Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
A big thank you to the gentoo OpenRC networking team
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3  Next  
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  

What networking client do YOU use on your notebook?
wicd
28%
 28%  [ 16 ]
NetworkManager
33%
 33%  [ 19 ]
OpenRC + wpa_supplicant
38%
 38%  [ 22 ]
wifi-radar
0%
 0%  [ 0 ]
Total Votes : 57

Author Message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Thu Apr 18, 2013 1:01 pm    Post subject: Reply with quote

smartass wrote:
I think we did discuss the stacked runlevels on #gentoo.

smartass ... I often remember the discussion, but generally not the nick, in your case having a memorable nick helped :)

smartass wrote:
I wasn't aware of the /etc/conf.d/*.runlevel possibilities, this is great !

yes, but other than net.<iface>.<runlevel> its not something I've taken much advantage of.

smartass wrote:
I wish stacked runlevels and this was documented in the handbook.

They are briefly covered in 4.e. Changing the Runlevel Behaviour but agreed, its a subject that should be expanded apon.

smartass wrote:
I started a how-to page on the wiki OpenRC_notebook_roaming_How-To. Feel free to contribute and expand (use-cases, examples...) :)

The period broke the link (fixed above) ... anyhow, yes I'll see what I can add.

best ... khay
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6747

PostPosted: Fri Apr 19, 2013 7:16 am    Post subject: Reply with quote

khayyam wrote:
Most hotels, libraries, etc, uses radius to authenticate, so mostly its WPA-RADIUS, PEAP or MSCHAPv2 (which is often found in universities in the form of 'eduroam') this is just slightly different as you generally provide an "identity" and "password" and perhaps a cert.

Actually, I did not manage to make eduroam working in 1 hour of trying at my university (tried with wicd and with wpa_supplicant) - still no idea what was failing - while on a laptop with Ubuntu+Networkmanager it worked out of the box as described on the university's page. Experiences like that make it a risk to use no NetworkManager on travel. Another example: With said laptop I got a message "wlan disabled by hardware switch" (I don't know whether it came from NetworkManager of Unity) - after hours of checking I finally found that moving the CD-eject-button into an opposite direction (by accident during travel) indeed had switched off the wlan; without this helpful message I would never have found this cause during the trip, since I did not even know that modern laptops might have such a switch. It is really such a pity that NetworkManager with its unacceptable dependencies really seems to be the only userfriendly interface...
Back to top
View user's profile Send private message
smartass
Apprentice
Apprentice


Joined: 04 Jul 2011
Posts: 189
Location: right behind you ... (you did turn around, didn't you?)

PostPosted: Fri Apr 19, 2013 9:23 am    Post subject: Reply with quote

mv,

I had more luck with plain wpa_supplicant (and wpa_gui) than wicd with wpa_supplicant on the eduroam case, because wicd templates are somewhat limited, whereas wpa_supplicant can select most options itself (e.g. pairwise ciphers)

as for the RFKILL infrastructure, it's true that most guis don't implement it in a sensible way, most NM applets say it's disabled, wicd just stops working (but can turn it on though, press K IIRC)

I usually just check /sys/class/rfkill/ when I'm desperate, but my kernel is configured to display the status via a LED.
Back to top
View user's profile Send private message
xaviermiller
Bodhisattva
Bodhisattva


Joined: 23 Jul 2004
Posts: 8706
Location: ~Brussels - Belgique

PostPosted: Fri Apr 19, 2013 9:33 am    Post subject: Reply with quote

Hello,

I switched from wicd to ifplug/wpa_supplicant and it works as fine as wicd, removing one useless layer.
I also managed to configure a login script for some hot-spots (using postup_ESSID() functions in the net config file)
_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
logical_guy
Apprentice
Apprentice


Joined: 18 Sep 2007
Posts: 268

PostPosted: Fri Apr 19, 2013 10:48 am    Post subject: Reply with quote

mv wrote:
Actually, I did not manage to make eduroam working in 1 hour of trying at my university (tried with wicd and with wpa_supplicant) - still no idea what was failing - while on a laptop with Ubuntu+Networkmanager it worked out of the box as described on the university's page.


