pcurylo/add_wifi_nic_to_server.txt

## add_wifi_nic_to_server.txt
Network work via CL
iw replaces iwconfig
ip replaces ifconfig, route
systemd --> networkctl list;

Check if hardware is detected
# lshw [-class network | -C network]
$ ls /sys/class/net
$ lsusb
$ lspci

Check if module supports hardware
$ modinfo <driver_module> | grep <NIC_model>
  $ modinfo rt2800usb | grep 5370

Install module if not already running
# modprobe <driver_module>

Find NIC on new distros (ie, not wlan0)
$ ip link     { ls /sys/class/net }
$ iw dev     { # iwconfig }
Bring up interface and scan for SSID
# ip link set dev <NIC> up     { ifconfig <NIC> up }
# iw dev <NIC> scan | grep -i ssid     { iwlist <NIC> scan }
In one step (note: does not enable wpa_cli control)
$ wpa_passphrase <SSID> | awk '{x = x ORS $0}; END{printf "%s", x | "sudo wpa_supplicant -B -i <NIC> -c /dev/stdin"}'
Or if moreutils package is installed, use sponge
$ wpa_passphrase <SSID> | sponge | { read -r x; { printf "%s\n", "$x"; cat; } | "sudo wpa_supplicant -B -i <NIC> -c /dev/stdin"}'
Or step by step (enabling wpa_cli control)
Prepare RSN/WPA2
$ wpa_passphrase <ESSID> > ~/rsn.conf
--enter WPA2 PSK--
$ chmod 0600 ~/rsn.conf
To enable wpa_cli access, add
$ vi ~/rsn.conf
....................
ctrl_interface=DIR=/run/wpa_supplicant GROUP=0
update_config=1
..................
Start WPA Supplicant
# wpa_supplicant -B -i <NIC> -c ~/rsn.conf
  -B ::= background, -dd ::= debug, -Dwext for old NICs
Check status
# wpa_cli status
# iw dev
# ip link
Get dynamic address
# dhclient <NIC>
Check result
$ ip addr     { ifconfig }
$ ip route     { route }

Make persistent (survive boot) on systemd with networkd
Create WPA Supplicant conf with privs 0600
# touch /etc/wpa_supplicant/wpa_supplicant-<DEV>.conf
# chmod go-rwx /etc/wpa_supplicant/wpa_supplicante-<DEV>.conf
# vi /etc/wpa_supplicant/wpa_supplicant-<DEV>.conf
....................
ctrl_interface=DIR=/run/wpa_supplicant GROUP=0
#GROUP=<some-group-to-permit-user-startup>
update_config=1
<output-from-wpa_passphrase>
....................
Create systemd-networkd conf files
# vi /etc/systemd/network/wireless.network
....................
[Match]
Name=wl*

[Network]
DHCP=both
IPv6PrivacyExtensions=true

[DHCP]
RouteMetric=20
....................
# vi /etc/systemd/network/wired.network
...................
[Match]
Name=en*

[Network]
DHCP=yes

[DHCP]
RouteMetric=100
....................
As necessary, create network conf files for specific interfaces
These must appear lexically prior to wired/wireless.network
# vi /etc/systemd/network/static-<DEV>.network
[Match]
Name=<DEV>

[Network]
DNS=192.168.1.254
Address=192.168.1.100/24
Gateway=192.168.1.254
....................
Create the WPA Supplicant service file
# vi /etc/systemd/system/wpa_supplicant@.service
....................
[Unit]
Description=WPA supplicant for %i
Requires=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device
Before=network.target
Wants=network.target

[Service]
Type=simple
ExecStart=/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I

[Install]
Alias=multi-user.target.wants/wpa_supplicant@%i.service
....................
Relink /etc/resolv.conf from /etc/resolv.conf -> ../run/resolvconf/resolv.conf
# rm /etc/resolv.conf
# ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
Disable networking service - handing control over to networkd
# systemctl disable networking
Start support services
# systemctl enable wpa_supplicant@<DEV>.service
# systemctl disable wpa_supplicant.service
# systemctl start wpa_supplicant@<DEV>.service
Do not need to install dhcpcd or change dhclient - networkd handles this
Start main services
# systemctl enable systemd-resolved.service
# systemctl enable systemd-networkd.service
# systemctl start systemd-resolved.service
# systemctl start systemd-networkd.service

