From 93d03d9016c7191d1707b0de71170adea7ea56ef Mon Sep 17 00:00:00 2001 From: Wilfried OLLIVIER Date: Tue, 14 Jul 2020 17:14:50 +0200 Subject: [PATCH] Add networking the right way --- content/post/05-networking-the-right-way.md | 194 ++++++++++++++++++++ 1 file changed, 194 insertions(+) create mode 100644 content/post/05-networking-the-right-way.md diff --git a/content/post/05-networking-the-right-way.md b/content/post/05-networking-the-right-way.md new file mode 100644 index 0000000..ed65ebb --- /dev/null +++ b/content/post/05-networking-the-right-way.md @@ -0,0 +1,194 @@ +--- +title: "GNU/Linux wireless networking like it's 2020" +subtitle: "How to add some systemd stuff inside your network configuration" +date: 2020-07-14 +draft: false +tags: [ops, systemd, network, wireless] +--- + +# From netcl to iwd 📡 + +ArchLinux is installed on my laptop (an XPS 15) since I got it from my job in +2017[^1]. 3 years ago, the cli tool distributed within the distribution was +`netctl`. It's an in-house [ArchLinux +project](https://git.archlinux.org/netctl.git/) allowing users to manage +networking. Overall, the tool does everything I need to get a +network connection up and running the way I need it. One of the main thing I +dislike about it is `wifi-menu`, a poorly design UI to search for wireless +access points. + +Not so long ago a new challenger appeared : `iwd`. **iNet Wireless Daemon** +(iwd) is new wireless daemon for GNU/Linux (a standard tool, available on all +distros is better for this kind of tasks). Even if this project aims to +replace `wpa_supplicant` it can also replace `netctl`. If you think it's a +toy project from some random guy over the internet, bad news for you, that guy +is : Intel™. The fact that this program acts as a daemon means one standing +point : multiple clients will be available in the future and some well known +managers like `network-manager` might also use it. A default one comes with +the package as an interactive shell called `iwctl`, bye-bye `wifi-menu` ! + +To begin with `iwd` enable and start the service + +```sh +systemctl enable --now iwd.service +``` + +and open the interactive shell + +```sh +iwctl +``` + +then list all networks + +```sh +[iwd] station wlan0 get-networks + Available networks +-------------------------------------------------------------------------------- + Network name Security Signal +-------------------------------------------------------------------------------- + ORTHANC psk **** + MINAS ITHIL psk **** + MINAS TIRITH psk **** +``` + +```sh +[iwd] station wlan0 connect ORTHANC +``` + +Enter the password if needed, it will be saved for later use (in +`/var/lib/iwd`) and check if everything is ok : + +```sh +[iwd] station wlan0 show + Station: wlan0 +-------------------------------------------------------------------------------- + Settable Property Value +-------------------------------------------------------------------------------- + Scanning no + State connected + Connected network ORTHANC +``` + +On reboot, `iwd` will try to reconnect to last used connection. + +# Adding some salty systemd stuff 🧂 + +Connected, sure, but what about an IP address 🤡 ? The first option is +obviously `dhcpd` but it scales poorly if you have to type it everytime you +connect to a network. Since version 0.19 `iwd` comes with a built-in DHCP +client to enable it just add + +```txt +[General] +EnableNetworkConfiguration=true +``` + +in `/etc/iwd/main.conf`. + +For some people it's good enough, but you know me, I like systemd a lot and +i'm already using `systemd-networkd`[^2] to create various kind of static network +interfaces and network connections. + +To let `systemd-networkd` get DHCP configuration for you, ensure `systemd-networkd` is enabled + +```sh +systemctl enable --now systemd-networkd.service +``` + +Now, add a `.network` file (in `/etc/systemd/network`) for the main wifi interface + +```txt +[Match] +Name=wlan0 + +[Network] +DHCP=yes +``` + +The _match_ section is used to identify the interface by name, the _network_ +one ensures that this configuration comes from DHCP. + +Now that everything is setup, systemd-networkd will get configuration for this +interface when requested by changes on wifi interface from `iwctl`. + +# More salt with systemd-resolved 👺 + +In order to piss off the ones who hate systemd, I decided to add +`systemd-resolved` into the mix. + +`systemd-resolved` is a systemd subservice providing a local DNS system with +caching, DNSSEC or the cool new kid : [DNS over +TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). + +As usual to enable it : + +```sh +systemctl enable --now systemd-resolved.service +``` + +The common way to change the DNS configuration is the good old +`/etc/resolv.conf` file. With `systemd-resolved` the recommended and most +disruptive way is to symlink the generated stub file +`/run/systemd/resolve/stub-resolv.conf` to `/etc/resolv.conf`. + +```txt +# This file is managed by man:systemd-resolved(8). Do not edit. +# +# This is a dynamic resolv.conf file for connecting local clients to the +# internal DNS stub resolver of systemd-resolved. This file lists all +# configured search domains. +# +# Run "resolvectl status" to see details about the uplink DNS servers +# currently in use. +# +# Third party programs should typically not access this file directly, but only +# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a +# different way, replace this symlink by a static file or a different symlink. +# +# See man:systemd-resolved.service(8) for details about the supported modes of +# operation for /etc/resolv.conf. + +nameserver 127.0.0.53 +options edns0 +search example.lan example.com +``` + +The stub file contains only the local DNS stub server from `systemd-resolved` (available on 127.0.0.53). + +The main purpose of this server is a caching implementation avoiding useless +DNS requests. + +To get an idea of the number of requests where the cache is used, just check statistics + +```sh +resolvectl statistics +DNSSEC supported by current servers: no + +Transactions +Current Transactions: 0 + Total Transactions: 8544 + +Cache + Current Cache Size: 65 + Cache Hits: 2394 + Cache Misses: 3939 +``` + +To customize `systemd-resolved` configuration, just look at +systemd-revolved(8) and the config file in `/etc/systemd/resolved.conf` +(`resolvctl` with no argument can be used to get information about the +current configuration). + +This is, in my opinion, the best networking config I ever have. + +Happy systemding ! + +# Ressources + +- https://wiki.archlinux.org/index.php/Iwd +- https://wiki.archlinux.org/index.php/Systemd-networkd +- https://wiki.archlinux.org/index.php/Systemd-resolved + +[^1]: And it runs on [btrfs](https://en.wikipedia.org/wiki/Btrfs) with absolutely no troubles for more than 3 years +[^2]: A systemd subservice handling networking stuff