I've been using wicd quite happily for some years now for logging on to eduroam networks with no problems at all. I had to add some use flags for wpa_supplicant to get it to work, though.
Back to top
View user's profile Send private message
smartass
Apprentice
Apprentice


Joined: 04 Jul 2011
Posts: 189
Location: right behind you ... (you did turn around, didn't you?)

PostPosted: Fri Apr 19, 2013 12:35 pm    Post subject: Reply with quote

Xavier, thanks for sharing this nice idea, I might try it out. It would be great if you elaborated on this topic on the wiki page, I've added some basic info about this approach which you could expand upon.
I'm surprised the postup_ESSID framework works even just with wpa_supplicant, I though that worked only with the wireless tools module.

logical_guy, what flags were they?
Back to top
View user's profile Send private message
logical_guy
Apprentice
Apprentice


Joined: 18 Sep 2007
Posts: 268

PostPosted: Fri Apr 19, 2013 12:42 pm    Post subject: Reply with quote

smartass wrote:
logical_guy, what flags were they?


Code:
$ grep wpa_supplicant /etc/portage/package.use
net-wireless/wpa_supplicant eap-sim gnutls wimax wps
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Apr 19, 2013 1:20 pm    Post subject: Reply with quote

logical_guy wrote:
Code:
net-wireless/wpa_supplicant eap-sim gnutls wimax wps

logical_guy ... I don't think these played a part in your being able to authenticate to eduroam, gnutls is simply used in place of openssl, EAP-SIM is used in GSM, and you would need specific hardware for WiMax, and its normally associated with commercial networks.

best ... khay
Back to top
View user's profile Send private message
smartass
Apprentice
Apprentice


Joined: 04 Jul 2011
Posts: 189
Location: right behind you ... (you did turn around, didn't you?)

PostPosted: Fri Apr 19, 2013 1:56 pm    Post subject: Reply with quote

Well, it is possible that the eduroam logical_guy encountered uses some obscure version of TTLS which only gnutls supports, but it's unlikely.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 8933

PostPosted: Fri Apr 19, 2013 4:50 pm    Post subject: Reply with quote

Wicd, because i am lazy :)
Back to top
View user's profile Send private message
smartass
Apprentice
Apprentice


Joined: 04 Jul 2011
Posts: 189
Location: right behind you ... (you did turn around, didn't you?)

PostPosted: Sat Apr 20, 2013 6:26 am    Post subject: Reply with quote

It's been very interesting to watch the evolution of the poll, thank you people for voting and keep them votes comin' ;)

Just curious, what is your experience with prioritizing networks with the various networking clients?

I find the one provided by wpa_supplicant very smart, especially in places where you have many wifi APs sharing an ESSID and then competing networks around and it's possible through wpa_gui it's to isolate yourself just to one given ESSID.
One thing that I miss is that it's a lot harder to select a given BSSID with wpa_gui, I'd have to write it directly into wpa_supplicant.conf or force it to reconnect several times before it selects the AP I want.
So in general wpa_supplicant works well in situations, where you don't care about the actual AP being used and just want to connect to a given ESSID and you let wpa_supplicant figure out which AP to use. I guess this would be the optimal mode of operation, in the ideal world.
IIRC wicd was able to connect to a specific AP, which I miss sometimes.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6747

PostPosted: Sat Apr 20, 2013 7:23 am    Post subject: Reply with quote

khayyam wrote:
logical_guy wrote:
Code:
net-wireless/wpa_supplicant eap-sim gnutls wimax wps

logical_guy ... I don't think these played a part in your being able to authenticate to eduroam

wps might still be a reason, although I do not understand what it means. Since we are at it: Do you have an idea what USE=ap and p2p is for in wpa_supplicant? I have activated it just to have it in case it should be needed somewhere but did not really understand what I am doing... As I understood you fasteap is also mainly only for commercial networks and usually not to be found "in the wild" (hotel, library, airport, university, ...).
Back to top
View user's profile Send private message
smartass
Apprentice
Apprentice


Joined: 04 Jul 2011
Posts: 189
Location: right behind you ... (you did turn around, didn't you?)