Make persistent using NetworkManager (likely a desktop)
Use the nmcli or GUI to setup interfaces
If setup and need to disable, see http://xmodulo.com/disable-network-manager-linux.html
If switching to systemd-networkd from Network Manager, see http://xmodulo.com/switch-from-networkmanager-to-systemd-networkd.html

More Notes
source: https://redpill-linpro.com/techblog/2016/08/17/systemd-network.html
source: https://wiki.aurchlinux.org/index.php/Wireless_network_configuration
source: https://wiki.aurchlinux.org/index.php/WPA_configuration {at boot: systemd}
Checking for errors
  dmesg -w
  journalctl -f
WiFi deauth reasons: https://www.aboutcher.co.uk/2012/07/linux-wifi-deauthenticated-reason-codes/
iw auth flow chart: https://wireless.wiki.kernel.org/en/developers/documentation/mac80211/auth-assoc-deauth
For wpa_cli, typical commands are
  status, interface, disconnect, reassociate, reconfigure, terminate, scan (then scan_results), save_config
Shutdown specific supplicant and device
  # wpa_cli -p /run/wpa_supplicant2 -i <DEV>
  # kill -s SIGQUIT `pidof wpa_supplicant`
  # kill -s SIGQUIT $(cat /var/run/wpa_supplicant/<DEV>.pid)
  then
  ip link set dev <DEV> down
  verify with
  iw dev <DEV> link
For wpa_supplicant - nl80211 is default; wext is deprecated (useful for old NICs)
iw phy - lists radios
rfkill - util to control radios
iw reg - check regulatory domain (ie, US, DE, JP, etc) {freq settings}
dmesg | grep <driver>: - check firmware freq settings
  $ dmesg | grep ath:
Use crda to set regulator domain
$ iw list | grep -A 15 Frequencies: - check if settings changed

WiFi Scripts
pre-up script
....................
wpa_supplicant -B -i <NIC> -c <path-to-config>
....................
possible path-to-config:  /etc/wpa_supplicant.conf, /etc/wpa_supplicant/wpa_supplicant.conf
post-down script
....................
killall -q wpa_supplicant
OR
wpa_cli -i <DEV> terminate
....................
	Network work via CL
	iw replaces iwconfig
	ip replaces ifconfig, route
	systemd --> networkctl list;

	Check if hardware is detected
	# lshw [-class network \| -C network]
	$ ls /sys/class/net
	$ lsusb
	$ lspci

	Check if module supports hardware
	$ modinfo <driver_module> \| grep <NIC_model>
	$ modinfo rt2800usb \| grep 5370

	Install module if not already running
	# modprobe <driver_module>

	Find NIC on new distros (ie, not wlan0)
	$ ip link { ls /sys/class/net }
	$ iw dev { # iwconfig }
	Bring up interface and scan for SSID
	# ip link set dev <NIC> up { ifconfig <NIC> up }
	# iw dev <NIC> scan \| grep -i ssid { iwlist <NIC> scan }
	In one step (note: does not enable wpa_cli control)
	$ wpa_passphrase <SSID> \| awk '{x = x ORS $0}; END{printf "%s", x \| "sudo wpa_supplicant -B -i <NIC> -c /dev/stdin"}'
	Or if moreutils package is installed, use sponge
	$ wpa_passphrase <SSID> \| sponge \| { read -r x; { printf "%s\n", "$x"; cat; } \| "sudo wpa_supplicant -B -i <NIC> -c /dev/stdin"}'
	Or step by step (enabling wpa_cli control)
	Prepare RSN/WPA2
	$ wpa_passphrase <ESSID> > ~/rsn.conf
	--enter WPA2 PSK--
	$ chmod 0600 ~/rsn.conf
	To enable wpa_cli access, add
	$ vi ~/rsn.conf
	....................
	ctrl_interface=DIR=/run/wpa_supplicant GROUP=0
	update_config=1
	..................
	Start WPA Supplicant
	# wpa_supplicant -B -i <NIC> -c ~/rsn.conf
	-B ::= background, -dd ::= debug, -Dwext for old NICs
	Check status
	# wpa_cli status
	# iw dev
	# ip link
	Get dynamic address
	# dhclient <NIC>
	Check result
	$ ip addr { ifconfig }
	$ ip route { route }

