Networking
Commands
Find interfaces
ip a(new variant)ifconfig(old variant)iw dev(wireless)
Scan for available wireless networks
iwlist scan
Bring interface up
ip link set <inteface> upifconfig <interface> upifup <inteface>
ifup needs to read from /etc/network/interfaces config file, whereas ip and ifconfig set the state of the interface directly.
So if ifup/ifdown doesn't work, your system is probably not configured to use the classic /etc/network/interfaces system (for example, because it uses systemd, which does everything differently).
Verify connection
ip aiw <interface> link
Network managers (management daemon software)
Modern network configuration in Debian desktops can manage the network connection via management daemon software such as:
- NetworkManager (NM) (
network-managerand associated packages) Network management framework (daemon and userspace tools).- nmcli it's a CLI tool for managing NetworkManager.
- nmtui it's a TUI tool for managing NetworkManager.
- NetworkManager will only handle interfaces NOT declared in
/etc/network/interfaces.
- Wicd (
wicdand associated packages). Wired and wireless network manager - ConnMan (
connmanand associated packages). Daemon for managing internet connections
Only one of the above services must be enabled at any given time in order to avoid conflicting with the others.
The above services may interface with two common network daemons:
- wpa supplicant (
wpasupplicantand associated packages) Older. Client support for WPA and WPA2 (IEEE 802.11i) - iwd: (
iwdand associated packages) Newer. Wireless daemon that can be controlled from the command line with the included iwctl client utility.
If fact, NetworkManager and ConnMan are dependent on wpa_supplicant to be running in order to get connected.
Note: Do not use these automatic network configuration tools for servers.
These modern network configuration tools need to be configured properly to avoid conflicting with the legacy ifupdown package and its configuration file /etc/network/interfaces. A non conflicting configuration of this file would be the following:
# The loopback network interfaceauto loiface lo inet loopback
More info at Debian Network Setup
How to restart the network
SysVinit
sudo service network-manager restartsudo service wicd restartsudo service connman restart
systemd
sudo systemctl restart NetworkManagersudo systemctl restart wicdsudo systemctl restart connman
nmcli
sudo nmcli networking off && sudo nmcli networking on
nmcli is a NetworkManager CLI client
ifup & ifdown (legacy)
sudo ifdown -a && sudo ifup -a
NetworkManager (nmcli)
Installation
sudo apt install network-manager
NetworkManager comes with a CLI called nmcli
Create a WiFi Connection
nmcli dnmcli r wifi onnmcli d wifi listnmcli d wifi connect <SSID> password <PASSWORD>
Swap connection
nmcli connection shownmcli connection up CONNECTION_NAME
Edit connection
nmcli connection shownmcli connection edit id CONNECTION_NAME> set connection.id NEW_CONNECTION_NAME> save> quit
Create a more estable WiFi connection
- Create a file called
myfileand add the following text:
802-11-wireless-security.psk:<PASSWORD>
- Run the command:
nmcli connection up <SSID> passwd-file myfile
Wicd
Installation and configuration
$ sudo apt install wicd
- Stop Network Manager if you have it running:
$ sudo service network-manager stopor$ sudo systemctl stop NetworkManager
- Then continue with configuration:
$ su -# gpasswd -a <yourusername> users# adduser <yourusername> netdev# /etc/init.d/dbus reload# exit$ sudo wicd-client
When running wicd-client, use the built in GUI to select a network and connect.
IMPORTANT: if no network is shown, edit /etc/wicd/manager-settings.conf and change the value of the line wireless_interface to your wireless interface. To find out your wireless interface, run ip a.
If you prefer a command line UI, you can install wicd-curses.
