1 changed files with 194 additions and 0 deletions
Split View
Diff Options
+ 194
- 0
content/post/05-networking-the-right-way.md
View File
| @@ -0,0 +1,194 @@ | |||
| --- | |||
| title: "GNU/Linux wireless networking like it's 2020" | |||
| subtitle: "How to add some systemd stuff inside your network configuration" | |||
| date: 2020-07-14 | |||
| draft: false | |||
| tags: [ops, systemd, network, wireless] | |||
| --- | |||
| # From netcl to iwd 📡 | |||
| ArchLinux is installed on my laptop (an XPS 15) since I got it from my job in | |||
| 2017[^1]. 3 years ago, the cli tool distributed within the distribution was | |||
| `netctl`. It's an in-house [ArchLinux | |||
| project](https://git.archlinux.org/netctl.git/) allowing users to manage | |||
| networking. Overall, the tool does everything I need to get a | |||
| network connection up and running the way I need it. One of the main thing I | |||
| dislike about it is `wifi-menu`, a poorly design UI to search for wireless | |||
| access points. | |||
| Not so long ago a new challenger appeared : `iwd`. **iNet Wireless Daemon** | |||
| (iwd) is new wireless daemon for GNU/Linux (a standard tool, available on all | |||
| distros is better for this kind of tasks). Even if this project aims to | |||
| replace `wpa_supplicant` it can also replace `netctl`. If you think it's a | |||
| toy project from some random guy over the internet, bad news for you, that guy | |||
| is : Intel™. The fact that this program acts as a daemon means one standing | |||
| point : multiple clients will be available in the future and some well known | |||
| managers like `network-manager` might also use it. A default one comes with | |||
| the package as an interactive shell called `iwctl`, bye-bye `wifi-menu` ! | |||
| To begin with `iwd` enable and start the service | |||
| ```sh | |||
| systemctl enable --now iwd.service | |||
| ``` | |||
| and open the interactive shell | |||
| ```sh | |||
| iwctl | |||
| ``` | |||
| then list all networks | |||
| ```sh | |||
| [iwd] station wlan0 get-networks | |||
| Available networks | |||
| -------------------------------------------------------------------------------- | |||
| Network name Security Signal | |||
| -------------------------------------------------------------------------------- | |||
| ORTHANC psk **** | |||
| MINAS ITHIL psk **** | |||
| MINAS TIRITH psk **** | |||
| ``` | |||
| ```sh | |||
| [iwd] station wlan0 connect ORTHANC | |||
| ``` | |||
| Enter the password if needed, it will be saved for later use (in | |||
| `/var/lib/iwd`) and check if everything is ok : | |||
| ```sh | |||
| [iwd] station wlan0 show | |||
| Station: wlan0 | |||
| -------------------------------------------------------------------------------- | |||
| Settable Property Value | |||
| -------------------------------------------------------------------------------- | |||
| Scanning no | |||
| State connected | |||
| Connected network ORTHANC | |||
| ``` | |||
| On reboot, `iwd` will try to reconnect to last used connection. | |||
| # Adding some salty systemd stuff 🧂 | |||
| Connected, sure, but what about an IP address 🤡 ? The first option is | |||
| obviously `dhcpd` but it scales poorly if you have to type it everytime you | |||
| connect to a network. Since version 0.19 `iwd` comes with a built-in DHCP | |||
| client to enable it just add | |||
| ```txt | |||
| [General] | |||
| EnableNetworkConfiguration=true | |||
| ``` | |||
| in `/etc/iwd/main.conf`. | |||
| For some people it's good enough, but you know me, I like systemd a lot and | |||
| i'm already using `systemd-networkd`[^2] to create various kind of static network | |||
| interfaces and network connections. | |||
| To let `systemd-networkd` get DHCP configuration for you, ensure `systemd-networkd` is enabled | |||
| ```sh | |||
| systemctl enable --now systemd-networkd.service | |||
| ``` | |||
| Now, add a `.network` file (in `/etc/systemd/network`) for the main wifi interface | |||
| ```txt | |||
| [Match] | |||
| Name=wlan0 | |||
| [Network] | |||
| DHCP=yes | |||
| ``` | |||
| The _match_ section is used to identify the interface by name, the _network_ | |||
| one ensures that this configuration comes from DHCP. | |||
| Now that everything is setup, systemd-networkd will get configuration for this | |||
| interface when requested by changes on wifi interface from `iwctl`. | |||
| # More salt with systemd-resolved 👺 | |||
| In order to piss off the ones who hate systemd, I decided to add | |||
| `systemd-resolved` into the mix. | |||
| `systemd-resolved` is a systemd subservice providing a local DNS system with | |||
| caching, DNSSEC or the cool new kid : [DNS over | |||
| TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). | |||
| As usual to enable it : | |||
| ```sh | |||
| systemctl enable --now systemd-resolved.service | |||
| ``` | |||
| The common way to change the DNS configuration is the good old | |||
| `/etc/resolv.conf` file. With `systemd-resolved` the recommended and most | |||
| disruptive way is to symlink the generated stub file | |||
| `/run/systemd/resolve/stub-resolv.conf` to `/etc/resolv.conf`. | |||
| ```txt | |||
| # This file is managed by man:systemd-resolved(8). Do not edit. | |||
| # | |||
| # This is a dynamic resolv.conf file for connecting local clients to the | |||
| # internal DNS stub resolver of systemd-resolved. This file lists all | |||
| # configured search domains. | |||
| # | |||
| # Run "resolvectl status" to see details about the uplink DNS servers | |||
| # currently in use. | |||
| # | |||
| # Third party programs should typically not access this file directly, but only | |||
| # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a | |||
| # different way, replace this symlink by a static file or a different symlink. | |||
| # | |||
| # See man:systemd-resolved.service(8) for details about the supported modes of | |||
| # operation for /etc/resolv.conf. | |||
| nameserver 127.0.0.53 | |||
| options edns0 | |||
| search example.lan example.com | |||
| ``` | |||
| The stub file contains only the local DNS stub server from `systemd-resolved` (available on 127.0.0.53). | |||
| The main purpose of this server is a caching implementation avoiding useless | |||
| DNS requests. | |||
| To get an idea of the number of requests where the cache is used, just check statistics | |||
| ```sh | |||
| resolvectl statistics | |||
| DNSSEC supported by current servers: no | |||
| Transactions | |||
| Current Transactions: 0 | |||
| Total Transactions: 8544 | |||
| Cache | |||
| Current Cache Size: 65 | |||
| Cache Hits: 2394 | |||
| Cache Misses: 3939 | |||
| ``` | |||
| To customize `systemd-resolved` configuration, just look at | |||
| systemd-revolved(8) and the config file in `/etc/systemd/resolved.conf` | |||
| (`resolvctl` with no argument can be used to get information about the | |||
| current configuration). | |||
| This is, in my opinion, the best networking config I ever have. | |||
| Happy systemding ! | |||
| # Ressources | |||
| - https://wiki.archlinux.org/index.php/Iwd | |||
| - https://wiki.archlinux.org/index.php/Systemd-networkd | |||
| - https://wiki.archlinux.org/index.php/Systemd-resolved | |||
| [^1]: And it runs on [btrfs](https://en.wikipedia.org/wiki/Btrfs) with absolutely no troubles for more than 3 years | |||
| [^2]: A systemd subservice handling networking stuff | |||