PostPosted: Sat Apr 20, 2013 7:30 am    Post subject: Reply with quote

WPS - Wifi protected setup is a service where you punch in on your device a 7 digit pin written on the router and the AP gives you the WPA passphrase and info. It's very susceptible to brute force attacks, but it's not uncommon. So I doubt that was what helped with the eduroam case. My eduroam works just with openssl.

As for the other flags, ap makes it act like hostapd AFAIK and p2p is some wi-fi sharing technology.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Sat Apr 20, 2013 12:07 pm    Post subject: Reply with quote

smartass wrote:
Just curious, what is your experience with prioritizing networks with the various networking clients?

smartass ... with wpa_supplicant the use of 'priority=' and 'disabled=' can be used, though I'm not sure if these features can be enabled via wpa_gui. With wpa_cli any variable can be set like so:

Code:
% wpa_cli list_networks
Selected interface 'wlp2s0'
network id / ssid / bssid / flags
0   AP1   xx:xx:xx:xx:xx:a1       [CURRENT]
1   AP2   xx:xx:xx:xx:xx:b1       [DISABLED]
% wpa_cli get_network 0 priority
Selected interface 'wlp2s0'
90
% wpa_cli set_network 0 priority 100
Selected interface 'wlp2s0'
OK
% wpa_cli get_network 0 priority
Selected interface 'wlp2s0'
100
% wpa_cli save_config

The syntax is:

Code:
set_network <network id> <variable> <value>

The above would translate to "priority=100" in network id 0's network stanza in wpa_supplicant.conf. The same method can be used to disable a network, its boolean so, disabled=0 (enabled) disabled=1 (disabled).

smartass wrote:
One thing that I miss is that it's a lot harder to select a given BSSID with wpa_gui, I'd have to write it directly into wpa_supplicant.conf or force it to reconnect several times before it selects the AP I want.

If you provide the BSSID and 'scan_ssid=0' in the stanza then it should select the AP by BSSID and not ESSID.

smartass wrote:
So in general wpa_supplicant works well in situations, where you don't care about the actual AP being used and just want to connect to a given ESSID and you let wpa_supplicant figure out which AP to use. I guess this would be the optimal mode of operation, in the ideal world.

It will select the ESSID with the strongest signal, but in environments using WDS sometimes its not always obvious which of any given ESSID is the better and so it may not be optimal.

mv wrote:
wps might still be a reason, although I do not understand what it means.

mv ... the wps useflag also wouldn't have any effect, its a method of setting up a client's psk via a PIN that is normally labelled on the bottom of the AP, the rational being that a secure psk is too complex for the user to handle so an eight digit PIN is used in its place. You'd think this would be relatively secure (one digit being a checksum the remaining seven would provide some 10,000,000 possible combinations) but the registrar will acknowledge the validity of the first 4 digits, which essentially reduces the guesswork to some 11,000 possible combinations, and given that an enrollee can send some number of PINs a second (depending on vendor/brand) then its only a matter of time before the PIN is guessed and the psk handed out. If you have an AP which is WPS capable *disable it* (if possible ... with some AP's that's simply not possible). As far as having it as a useflag unless you plan on using the above "wireless security" method to acquire the psk (unlikely) then its pointless to have the useflag set.

mv wrote:
Do you have an idea what USE=ap and p2p is for in wpa_supplicant? I have activated it just to have it in case it should be needed somewhere but did not really understand what I am doing... As I understood you fasteap is also mainly only for commercial networks and usually not to be found "in the wild" (hotel, library, airport, university, ...).

Yes, your not likely to need 'fasteap' (EAP-FAST) its a cisco thing thats mainly used in corporate environments. As the useflag conflicts with both 'ssl' and 'gnutls' then its really only something you'd enable if you absolutely must.

As for 'ap' and 'p2p' these are used for lightweight AP, and WiFi Direct respectively. Hostapd and wpa_supplicant are the same source tree, hostapd is more for fully fledged AP's (such as dd_wrt, open_wrt, etc) the "CONFIG_AP=y" is a feature that enables wpa_supplicant to provide a similar AP like setup without the use of hostapd. I really haven't looked into it that much, and its a fairly new feature, so I'm not altogether clear what the aim is, probably its so that clients can have the card run as an AP with minimal configuration.

best ... khay
Back to top
View user's profile Send private message
smartass
Apprentice
Apprentice


Joined: 04 Jul 2011
Posts: 189
Location: right behind you ... (you did turn around, didn't you?)