Once you make sure that your internet connection is rock solid, you must disable network-manager:
/* Disabling Network Manager */sudo systemctl disable NetworkManager.servicesudo systemctl disable NetworkManager-wait-online.servicesudo systemctl disable NetworkManager-dispatcher.service
If you cannot disable network-manager because you don't have systemd, you must purge network-manager:
sudo apt purge network-manager
ConnMan
Installation and configuration
$ sudo apt install connman$ connmanctlconnmanctl> enable wificonnmanctl> scan wificonnmanctl> servicesconnmanctl> agent onconnmanctl> connect wifi_<SSID>_managed_pskPassphrase? Type in passphraseconnmanctl> quit
Note: You can use TAB key to autocomplete the wifi access point when connecting
Once connection is established, you can change settings on /var/lib/connman/
You can also start the configuration using ConnMan GUI:
- Application Menu ➡️ Internet ➡️ Connman UI Setup
- Status tab ➡️ Technologies section ➡️ Click 'On' WiFi to enable WiFi
- Wireless tab ➡️ Select SSID ➡️ Connect button
Ethernet
Configure Ethernet
Edit /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf and add ethernet to the allowed devices. The file should look like:
[keyfile]unmanaged-devices=*,except:type:wifi,except:type:wwan,except:type:ethernet
Be aware that alternatively 10-globally-managed-devices.conf could be located at /etc/NetworkManager/conf.d/
Now issue:
sudo ip link set [interface] upsudo nmcli dev set [interface] managed yessudo systemctl restart NetworkManagernmcli dev status
The ethernet device should appear now as connected.
To connect to the ethernet, issue:
nmcli device connect [interface]
Note: In my case, [interface] is enp2s0
Once you have a WiFi and Ethernet connection enabled, NetworkManager will automatically asign the ethernet connection when a cable is plugged in.
Miscelanea
How to replace wpa_supplicant with iwd
iwd is the new replacement for wpa_supplicant. ConnMan works well in conjunction with iwd. You can easily test iwd in place of wpasupplicant by following the steps below:
sudo apt install iwdsudo systemctl stop wpa_supplicantsudo systemctl mask wpa_supplicantsudo systemctl enable --now iwd.servicesudo systemctl daemon-reloadsudo systemctl restart connman.service
IWD is not required to use ConnMan. It may be used with either ConnMan or Network Manager to replace the wpa_supplicant.
If you would like to return to using wpa_supplicant simply reverse the process:
sudo systemctl stop iwd.servicesudo systemctl mask iwd.servicesudo systemctl unmask wpa_supplicantsudo systemctl enable --now wpa_supplicantsudo systemctl daemon-reloadsudo systemctl start connman.service
Manual WiFi WPA/WPA2 network configuration (Legacy)
Edit /etc/network/interfaces file and add:
# my wifi deviceallow-hotplug wlp5s0auto wlp5s0iface wlp5s0 inet dhcpwpa-ssid <your SSID>wpa-psk <your password>
This is the configuration file that ifupdown package uses. Be sure to disable NetworkManager, wicd and connman services to avoid conflicts.
https://wiki.debian.org/WiFi/HowToUse#Command_Line
Network troubleshootings
On start up, interface wlp5s0 won't connect
- Check interface and network manager status
ip link show dev wlp5s0## response3: wlp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
Both are down:
- Interface:
<BROADCAST,MULTICAST> - Network manager:
state DOWN
- Check if interface scan networks
sudo iwlist wlp5s0 scan | grep <your SSID>## response...wlp5s0 Interface doesn't support scanning : Network is down
- The interface is down. To bring it up:
sudo ip link set wlp5s0 up
- Check interface status
ip link show dev wlp5s0## response3: wlp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000
Interface is up but network manager is down:
- Interface:
<NO-CARRIER,BROADCAST,MULTICAST,UP> - Network manager:
state DOWN
- Check if interface scan networks
sudo iwlist wlp5s0 scan | grep <your SSID>## response...ESSID:"<your SSID>"ESSID:"<your SSID>"
- Check config file of network manager
I'm using Wicd as network manager, so I'll check /etc/wicd/manager-settings.conf. I see the problem in this line:
wireless_interface = wlan0
My wireless interfaces is not wlan0, but wlp5s0. I edit the line and add the correct interface:
wireless_interface = wlp5s0
- Restart network manager
sudo systemctl restart wicd
- Check interface and network manager status
ip link show dev wlp5s0## response3: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
Both are up and running:
- Interface:
<BROADCAST,MULTICAST,UP,LOWER_UP> - Network manager:
state UP
- Check that the interface is active and connected to the internet
ip route list | grep default#responsedefault via 192.168.1.1 dev wlp5s0
We fixed the issue !!!
