Assignment 7: Switch to iwd and NetworkManager
For this assignment, you will switch the underlying wireless network management service from wpa_supplicant to iwd. You’ll also install NetworkManager, which will make connecting to wireless networks easier.
- Background
- Procedure
- Step 1: Run Updates
- Step 2: Install Packages
- Step 3: Switch to udev
- Step 4: Stop the Networking Service
- Step 5: Stop the wpa_supplicant
- Step 6: Remove Networking Configuration
- Step 7: Configure NetworkManager
- Step 8: Start and Enable Services
- Step 9: Connect to the Network
- Step 10: Remove wpa_supplicant
- Step 11: Test by Rebooting
- Step 12: Clean Up Old Configuration
- Submission Checklist
- ABET Assessment
Background
To connect to a WiFi network in Linux, several pieces of software are involved:
- The Linux kernel, which sits at the lowest layer and contains the device driver for the WiFi adapter. The kernel provides an interface to interact with the card at the Physical Layer of the OSI Model (at a minimum).
- Software that handles WiFi authentication, which is part of the Data Link Layer for WiFi.
- A DHCP client to obtain an IP address and set up routing tables to send traffic over the WiFi connection. These components are part of the Network Layer.
- A tool to manage network startup and start the DHCP client, which is part of the Application Layer.
While there is only one Linux kernel, there are actually multiple choices for the authentication software and DHCP client/route management system. Out of the box, Alpine Linux ships with:
- wpa_supplicant
- udhcpc, a DHCP client built into BusyBox
- ifupdown-ng to bring up the network interface and start udhcpc
Of these tools, the wpa_supplicant is a bit dated and sometimes has some difficulties with newer WiFi standards and systems, making it difficult to impossible to authenticate to a wireless access point. Also, ifupdown-ng is better suited to servers and static desktop systems than it is to laptops and other devices that roam between networks, since it operates on the principle that the connection is established once and remains persistent.
We can improve our WiFi (and wired, for that matter) experience by switching out these tools for some others that are available in the Alpine Linux software repository:
- iNet Wireless Daemon (iwd), which was originally written by Intel to replace the wpa_supplicant with something more efficient
- NetworkManager, which provides an easier to use management layer and includes its own DHCP client
The process of switching out the pieces can be a little cumbersome, but the result will be a system that is easier to use when traveling between different WiFi networks.
Procedure
This assignment is structured as a tutorial. Follow the steps carefully and in order.
Step 1: Run Updates
Let’s begin by ensuring that we have the latest version of all installed packages:
apk update
apk upgrade
Pay attention to the output of the upgrade command. If you see that the
linux-rpi5-teal package is being upgraded, reboot after the upgrade (using
the reboot command). Note that a reboot is not necessary if the kernel
package doesn’t get upgraded.
Step 2: Install Packages
We need to install the iwd, networkmanager, networkmanager-wifi, networkmanager-tui, and networkmanager-cli packages. These packages add iwd and several parts of the NetworkManager software, including WiFi support, a text-based user interface for configuring the network, and a command-line interface for querying and configuring network settings. This set of packages can be installed with a single command:
apk add iwd networkmanager networkmanager-wifi networkmanager-tui networkmanager-cli
Step 3: Switch to udev
NetworkManager seems to require udev in order to work properly. Switch to it by running:
setup-devd udev
Step 4: Stop the Networking Service
NOTE: You will lose network connectivity after you run these steps. Be sure that you have installed the packages correctly in the previous step first. Run:
rc-service networking stop
rc-update del networking
Step 5: Stop the wpa_supplicant
The wpa_supplicant service conflicts with iwd. Stop and disable it by running:
rc-service wpa_supplicant stop
rc-update del wpa_supplicant boot
Step 6: Remove Networking Configuration
Since we’re going to be using NetworkManager to handle our network configuration, we need to remove the eth0 and/or wlan0 interfaces from our /etc/network/interfaces file. Edit this file using:
vi /etc/network/interfaces
Remove (using the dd command in vi) any lines that reference eth0 and/or wlan0. The only lines you should have left in this file when you’re finished are:
auto lo
iface lo inet loopback
Save and exit vi.
Step 7: Configure NetworkManager
Before we start up our new services, we need to edit the NetworkManager configuration file using:
vi /etc/NetworkManager/NetworkManager.conf
Remember that file and directory names are case-sensitive in Linux! The capitalization needs to match exactly.
Verify that the file contains the following:
[main]
dhcp=internal
If you see an empty file, then you probably typed your vi command incorrectly. Exit vi and check.
Edit the file to contain the following:
[main]
dhcp=internal
plugins=keyfile
[device]
wifi.scan-rand-mac-address=yes
wifi.backend=iwd
These changes enable the keyfile plugin for NetworkManager and instruct it to use iwd as the WiFi connection backend. We also enable the use of randomly generated MAC addresses when scanning for wireless networks, as doing so improves privacy by making it harder for wireless access points to track our device when we aren’t associated. While this feature probably doesn’t matter for the Raspberry Pi in this course, it is a good practice to enable it for laptops, phones, and other devices. Areas with public WiFi (such as grocery stores) are known to track devices (and therefore people) around the store by logging the MAC addresses used when scanning for wireless networks, even if you aren’t connected to the public WiFi service.
Save the file and exit vi.
Step 8: Start and Enable Services
Now we need to start and enable both iwd and NetworkManager:
rc-service iwd start
rc-update add iwd
rc-service networkmanager start
rc-update add networkmanager
Step 9: Connect to the Network
To connect to the network, run NetworkManager’s text mode user interface using the command:
nmtui
This user interface is menu driven. Go to “Edit a connection” in the menu, and press Enter.