PostPosted: Sun Apr 21, 2013 6:23 am    Post subject: Reply with quote

khay, thank you for the detailed explanation, I am aware of how to do it with wpa_cli, but that's not as convenient as it would be to do it via wpa_gui. But using wpa_cli is an option too.

I've polished the wiki page some more, I invite you to corrcet and expand it.
And those of you who are interested can try the how-to out and maybe you'll ditch your current networking client ;)

It's interesting how many people vote for wicd, is it mainly because of wicd-curses? It was a major point for me.
But wpa_cli is a viable alternative, because of its command-line with smart auto-completion.
Back to top
View user's profile Send private message
Hypnos
Advocate
Advocate


Joined: 18 Jul 2002
Posts: 2889
Location: Omnipresent

PostPosted: Sun Apr 21, 2013 6:49 am    Post subject: Reply with quote

I use wicd because it's "Good Enough" and there is a systray app for my XFCE desktop

If they start requiring the *kit junk I'll reevaluate
_________________
Personal overlay | Simple backup scheme
Back to top
View user's profile Send private message
smartass
Apprentice
Apprentice


Joined: 04 Jul 2011
Posts: 189
Location: right behind you ... (you did turn around, didn't you?)

PostPosted: Sun Apr 21, 2013 6:59 am    Post subject: Reply with quote

Although wicd doesn't require *kit stuff (yet, if dbus gets merged into systemd...well you get the idea ;)) , I never understood why it requires gksu or kdesu for the gtk app, but doesn't require a similar privilege control program for the ncurses app.

wpa_gui is a quite nice sys-tray app.
Back to top
View user's profile Send private message
Hypnos
Advocate
Advocate


Joined: 18 Jul 2002
Posts: 2889
Location: Omnipresent

PostPosted: Sun Apr 21, 2013 7:37 am    Post subject: Reply with quote

smartass wrote:
I never understood why it requires gksu or kdesu for the gtk app, but doesn't require a similar privilege control program for the ncurses app.

wicd-gtk only needs to use a graphical sudo for making a custom script for a particular connection. wicd-curses has code for this using sudo or su, but it's commented out. This is because it doesn't work on every distribution and it's hardly better than just opening a root terminal yourself.

Quote:
wpa_gui is a quite nice sys-tray app.

I haven't tried it because it uses Qt, and my system is Qt-free to this point. (I do use Skype with Qt in the 32-bit emulation libraries.)
_________________
Personal overlay | Simple backup scheme
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Sun Apr 21, 2013 5:43 pm    Post subject: Reply with quote

smartass wrote:
khay, thank you for the detailed explanation, I am aware of how to do it with wpa_cli, but that's not as convenient as it would be to do it via wpa_gui. But using wpa_cli is an option too.

smartass ... I'm sure most people would also feel that way, for me I'm quite happy to use wpa_cli, and as its scriptable I can write a script to do any tasks I might do on more than one occasion.

smartass wrote:
I've polished the wiki page some more, I invite you to corrcet and expand it.

I may not end up doing that, I really have somekind of mental block where wiki's are concerned, in part because it often amounts to re-organising someone elses thoughts (which somehow gives me the shivers), but also because I tend to want to start from a blank slate, and then pose the question, what is it I'm outlining, and then start to structure it ... with wiki's this structure is somewhat arbitrary (at least to my mind ... which is, I should state, entirely a personal qwerk) ... I just see wiki's as sprawling in all directions and something about it causes me to not know how to proceed. Anyhow, some comments:

In the "exclusive network interface example", why not something like the following:

Code:
postup_${IFACE}() {
    xIFACE="enp1s0"
    /etc/init.d/net.${xIFACE} status &>/dev/null && rc-service net.${xIFACE} stop
}

${IFACE} is priovided, so there doesn't seem any need to hardcode it, infact we could use it to set the value for ${xIFACE}

Code:
if [ ${IFACE} = "enp1s0" ] ; then
    xIFACE="wlp2s0"
else
    xIFACE="enp1s0"
fi

I had thought of using something similar, but I don't always want the interfaces switched when one or other is brought down, also the way my runlevels are currently configured its not simply the interface but the services that are to be changed, and so switching to another runlevel is used. I imagine this might be a better method for handling netmount, as in my case when I hibernate I don't bring down the interface (because my location may not have changed) I just stop certain services. I don't use pm-utils but hibernate-script but I think the methods should be comparable.

