RogerBW's Blog

Networking without network-manager 07 March 2015

I don't like network-manager. It's too big and complicated and hard to persuade to do the things I want. Fortunately it's not too hard to do without it.

This is all for Debian/wheezy. It'll probably apply to other versions too. It certainly works on Raspbian for the Raspberry Pi.

For wired networking, it's really easy. In /etc/network/interfaces put in either a static address:

allow-hotplug eth0
iface eth0 inet static
        address 10.0.0.3
        netmask 255.255.0.0
        network 10.0.0.0
        broadcast 10.0.255.255
        gateway 10.0.255.254

(I don't think you actually need the network and broadcast lines any more, but back in the day they were helpful.)

Or for DHCP:

allow-hotplug eth0
iface eth0 inet dhcp

No problem. Use ifup and ifdown to bring the interface up and down. (If you want to do this as a normal user, sudo is the easiest way.)

For wireless it's only slightly more complex. You'll need the wpasupplicant package, and to build a configuration file for it, let's say /etc/wpa_supplicant.conf. Set up a separate stanza for each network you want to connect to, with a different id_str entry for each different set of things you want to do with the connection. (I'll come back to this.)

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
#
# home network; allow all valid ciphers
network={
        ssid="my_homenet_ssid"
        key_mgmt=WPA-PSK
        psk="my_homenet_password"
        id_str="home"
}

network={
        ssid="some_other_ssid"
        key_mgmt=WPA-PSK
        psk="my_remote_password"
        id_str="mobile"
}

network={
        ssid="open_network_ssid"
        key_mgmt=NONE
        id_str="mobile"
}

You can add scan_ssid=1 to a stanza if you need to connect to a network that doesn't broadcast (but this makes your device leak information about which networks it's looking for, which is very easy for an attacker to spoof, so don't configure your APs this way if you have the option). If you're willing to connect to any open network, just leave out the ssid line in that stanza. If you're connecting to WPA-Enterprise and other more complex setups, see the wpa_supplicant.conf(5) man page for how to set up certificates and such.

Then in /etc/network/interfaces set up a stanza for each id_str:

iface wlan0 inet manual
        wpa-roam /etc/wpa_supplicant.conf

iface home inet dhcp

iface mobile inet dhcp

Why did I put in separate home and mobile entries? Because you can tag other things onto the definitions: under the mobile entry, I have:

        post-up /etc/init.d/openvpn start
        pre-down /etc/init.d/openvpn stop

to set up my VPN connection to the home network automatically. The end result is that I can connect seamlessly to my servers at home from my laptop wherever it is, using the VPN automatically when it's needed.

If you have a wireless network without DHCP, which is quite rare but not un-heard-of, you can use inet static as mentioned above for wired networks. Just give it a different id_str in /etc/wpa_supplicant.conf and then add something like:

iface special_flower inet static
        address 10.20.30.99
        gateway 10.20.30.40
        netmask 255.255.255.0
        dns-nameservers 10.20.30.40

That dns-nameservers directive needs the resolvconf package, which is probably a good idea anyway if you use anything other than DHCP.

If you want more control of when you connect to specific networks, such as being able to enable or disable entries in the list, put your main user in the netdev group and install wpa-gui.

Tags: computing linux raspberry pi

Comments on this post are now closed. If you have particular grounds for adding a late comment, comment on a more recent post quoting the URL of this one.
Search
Archive
Tags 1920s 1930s 1940s 1950s 1960s 1970s 1980s 1990s 2000s 2010s 2300ad 3d printing action advent of code aeronautics aikakirja anecdote animation anime army astronomy audio audio tech base commerce battletech bayern beer boardgaming book of the week bookmonth chain of command children chris chronicle church of no redeeming virtues cold war comedy computing contemporary cornish smuggler cosmic encounter coup covid-19 crime crystal cthulhu eternal cycling dead of winter doctor who documentary drama driving drone ecchi economics en garde espionage essen 2015 essen 2016 essen 2017 essen 2018 essen 2019 essen 2022 essen 2023 essen 2024 existential risk falklands war fandom fanfic fantasy feminism film firefly first world war flash point flight simulation food garmin drive gazebo genesys geocaching geodata gin gkp gurps gurps 101 gus harpoon historical history horror hugo 2014 hugo 2015 hugo 2016 hugo 2017 hugo 2018 hugo 2019 hugo 2020 hugo 2021 hugo 2022 hugo 2023 hugo 2024 hugo-nebula reread in brief avoid instrumented life javascript julian simpson julie enfield kickstarter kotlin learn to play leaving earth linux liquor lovecraftiana lua mecha men with beards mpd museum music mystery naval noir non-fiction one for the brow opera parody paul temple perl perl weekly challenge photography podcast politics postscript powers prediction privacy project woolsack pyracantha python quantum rail raku ranting raspberry pi reading reading boardgames social real life restaurant reviews romance rpg a day rpgs ruby rust scala science fiction scythe second world war security shipwreck simutrans smartphone south atlantic war squaddies stationery steampunk stuarts suburbia superheroes suspense television the resistance the weekly challenge thirsty meeples thriller tin soldier torg toys trailers travel type 26 type 31 type 45 vietnam war war wargaming weather wives and sweethearts writing about writing x-wing young adult
Special All book reviews, All film reviews
Produced by aikakirja v0.1