	Make persistent (survive boot) on systemd with networkd
	Create WPA Supplicant conf with privs 0600
	# touch /etc/wpa_supplicant/wpa_supplicant-<DEV>.conf
	# chmod go-rwx /etc/wpa_supplicant/wpa_supplicante-<DEV>.conf
	# vi /etc/wpa_supplicant/wpa_supplicant-<DEV>.conf
	....................
	ctrl_interface=DIR=/run/wpa_supplicant GROUP=0
	#GROUP=<some-group-to-permit-user-startup>
	update_config=1
	<output-from-wpa_passphrase>
	....................
	Create systemd-networkd conf files
	# vi /etc/systemd/network/wireless.network
	....................
	[Match]
	Name=wl*

	[Network]
	DHCP=both
	IPv6PrivacyExtensions=true

	[DHCP]
	RouteMetric=20
	....................
	# vi /etc/systemd/network/wired.network
	...................
	[Match]
	Name=en*

	[Network]
	DHCP=yes

	[DHCP]
	RouteMetric=100
	....................
	As necessary, create network conf files for specific interfaces
	These must appear lexically prior to wired/wireless.network
	# vi /etc/systemd/network/static-<DEV>.network
	[Match]
	Name=<DEV>

	[Network]
	DNS=192.168.1.254
	Address=192.168.1.100/24
	Gateway=192.168.1.254
	....................
	Create the WPA Supplicant service file
	# vi /etc/systemd/system/wpa_supplicant@.service
	....................
	[Unit]
	Description=WPA supplicant for %i
	Requires=sys-subsystem-net-devices-%i.device
	After=sys-subsystem-net-devices-%i.device
	Before=network.target
	Wants=network.target

	[Service]
	Type=simple
	ExecStart=/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I

	[Install]
	Alias=multi-user.target.wants/wpa_supplicant@%i.service
	....................
	Relink /etc/resolv.conf from /etc/resolv.conf -> ../run/resolvconf/resolv.conf
	# rm /etc/resolv.conf
	# ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
	Disable networking service - handing control over to networkd
	# systemctl disable networking
	Start support services
	# systemctl enable wpa_supplicant@<DEV>.service
	# systemctl disable wpa_supplicant.service
	# systemctl start wpa_supplicant@<DEV>.service
	Do not need to install dhcpcd or change dhclient - networkd handles this
	Start main services
	# systemctl enable systemd-resolved.service
	# systemctl enable systemd-networkd.service
	# systemctl start systemd-resolved.service
	# systemctl start systemd-networkd.service

	Make persistent using NetworkManager (likely a desktop)
	Use the nmcli or GUI to setup interfaces
	If setup and need to disable, see http://xmodulo.com/disable-network-manager-linux.html
	If switching to systemd-networkd from Network Manager, see http://xmodulo.com/switch-from-networkmanager-to-systemd-networkd.html

	More Notes
	source: https://redpill-linpro.com/techblog/2016/08/17/systemd-network.html
	source: https://wiki.aurchlinux.org/index.php/Wireless_network_configuration
	source: https://wiki.aurchlinux.org/index.php/WPA_configuration {at boot: systemd}
	Checking for errors
	dmesg -w
	journalctl -f
	WiFi deauth reasons: https://www.aboutcher.co.uk/2012/07/linux-wifi-deauthenticated-reason-codes/
	iw auth flow chart: https://wireless.wiki.kernel.org/en/developers/documentation/mac80211/auth-assoc-deauth
	For wpa_cli, typical commands are
	status, interface, disconnect, reassociate, reconfigure, terminate, scan (then scan_results), save_config
	Shutdown specific supplicant and device
	# wpa_cli -p /run/wpa_supplicant2 -i <DEV>
	# kill -s SIGQUIT `pidof wpa_supplicant`
	# kill -s SIGQUIT $(cat /var/run/wpa_supplicant/<DEV>.pid)
	then
	ip link set dev <DEV> down
	verify with
	iw dev <DEV> link
	For wpa_supplicant - nl80211 is default; wext is deprecated (useful for old NICs)
	iw phy - lists radios
	rfkill - util to control radios
	iw reg - check regulatory domain (ie, US, DE, JP, etc) {freq settings}
	dmesg \| grep <driver>: - check firmware freq settings
	$ dmesg \| grep ath:
	Use crda to set regulator domain
	$ iw list \| grep -A 15 Frequencies: - check if settings changed

	WiFi Scripts
	pre-up script
	....................
	wpa_supplicant -B -i <NIC> -c <path-to-config>
	....................
	possible path-to-config: /etc/wpa_supplicant.conf, /etc/wpa_supplicant/wpa_supplicant.conf
	post-down script
	....................
	killall -q wpa_supplicant
	OR
	wpa_cli -i <DEV> terminate
	....................