netctl
Summary |
---|
A guide to configuring the network using netctl and network profile scripts. |
Overview |
Parabola provides netctl for network configuration. netctl supports wired connections on desktops and servers, as well as wireless setups and roaming for mobile users, facilitating easy management of network profiles. NetworkManager and Wicd are popular third-party alternatives. |
Resources |
Bridge with netctl |
Netctl is a CLI-based tool used to configure and manage network connections via profiles. It is a native Arch Linux project that replaces the old netcfg utility.
Contents
1 Installation
The netctl package is available in the official repositories. Installing netctl will replace netcfg.
netctl and netcfg are conflicting packages. You will be potentially connectionless after installing netctl if your profiles are misconfigured.
2 Required reading
It is advisable to read the following man pages before using netctl:
3 Configuration
netctl uses profiles to manage network connections, profile files are stored in /etc/netctl/. Example configuration files are provided for the user to assist them in configuring their network connection. These example profiles are located in /etc/netctl/examples/. The common configurations include:
- ethernet-dhcp
- ethernet-static
- wireless-wpa
- wireless-wpa-static
For wireless settings, you can use wifi-menu -o to generate the profile file in /etc/netctl/.
To use an example profile, simply copy one of them from /etc/netctl/examples/ to /etc/netctl/ and configure it to your needs:
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/profile
Once you have created your profile, make an attempt to establish a connection using the newly created profile by running:
# netctl start profile
If issuing the above command results in a failure, then use journalctl -xn and netctl status profile in order to obtain a more in depth explanation of the failure. Make the needed corrections to the failed configuration and retest.
3.1 Automatic operation
If you use only one profile (per interface) or want to switch profiles manually, the basic method will do. Most common examples are servers, workstations, routers etc.
If you need to switch multiple profiles frequently, use Automatic switching of profiles. Most common examples are laptops.
3.1.1 Basic method
With this method, you can statically start only one profile per interface. First manually check that the profile can be started successfully, then it can be enabled using
# netctl enable profile
This will create and enable a systemd service that will start when the computer boots.
3.1.2 Automatic switching of profiles
netctl provides two special systemd services for automatic switching of profiles: netctl-auto@interface.service for wireless interfaces, and netctl-ifplugd@interface.service for wired interfaces. Using netctl-auto@interface.service, netctl profiles change as you move from range of one network into range of other network. Using netctl-ifplugd@interface.service, netctl profiles change as you plug the cable in and out.
First install required packages:
- Package wpa_actiond is required to use netctl-auto@interface.service.
- Package ifplugd is required to use netctl-ifplugd@interface.service.
Now configure all profiles that netctl-auto@interface.service or netctl-ifplugd@interface.service can start. If you want some profile not to be started automatically by these services, you have to explicitly add ExcludeAuto=yes to that profile. You can use Priority= to set priority of some profile when multiple profiles are available. See netctl.profile(5) for details.
Once your profiles are set and verified to be working, simply enable these services using systemctl:
# systemctl enable netctl-auto@interface.service # systemctl enable netctl-ifplugd@interface.service
# netctl disable profileto prevent the profile from starting twice at boot.
3.2 Migrating from netcfg
netctl uses /etc/netctl to store its profiles, not /etc/network.d (netcfg's profile storage location).
In order to migrate from netcfg, at least the following is needed:
- Disable the netcfg service: systemctl disable netcfg.service.
- Uninstall netcfg and install netctl.
- Move network profile files to the new directory.
- Rename variables therein according to netctl.profile(5) (Most variable names have only UpperCamelCase i.e CONNECTION becomes Connection).
- For static IP configuration make sure the Address variables have a netmask after the IP (e.g. Address=('192.168.1.23/24' '192.168.1.87/24') in the example profile).
- If you setup a wireless profile according in the wireless-wpa-configsection example, note that this overrides wpa_supplicant options defined above the brackets. For a connection to a hidden wireless network, add scan_ssid=1 to the options in the wireless-wpa-configsection; Hidden=yes does not work there.
- Unquote interface variables and other variables that don't strictly need quoting (this is mainly a style thing).
- Run netctl enable profile for every profile in the old NETWORKS array. last doesn't work this way, see netctl.special(7).
- Use netctl list and/or netctl start profile instead of netcfg-menu. wifi-menu remains available.
- Unlike netcfg, by default netctl fails to bring up a NIC when it is not connected to another powered up NIC. To solve this problem, add SkipNoCarrier=yes at the end of your /etc/netctl/profile.
3.3 Passphrase obfuscation (256-bit PSK)
Users not wishing to have the passphrase to their wireless network stored in plain text have the option of storing the corresponding 256-bit pre-shared key (PSK) instead, which is calculated from the passphrase and the SSID using standard algorithms.
- Method 1: Use wifi-menu -o to generate a config file in /etc/netctl
- Method 2: Manual settings as follows. If the passphrase fails, try removing the \" in Key= (see note below)
For both methods it is suggested to chmod 600 /etc/netctl/<config_file> to prevent user access to the password.
Calculate your 256-bit PSK using wpa_passphrase:
$ wpa_passphrase parabola freenode
network={ ssid="parabola" #psk="freenode" psk=64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a }
In a second terminal window, copy the example file wireless-wpa from /etc/netctl/examples to /etc/netctl:
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa
You will then need to edit /etc/netctl/wireless-wpa using your favorite text editor and add the pre-shared key, that was generated earlier using wpa_passphrase, to the Key variable of this profile.
Once completed your network profile wireless-wpa containing a 256-bit PSK should resemble:
/etc/netctl/wireless-wpa
Description='A simple WPA encrypted wireless connection using 256-bit PSK' Interface=wlp2s2 Connection=wireless Security=wpa IP=dhcp ESSID=parabola Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
4 Support
Official announcement thread: https://bbs.archlinux.org/viewtopic.php?id=157670
5 Tips and tricks
5.1 Replace 'netcfg current'
As of April 2013 there is no netctl alternative to netcfg current. If you relied on it for something, like a status bar for a tiling window manager, you can now use:
# netctl list | awk '/*/ {print $2}'
or, when netctl-auto was used to connect:
# wpa_cli -i interface status | sed -n 's/^id_str=//p'
5.2 Eduroam
Some universities use a system called "Eduroam" to manage their wireless networks. For this system, a WPA config-section profile with the following format is often useful:
/etc/netctl/wlan0-eduroam
Description='Eduroam-profile for <user>' Interface=wlan0 Connection=wireless Security=wpa-configsection IP=dhcp WPAConfigSection=( 'ssid="eduroam"' 'proto=RSN' 'key_mgmt=WPA-EAP' 'pairwise=CCMP' 'auth_alg=OPEN' 'eap=PEAP' 'identity="<user>"' 'password="<password>"' )