Iwd: Difference between revisions

(15 intermediate revisions by 10 users not shown)

Line 1:

iwd (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.

[https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/ iwd] (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.

== ~~Installation~~ ==

== Setup ==

iwd can be enabled with the following snippet.

Line 10:

Line 11:

== Usage ==

Connections can be managed using the provided ~~{{ic|~~iwctl}} tool.

Connections can be managed using the provided <code>iwctl</code> tool.

== Configuration ==

To configure iwd, you should use <code>networking.wireless.iwd.settings</code> option. An example configuration, which enables IPv6 and automatic connection to known networks, would be similar to:

{

networking.wireless.iwd.settings = {

Network = {

EnableIPv6 = true;

};

Settings = {

AutoConnect = true;

};

}

</syntaxhighlight>

For a detailed and up-to-date list of available settings, please reference the [https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/src/iwd.network.rst network daemon configuration documentation], from kernel Git repo.

=== [[eduroam]] ===

[[eduroam]] (WPA2 Enterprise) wireless networks need to get configured manually by creating the following file <code>/var/lib/iwd/eduroam.8021x</code>, which will not persist across NixOS rebuilds unless explicitly managed. It's often better to configure this via a NixOS module.

[Security]

EAP-Method=PEAP

EAP-Identity=eduroamHDcat2024@uni-heidelberg.de

EAP-PEAP-CACert=/var/lib/iwd/ca.pem

EAP-PEAP-ServerDomainMask=radius-node1.urz.uni-heidelberg.de

EAP-PEAP-Phase2-Method=MSCHAPV2

EAP-PEAP-Phase2-Identity=xyz123@uni-heidelberg.de

EAP-PEAP-Phase2-Password=mypassword

[Settings]

Autoconnect=true

</syntaxhighlight>

Replace the values in <code>EAP-Identity</code>, <code>EAP-PEAP-ServerDomainMask</code>, <code>EAP-PEAP-Phase2-Identity</code> and <code>EAP-PEAP-Phase2-Password</code> according to your university presets which can be acquired at [https://cat.eduroam.org cat.eduroam.org]. After entering your university name there the site will offer you a download link to a Python script which contains most of the required default values. The script also contains a certificate string which can be copied into the file <code>/var/lib/iwd/ca.pem</code>.

=== iwd as backend for NetworkManager ===

If iwd is present, it can be used as a backend for NetworkManager through the following snippet.

If iwd is present, it can be used as a backend for [[NetworkManager]] through the following snippet.

networking.networkmanager.wifi.backend = "iwd";

</syntaxhighlight>

{{Warning|Setting this will silently turn off MAC address randomization as Networkmanager does not control the MAC address randomization features of `iwd` for which it is turned off by default.<ref>https://bbs.archlinux.org/viewtopic.php?id=280657</ref><ref>https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1111</ref>

To remediate this, configure iwd directly using the `AddressRandomization` option.}}

=== iwd as backend for Connman ===

~~Iwd~~ could be ~~use~~ as a backend for Connman too.

iwd could be used as a backend for Connman too.

Line 36:

Line 77:

=== org.freedesktop.service failed ===

When connecting to a protected network it could happen that no password window appears and the following message is written in the journal:

<~~pre~~>

dbus-daemon[1732]: [session uid=9001 pid=1730] Activated service 'org.freedesktop.secrets' failed: Failed to execute program org.freedesktop.secrets: No such file or directory

</~~pre~~>

</syntaxhighlight>

Your desktop manager may not enable some secrets management service you may need to enable one:

<~~syntaxHighlight~~ lang=nix>

{

services.~~gnome3~~.gnome-keyring.enable = true;

services.gnome.gnome-keyring.enable = true;

}

</~~syntaxHighlight~~>

</syntaxhighlight>

=== rfkill blocks wireless device ===

If the wi-fi connection is blocked by ~~rf-kill~~, it ~~it is needed~~ to unblock ~~the~~ the wireless device. A way to do that ~~with Nix~~ is by using system.activationScripts.

If the Wi-Fi connection is blocked by <code>rfkill</code>, it needs to unblock the wireless device. A way to do that in NixOS is by using <code>system.activationScripts</code>, although it is not the most idiomatic solution.

<~~syntaxHighlight~~ lang=nix>

{

system.activationScripts = {

rfkillUnblockWlan = {

text = ''

rfkill unblock wlan

'';

deps = [];

Line 59:

Line 104:

};

}

</~~syntaxHighlight~~>

</syntaxhighlight>

=== event: disconnect-info reason: 2 ===

When using certain chipsets, such as the Qualcomm <code>qcncm865</code><ref>https://community.frame.work/t/guide-successful-wi-fi-7-802-11be-on-framework-13-amd-with-qualcomm-qcncm865-and-arch-linux/44723</ref>, you need to use legacy EAPoL packets<ref>https://lkml.org/lkml/2020/10/14/1101</ref> to prevent a disconnect loop. In <code>iwd.service</code> this issue shows up as:

SA Query timed out, connection is invalid. Disconnecting...

Feb 26 10:17:10 probook iwd[4486]: event: disconnect-info, reason: 2

</syntaxhighlight>

If you are using systemd-networkd, this shows up in <code>systemd-networkd.service</code> as repeated <code>Carrier Gained. Carrier Lost.</code> messages. On NixOS, this can be resolved by setting the matching iwd settings option.