Wired Connection
If you have a network cable plugged into your Pi, you should see that a “Wired connection 1” has been created automatically. By default, this connection will use DHCP, so you only need to edit it if you’re using static IP addresses or some other custom configuration on your network. You can navigate to the <Back> button to go back to the main menu.
You can check that this connection has been activated by going to “Activate a connection” on the main menu. You should see a * next to “Wired connection 1” in the Wired section, indicating that the connection is active. You can go back and navigate to Quit on the main menu to exit the NetworkManager TUI.
Home WiFi or Phone Hotspot
Assuming your home network uses a preshared key, you can actually take a bit of a shortcut when connecting to it. Navigate to the <Back> button on the connection editing screen and press Enter to return to the main menu. Go down to “Activate a connection” and press Enter. Select your WiFi network from the list, then press Enter.
You will be prompted for your WiFi password (the preshared key). Enter it into the dialog. Enter your password, then press Enter. NetworkManager will try to connect automatically. If this connection is successful, you will see a * next to the name of your network. You can navigate back to the main menu, then quit NetworkManager TUI.
If you mistyped your password or see an error message, go back to the “Edit a connection” screen. You can navigate using either the Tab key or arrow keys, and you can also enable the display of your password by putting an X in the box next to “Show password” (the spacebar works as a toggle after you navigate to the box). You can then navigate down to the <OK> button to confirm your changes. Back up to the main menu, then go back to the “Activate a connection” menu. Pick your wireless network from the list, then press Enter to activate it. A * to the left of your network name shows that it has been activated successfully. (The stars to the right of the network names show signal strength. If the signal is too low, your Pi might have trouble connecting. Try moving around the Pi and aiming it in different directions.)
Campus Wifi (eduroam)
Setting up NetworkManager and iwd for eduroam takes a bit more work, since eduroam is using WPA Enterprise authentication.
- Move the cursor to the right to select the Add button, then press Enter.
- Choose Wi-Fi from the menu, and press Enter.
- Change the Profile name to: eduroam
- Use the Tab key to navigate between fields.
- For the Device, enter: wlan0
- Tab down to the SSID field and set it to: eduroam
- Leave the Mode set to <Client>, and tab down to the <None> entry next to Security. Press Enter.
- Choose “WPA & WPA2 Enterprise” from the menu, and press Enter.
- Change the Authentication to PEAP.
- For the Anonymous Identity, enter your CCU email address.
- You can leave the Domain, CA cert, and CA cert password fields blank.
- Leave the PEAP version set to <Automatic> and the Inner authentication set to <MSCHAPv2>.
- Enter your CCU email address for the Username.
- Enter your CCU password for the Password.
- Leave everything else at the default settings, but be sure there is an X in the boxes next to “Automatically connect” and “Available to all users”.
- Navigate down to the OK button and press Enter.
- You will be returned to the connection editing menu, and you should now see eduroam under the Wi-Fi list. Navigate to the Back button, and press Enter.
- On the main menu, go to “Active a connection” and press Enter.
- On the list that appears, there should be a * next to eduroam under the Wi-Fi section. If there isn’t, then select eduroam, and press the Activate button. The star should now appear, indicating that you are connected. If not, check your username and password in the security settings inside the connection editor.
You can work your way back to the main menu and quit the NetworkManager TUI once you’re connected. NetworkManager should automatically reconnect to eduroam the next time you start the Raspberry Pi when you’re on campus.
Step 10: Remove wpa_supplicant
First, be absolutely sure that you have NetworkManager and iwd working. Check by running:
wget -O - http://checkip.dyndns.org
You should see HTML code in the output that includes “Current IP Address” and your public IP address (the one your router has, or a 199.120 address if on campus). If not, then you aren’t connected to the network and need to do some troubleshooting.
Assuming your connection is successful, remove wpa_supplicant by running:
apk del wpa_supplicant
If you need to troubleshoot your connection, run nmtui again, and go
back through the relevant network setup instructions above.
Step 11: Test by Rebooting
Reboot the system:
reboot
After rebooting, run nmtui again, and check that your network connection
has been activated automatically.
Step 12: Clean Up Old Configuration
If your system passed the reboot test, you can clean up the old wpa_supplicant configuration file and directory. First, double-check that you indeed removed the wpa_supplicant package:
apk info -L wpa_supplicant
This command should produce NO output. If you get a list of files instead, go back and redo steps 10 and 11.
Assuming the command produced no output, carefully run:
rm -rf /etc/wpa_supplicant
Remember that the -rf to the rm command means recursive and force (don’t
prompt). Mistyping the path to remove can trash your system completely!
Submission Checklist
Run the following commands:
hostname
date
rc-service iwd status
apk info -L wpa_supplicant
PAGER= nmcli connection show
You should see the output of all 5 commands on the screen. If the nmcli command is clobbering the rest of the output, be sure you typed the PAGER=, followed by a space, followed by nmcli in the above command.
How to Check Your Work
To verify that you have everything working properly, look at the output of the above commands:
- Be sure that your CCU username is part of your hostname.
- Be sure that the date shows a time during the period for this assignment this semester.
- Your iwd service status should be “started”.
- The
apk info -L wpa_supplicantcommand should produce NO output, since the package has been uninstalled. - The NetworkManager client should show that you’re connected to a wired or wireless network. The text of the connected network should be green.
Final Steps
Use your phone to take a picture of the screen. Upload the picture to Moodle as the submission for this assignment.
ABET Assessment
Successful completion of this assignment satisfies the following performance indicator:
- 2.4. Compare multiple solutions against requirements.