Yuu
No edit summary
 
(15 intermediate revisions by 11 users not shown)
Line 1: Line 1:
iwd (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.
{{DISPLAYTITLE:iwd}}
[https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/ iwd] (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.


= Installation =
== Setup ==


iwd can be enabled with the following snippet.
iwd can be enabled with the following snippet.
Line 9: Line 10:
</syntaxhighlight>
</syntaxhighlight>


= Usage =
== Usage ==
Connections can be managed using the provided {{ic|iwctl}} tool.
Connections can be managed using the provided <code>iwctl</code> tool.


= Configuration =
== Configuration ==


== iwd as backend for NetworkManager ==
To configure iwd, you should use <code>networking.wireless.iwd.settings</code> option. An example configuration, which enables IPv6 and automatic connection to known networks, would be similar to:


If iwd is present, it can be used as a backend for NetworkManager through the following snippet.
<syntaxhighlight lang="nix">
{
  networking.wireless.iwd.settings = {
    Network = {
      EnableIPv6 = true;
    };
    Settings = {
      AutoConnect = true;
    };
  };
}
</syntaxhighlight>
 
For a detailed and up-to-date list of available settings, please reference the [https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/src/iwd.network.rst network daemon configuration documentation], from kernel Git repo.
 
=== Eduroam (WPA2 Enterprise) network ===
[https://eduroam.org Eduroam] wireless networks need to get configured manually by creating the following file <code>/var/lib/iwd/eduroam.8021x</code>, which will not persist across NixOS rebuilds unless explicitly managed. It's often better to configure this via a NixOS module.
 
<syntaxhighlight lang="ini">
[Security]
EAP-Method=PEAP
EAP-Identity=eduroamHDcat2024@uni-heidelberg.de
EAP-PEAP-CACert=/var/lib/iwd/ca.pem
EAP-PEAP-ServerDomainMask=radius-node1.urz.uni-heidelberg.de
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=xyz123@uni-heidelberg.de
EAP-PEAP-Phase2-Password=mypassword
 
[Settings]
Autoconnect=true
</syntaxhighlight>
 
Replace the values in <code>EAP-Identity</code>, <code>EAP-PEAP-ServerDomainMask</code>, <code>EAP-PEAP-Phase2-Identity</code> and <code>EAP-PEAP-Phase2-Password</code> according to your university presets which can be acquired at [https://cat.eduroam.org cat.eduroam.org]. After entering your university name there the site will offer you a download link to a Python script which contains most of the required default values. The script also contains a certificate string which can be copied into the file <code>/var/lib/iwd/ca.pem</code>.
 
=== iwd as backend for NetworkManager ===
 
If iwd is present, it can be used as a backend for [[NetworkManager]] through the following snippet.


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
Line 22: Line 59:
</syntaxhighlight>
</syntaxhighlight>


== iwd as backend for Connman ==
{{Warning|Setting this will silently turn off MAC address randomization as Networkmanager does not control the MAC address randomization features of `iwd` for which it is turned off by default.<ref>https://bbs.archlinux.org/viewtopic.php?id=280657</ref><ref>https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1111</ref>
To remediate this, configure iwd directly using the `AddressRandomization` option.}}
 
=== iwd as backend for Connman ===


Iwd could be use as a backend for Connman too.
iwd could be used as a backend for Connman too.


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
Line 32: Line 72:
Note that iwd is experimental and it does not have feature parity with the default backend, wpa_supplicant.
Note that iwd is experimental and it does not have feature parity with the default backend, wpa_supplicant.


= Troubleshooting =
== Troubleshooting ==


== org.freedesktop.service failed ==
=== org.freedesktop.service failed ===
When connecting to a protected network it could happen that no password window appears and the following message is written in the journal:
When connecting to a protected network it could happen that no password window appears and the following message is written in the journal:
<pre>
 
<syntaxhighlight lang="text">
dbus-daemon[1732]: [session uid=9001 pid=1730] Activated service 'org.freedesktop.secrets' failed: Failed to execute program org.freedesktop.secrets: No such file or directory
dbus-daemon[1732]: [session uid=9001 pid=1730] Activated service 'org.freedesktop.secrets' failed: Failed to execute program org.freedesktop.secrets: No such file or directory
</pre>
</syntaxhighlight>
 
Your desktop manager may not enable some secrets management service you may need to enable one:
Your desktop manager may not enable some secrets management service you may need to enable one:
<syntaxHighlight lang=nix>
 
<syntaxhighlight lang="nix">
{
{
   services.gnome3.gnome-keyring.enable = true;
   services.gnome.gnome-keyring.enable = true;
}
}
</syntaxHighlight>
</syntaxhighlight>


== rfkill blocks wireless device ==
=== rfkill blocks wireless device ===
If the wi-fi connection is blocked by rf-kill, it it is needed to unblock the the wireless device. A way to do that with Nix is by using system.activationScripts.
If the Wi-Fi connection is blocked by <code>rfkill</code>, it needs to unblock the wireless device. A way to do that in NixOS is by using <code>system.activationScripts</code>, although it is not the most idiomatic solution.
<syntaxHighlight lang=nix>
 
<syntaxhighlight lang="nix">
{
{
   system.activationScripts = {
   system.activationScripts = {
     rfkillUnblockWlan = {
     rfkillUnblockWlan = {
       text = ''
       text = ''
      rfkill unblock wlan
        rfkill unblock wlan
       '';
       '';
       deps = [];
       deps = [];
Line 59: Line 103:
   };
   };
}
}
</syntaxHighlight>
</syntaxhighlight>
 