Explanation:
LOWER_UP is a physical layer link flag (the layer below the network layer, where IP is generally located). LOWER_UP indicates that the device is connected to the network.
LOWER_UP differs from UP, which additionally requires the network interface to be enabled.
Important files
/etc/network/interfaces/etc/wicd/manager-settings.conf
Old vs New
| Old command (deprecated) | New command |
|---|---|
| ifconfig -a | ip a |
| ifconfig enp6s0 down | ip link set enp6s0 down |
| ifconfig enp6s0 up | ip link set enp6s0 up |
| netstat | ss |
| route | ip r |
IP Address
| Class | Starts with | Subnet Mask | CIDR |
|---|---|---|---|
| Class A | 0-127 | 255.0.0.0 | /8 |
| Class B | 128-191 | 255.255.0.0 | /16 |
| Class C | 192-223 | 255.255.255.0 | /24 |
Bit-wise representation
IP addresses and network masks can be represented in four binary octects.
- 192.168.1.20 is equal to 11000000.10101000.0000001.00010100
- 255.255.255.0 is equal to 11111111.11111111.11111111.00000000
CIDR Notation
CIDR notation is another form of representing a Network Mask.
- Network mask 255.255.255.0 is equal to CIDR /24 because the first 24 bits are turn on: 11111111.11111111.11111111.00000000
- Network mask 255.255.255.128 is equal to CIDR /25 because the first 25 bits are turn on: 11111111.11111111.11111111.10000000
Subnet mask
Calculate the number of subnets and hosts we can create in a IP address
Example IP: 192.168.1.0/28
Class A (starts with 192), which means the first 3 octecs are dedicated to the network portion (255.255.255), and the network portion never changes.
Subnet mask:
The CIDR of 28 is equal 11111111.11111111.11111111.11110000 which gives us a subnet mask of 255.255.255.240
| Network Portion | Host portion |
|---|---|
| 11111111.1111111.1111111 | 11110000 |
- Subnets: from the Host portion, we calculate 2 to the power of the number of 1's. As there are four 1's, the calculation is 2x2x2x2=16
- Addresses: from the Host portion, we calculate 2 to the power of the number of 0's. As there are four 0's, the calculation is 2x2x2x2=16
This means that for the IP address 192.168.1.0/24 we can create 16 subnets, and each subnet has 16 IP addresses, but we have to substract 2 IP addresses on each subnet, because one IP address is used for the Network ID, and the other IP address is used for the Broadcast address, so we can use 14 hosts in each subnet.
Find out Network ID
Example IP: 192.168.40.45/16
A CIDR of /16 represents the first 16 bits on of a binary octect: 11111111.11111111.00000000.00000000. So the network mask is 255.255.0.0
- If the the correspondent octed of a network mask is 255, we use the full decimal number of that octect.
- If the the correspondent octed of a network mask is 0, we use a 0 instead of the full decimal number of that octect.
As a result, the network ID of 192.168.40.45/16 is 192.168.0.0
Example IP: 192.168.45.55/21
A CIDR of /21 represents the first 21 bits on of a binary octect: 11111111.11111111.11111000.00000000. So the network mask is 255.255.248.0
- If an octed of a network mask is not 255 or 0, we calculate this way:
The first two octects of the IP address remain the same because his correspondent network masks are 255
For the third octed, we compare the bit-wise representation between the IP address and the network mask:
- 45 : 00101100
- 248: 11111000
As octect 248 has the first 5 bits on, we are only going to take into account the first 5 bits of octect 45, which are 00101. This in decimal is 40.
So, the Network ID of 192.168.45.55/21 is 192.168.40.0