{

networking.wireless.iwd.settings.General.ControlPortOverNL80211 = false;

}

</syntaxhighlight>

[[Category:Applications]]

[[Category:Applications]][[Category: Networking]]

@@ Line 1: / Line 1: @@
-iwd (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.
+{{DISPLAYTITLE:iwd}}
+[https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/ iwd] (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.
-== Installation ==
+== Setup ==
 iwd can be enabled with the following snippet.
@@ Line 10: / Line 11: @@
 == Usage ==
-Connections can be managed using the provided {{ic|iwctl}} tool.
+Connections can be managed using the provided <code>iwctl</code> tool.
 == Configuration ==
+To configure iwd, you should use <code>networking.wireless.iwd.settings</code> option. An example configuration, which enables IPv6 and automatic connection to known networks, would be similar to:
+<syntaxhighlight lang="nix">
+{
+  networking.wireless.iwd.settings = {
+    Network = {
+      EnableIPv6 = true;
+    };
+    Settings = {
+      AutoConnect = true;
+    };
+  };
+}
+</syntaxhighlight>
+For a detailed and up-to-date list of available settings, please reference the [https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/src/iwd.network.rst network daemon configuration documentation], from kernel Git repo.
+=== [[eduroam]] ===
+[[eduroam]] (WPA2 Enterprise) wireless networks need to get configured manually by creating the following file <code>/var/lib/iwd/eduroam.8021x</code>, which will not persist across NixOS rebuilds unless explicitly managed. It's often better to configure this via a NixOS module.
+<syntaxhighlight lang="ini">
+[Security]
+EAP-Method=PEAP
+EAP-Identity=eduroamHDcat2024@uni-heidelberg.de
+EAP-PEAP-CACert=/var/lib/iwd/ca.pem
+EAP-PEAP-ServerDomainMask=radius-node1.urz.uni-heidelberg.de
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=xyz123@uni-heidelberg.de
+EAP-PEAP-Phase2-Password=mypassword
+[Settings]
+Autoconnect=true
+</syntaxhighlight>
+Replace the values in <code>EAP-Identity</code>, <code>EAP-PEAP-ServerDomainMask</code>, <code>EAP-PEAP-Phase2-Identity</code> and <code>EAP-PEAP-Phase2-Password</code> according to your university presets which can be acquired at [https://cat.eduroam.org cat.eduroam.org]. After entering your university name there the site will offer you a download link to a Python script which contains most of the required default values. The script also contains a certificate string which can be copied into the file <code>/var/lib/iwd/ca.pem</code>.
 === iwd as backend for NetworkManager ===
-If iwd is present, it can be used as a backend for NetworkManager through the following snippet.
+If iwd is present, it can be used as a backend for [[NetworkManager]] through the following snippet.
 <syntaxhighlight lang="nix">
 networking.networkmanager.wifi.backend = "iwd";
 </syntaxhighlight>
+{{Warning|Setting this will silently turn off MAC address randomization as Networkmanager does not control the MAC address randomization features of `iwd` for which it is turned off by default.<ref>https://bbs.archlinux.org/viewtopic.php?id=280657</ref><ref>https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1111</ref>
+To remediate this, configure iwd directly using the `AddressRandomization` option.}}
 === iwd as backend for Connman ===
-Iwd could be use as a backend for Connman too.
+iwd could be used as a backend for Connman too.
 <syntaxhighlight lang="nix">
@@ Line 36: / Line 77: @@
 === org.freedesktop.service failed ===
 When connecting to a protected network it could happen that no password window appears and the following message is written in the journal:
-<pre>
+<syntaxhighlight lang="text">
 dbus-daemon[1732]: [session uid=9001 pid=1730] Activated service 'org.freedesktop.secrets' failed: Failed to execute program org.freedesktop.secrets: No such file or directory
-</pre>
+</syntaxhighlight>
 Your desktop manager may not enable some secrets management service you may need to enable one:
-<syntaxHighlight lang=nix>
+<syntaxhighlight lang="nix">
 {
-   services.gnome3.gnome-keyring.enable = true;
+   services.gnome.gnome-keyring.enable = true;
 }
-</syntaxHighlight>
+</syntaxhighlight>
 === rfkill blocks wireless device ===
-If the wi-fi connection is blocked by rf-kill, it it is needed to unblock the the wireless device. A way to do that with Nix is by using  system.activationScripts.
+If the Wi-Fi connection is blocked by <code>rfkill</code>, it needs to unblock the wireless device. A way to do that in NixOS is by using <code>system.activationScripts</code>, although it is not the most idiomatic solution.
-<syntaxHighlight lang=nix>
+<syntaxhighlight lang="nix">
 {
    system.activationScripts = {
      rfkillUnblockWlan = {
        text = ''
-      rfkill unblock wlan
+        rfkill unblock wlan
        '';
        deps = [];
@@ Line 59: / Line 104: @@
    };
 }
-</syntaxHighlight>
+</syntaxhighlight>
+=== event: disconnect-info reason: 2 ===
+When using certain chipsets, such as the Qualcomm <code>qcncm865</code><ref>https://community.frame.work/t/guide-successful-wi-fi-7-802-11be-on-framework-13-amd-with-qualcomm-qcncm865-and-arch-linux/44723</ref>, you need to use legacy EAPoL packets<ref>https://lkml.org/lkml/2020/10/14/1101</ref> to prevent a disconnect loop. In <code>iwd.service</code> this issue shows up as:
+<syntaxhighlight lang="text">
+SA Query timed out, connection is invalid.  Disconnecting...
+Feb 26 10:17:10 probook iwd[4486]: event: disconnect-info, reason: 2
+</syntaxhighlight>
+If you are using systemd-networkd, this shows up in <code>systemd-networkd.service</code> as repeated <code>Carrier Gained. Carrier Lost.</code> messages. On NixOS, this can be resolved by setting the matching iwd settings option.
+<syntaxhighlight lang="nix">
+{
+  networking.wireless.iwd.settings.General.ControlPortOverNL80211 = false;
+}
+</syntaxhighlight>
-[[Category:Applications]]
+[[Category:Applications]][[Category: Networking]]