=== event: disconnect-info reason: 2 ===
When using certain chipsets, such as the Qualcomm <code>qcncm865</code><ref>https://community.frame.work/t/guide-successful-wi-fi-7-802-11be-on-framework-13-amd-with-qualcomm-qcncm865-and-arch-linux/44723</ref>, you need to use legacy EAPoL packets<ref>https://lkml.org/lkml/2020/10/14/1101</ref> to prevent a disconnect loop. In <code>iwd.service</code> this issue shows up as:
 
<syntaxhighlight lang="text">
SA Query timed out, connection is invalid.  Disconnecting...
Feb 26 10:17:10 probook iwd[4486]: event: disconnect-info, reason: 2
</syntaxhighlight>
 
If you are using systemd-networkd, this shows up in <code>systemd-networkd.service</code> as repeated <code>Carrier Gained. Carrier Lost.</code> messages. On NixOS, this can be resolved by setting the matching iwd settings option.
 
<syntaxhighlight lang="nix">
{
  networking.wireless.iwd.settings.General.ControlPortOverNL80211 = false;
}
</syntaxhighlight>
 
[[Category:Applications]][[Category: Networking]]

Latest revision as of 12:29, 21 September 2025

iwd (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.

Setup

iwd can be enabled with the following snippet. 

networking.wireless.iwd.enable = true;

Usage

Connections can be managed using the provided iwctl tool.

Configuration

To configure iwd, you should use networking.wireless.iwd.settings option. An example configuration, which enables IPv6 and automatic connection to known networks, would be similar to: 

{
  networking.wireless.iwd.settings = {
    Network = {
      EnableIPv6 = true;
    };
    Settings = {
      AutoConnect = true;
    };
  };
}

For a detailed and up-to-date list of available settings, please reference the network daemon configuration documentation, from kernel Git repo.

Eduroam (WPA2 Enterprise) network

Eduroam wireless networks need to get configured manually by creating the following file /var/lib/iwd/eduroam.8021x, which will not persist across NixOS rebuilds unless explicitly managed. It's often better to configure this via a NixOS module. 

[Security]
EAP-Method=PEAP
EAP-Identity=eduroamHDcat2024@uni-heidelberg.de
EAP-PEAP-CACert=/var/lib/iwd/ca.pem
EAP-PEAP-ServerDomainMask=radius-node1.urz.uni-heidelberg.de
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=xyz123@uni-heidelberg.de
EAP-PEAP-Phase2-Password=mypassword

[Settings]
Autoconnect=true

Replace the values in EAP-Identity, EAP-PEAP-ServerDomainMask, EAP-PEAP-Phase2-Identity and EAP-PEAP-Phase2-Password according to your university presets which can be acquired at cat.eduroam.org. After entering your university name there the site will offer you a download link to a Python script which contains most of the required default values. The script also contains a certificate string which can be copied into the file /var/lib/iwd/ca.pem.

iwd as backend for NetworkManager

If iwd is present, it can be used as a backend for NetworkManager through the following snippet. 

networking.networkmanager.wifi.backend = "iwd";
⚠︎
Warning: Setting this will silently turn off MAC address randomization as Networkmanager does not control the MAC address randomization features of `iwd` for which it is turned off by default.[1][2] To remediate this, configure iwd directly using the `AddressRandomization` option.

iwd as backend for Connman

iwd could be used as a backend for Connman too. 

services.connman.wifi.backend = "iwd";

Note that iwd is experimental and it does not have feature parity with the default backend, wpa_supplicant.

Troubleshooting

org.freedesktop.service failed

When connecting to a protected network it could happen that no password window appears and the following message is written in the journal: 

dbus-daemon[1732]: [session uid=9001 pid=1730] Activated service 'org.freedesktop.secrets' failed: Failed to execute program org.freedesktop.secrets: No such file or directory

Your desktop manager may not enable some secrets management service you may need to enable one: 

{
  services.gnome.gnome-keyring.enable = true;
}

rfkill blocks wireless device

If the Wi-Fi connection is blocked by rfkill, it needs to unblock the wireless device. A way to do that in NixOS is by using system.activationScripts, although it is not the most idiomatic solution. 

{
  system.activationScripts = {
    rfkillUnblockWlan = {
      text = ''
        rfkill unblock wlan
      '';
      deps = [];
    };
  };
}

event: disconnect-info reason: 2

When using certain chipsets, such as the Qualcomm qcncm865[3], you need to use legacy EAPoL packets[4] to prevent a disconnect loop. In iwd.service this issue shows up as: 

SA Query timed out, connection is invalid.  Disconnecting...
Feb 26 10:17:10 probook iwd[4486]: event: disconnect-info, reason: 2

If you are using systemd-networkd, this shows up in systemd-networkd.service as repeated Carrier Gained. Carrier Lost. messages. On NixOS, this can be resolved by setting the matching iwd settings option. 

{
  networking.wireless.iwd.settings.General.ControlPortOverNL80211 = false;
}
  1. https://bbs.archlinux.org/viewtopic.php?id=280657
  2. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1111
  3. https://community.frame.work/t/guide-successful-wi-fi-7-802-11be-on-framework-13-amd-with-qualcomm-qcncm865-and-arch-linux/44723
  4. https://lkml.org/lkml/2020/10/14/1101
Retrieved from "https://wiki.nixos.org/w/index.php?title=Iwd&oldid=26473"