I'm not sure changing inittab is required ... rc operates on the contents of /etc/runlevels and 'softlevel' can be used for providing the runlevel at boot (see: here).

Anyhow, sorry that I'm incabable of contributing more than this ... if you want I can make further comments as the page progresses, but I can't see me getting over my current impass.

best ... khay
Back to top
View user's profile Send private message
logical_guy
Apprentice
Apprentice


Joined: 18 Sep 2007
Posts: 268

PostPosted: Mon Apr 22, 2013 7:03 am    Post subject: Reply with quote

Thanks, khayyam, mv, smartass, for clarifying my wpa_supplicant use flags.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Apr 22, 2013 10:23 am    Post subject: Reply with quote

khayyam wrote:
Code:
postup_${IFACE}() {
    xIFACE="enp1s0"
    /etc/init.d/net.${xIFACE} status &>/dev/null && rc-service net.${xIFACE} stop
}

actually, ignore that ... I just tested and ${IFACE} can not be used in a function name.

best ... khay
Back to top
View user's profile Send private message
ppurka
Advocate
Advocate


Joined: 26 Dec 2004
Posts: 3256

PostPosted: Mon Apr 22, 2013 11:03 am    Post subject: Reply with quote

khayyam wrote:
khayyam wrote:
Code:
postup_${IFACE}() {
    xIFACE="enp1s0"
    /etc/init.d/net.${xIFACE} status &>/dev/null && rc-service net.${xIFACE} stop
}

actually, ignore that ... I just tested and ${IFACE} can not be used in a function name.

best ... khay
You can eval it. I just tested and it works. To test whether eval works create a file with this content and execute the file.
Code:
#!/bin/bash

eval "test_${1}() {
    echo \"this is inside the function\"
    until [[ -z \$1 ]]; do
        echo \"the arguments: \$1\"
        shift
    done
}"

test_${1} arg1 "arg2 with space"
Here is the output on my system
Code:
~/tmp/Downloadz» bash a.sh aha
this is inside the function
the arguments: arg1
the arguments: arg2 with space

_________________
emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Apr 22, 2013 12:11 pm    Post subject: Reply with quote

Quote:
You can eval it. I just tested and it works. To test whether eval works create a file with this content and execute the file.

ppurka ... that will work with bash, but its not POSIX.

Code:
% ls -l /bin/sh
lrwxrwxrwx 1 root root 4 2013-04-08 17:15 /bin/sh -> dash
% /bin/sh ./test.sh a.sh aha
./test.sh: 1: eval: Syntax error: Bad function name
% /bin/busybox sh ./test.sh a.sh aha
./test.sh: eval: line 1: syntax error: bad function name
% /bin/bash --posix ./test.sh a.sh aha
./test.sh: line 15: `test_a.sh': not a valid identifier

As /bin/sh is linked to bash, bash will be evoked in posix mode for openrc, which is why openrc's initscripts are supposed to be POSIX (though some, unfortunately, are not ... and bash will quite often mask that fact).

best ... khay
Back to top
View user's profile Send private message
ppurka
Advocate
Advocate


Joined: 26 Dec 2004
Posts: 3256

PostPosted: Mon Apr 22, 2013 12:17 pm    Post subject: Reply with quote

I see. Thanks for the clarification. :oops:
_________________
emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Apr 22, 2013 1:25 pm    Post subject: Reply with quote

ppurka wrote:
I see. Thanks for the clarification.

ppurka ... I don't think it really matters much because net.<interface>.<runlevel> can be used and so its actually quite simple to use preup() and have ${IFACE} implicit, without the need to qualify.

Oh, and its not such an "oops", I often get the after thought "arrrgghh, what was I thinking!", I hope the above didn't come over as somekind of judgement. Anyhow, you're welcome ...

& best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page Previous  1, 2, 3  Next
Page 2 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum