iwd
iwd (iNet Wireless Daemon) is an up-and-coming wireless daemon for Linux. It is written by Intel and aims to replace wpa_supplicant.
Potential benefits of iwd include:
- simplification of network management
- faster network discovery
- fast and reliable roaming
- using less system resources
- using features offered by the linux kernel
- support for enterprise security methods like EAP
- support for kernel asymetric key rings and trusted platform modules (TPM)
- support for multiple clients
Contents
Installation
Start with the instructions for Wifi, including the required device drivers and IEEE802.11 support. Specifics for iwd are described below.
Kernel
Iwd requires the Linux kernel to have quite some options to be enabled. For systems running on a AMD64 architecture, or CPUs that support SSSE3 or X86_AES instructions some hardware acceleration can be achieved. Cpuid2cpuflags can be used to check for support.
Security options --->
[*] Enable access key retention support
[*] Diffie-Hellman operations on retained keys
Networking support --->
[*] Wireless --->
<M> cfg80211 - wireless configuration API
Cryptographic API --->
*** Public-key cryptography ***
[*] RSA algorithm
[*] Diffie-Hellman algorithm
*** Block modes ***
[*] ECB support
*** Hash modes ***
[*] HMAC support
*** Digest ***
[*] MD4 digest algorithm
[*] MD5 digest algorithm
[*] SHA1 digest algorithm
[*] SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI) // AMD64 and SSSE3
[*] SHA224 and SHA256 digest algorithm
[*] SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI) // AMD64 and SSSE3
[*] SHA384 and SHA512 digest algorithms
[*] SHA512 digest algorithm (SSSE3/AVX/AVX2) // AMD64 and SSSE3
*** Ciphers **
[*] AES cipher algorithms
[*] AES cipher algorithms (x86_64) // AMD64
[*] AES cipher algorithms (AES-NI) // X86_AES
[*] ARC4 cipher algorithm
[*] DES and Triple DES EDE cipher algorithms
[*] Triple DES EDE cipher algorithm (x86-64) // AMD64
*** Random Number Generation ***
[*] User-space interface for hash algorithms
[*] User-space interface for symmetric key cipher algorithms
[*] Asymmetric (public-key cryptographic) key type --->
[*] Asymmetric public-key crypto algorithm subtype
[*] X.509 certificate parser
[*] PKCS#7 message parser
[*] PKCS#8 private key parser // linux kernel 4.20 or higher
USE flags
Some packages are aware of the iwd USE flag.
USE flags for net-wireless/iwd Wireless daemon for linux
client
|
Enable iwctl client tool |
crda
|
Use net-wireless/crda for regulatory domain loading instead of in-kernel (4.15+) support |
monitor
|
Enable iwmon monitor tool |
ofono
|
Enable support for oFono SIM authentication |
standalone
|
Enable standalone mode with built-in DHCP client and DNS handling" |
systemd
|
Use systemd-resolve rather than resolvconf for DNS handling in standalone mode |
wired
|
Enable ethernet authentication daemon |
Emerge
Install the net-wireless/iwd package:
root #emerge --ask net-wireless/iwdNetwork management
Gentoo is all about choice, so there should be various methods available for network management. But iwd is new, and not all the methods support iwd fully.
Be sure to heed the warning in the network management article about mixing and matching the different methods for network management.
netifrc
netifrc is Gentoo's default method of managing networks, but unfortunately it does not support iwd as backend yet, see bug #690808. Make sure that any symbolic links to /etc/init.d/net.lo for the wireless interfaces are removed:
root #rm -i /etc/init.d/net.wl*Select another, working, method for network management.
iwd native
As of version 0.19 iwd contains a DHCP client and can manage routes and DNS resolving. See here how to configure it.
Start iwd and add it to the default run level:
root #rc-update add iwd default
root #rc-service iwd start
Use iwctl to make connections.
dhcpcd
Add both the dhcpcd and then iwd service to the default runlevel and start them up:
root #rc-update add dhcpcd default
root #rc-service dhcpcd start
root #rc-update add iwd default
root #rc-service iwd start
Use iwctl to make connections.
NetworkManager
NetworkManager supports iwd. Make sure to set the iwd USE flag:
root #echo "net-misc/networkmanager iwd" >> /etc/portage/package.use/zz-autounmaskroot #emerge --ask --newuse net-misc/networkmanagergnome-extra/nm-applet or other NetworkManager frontends can be used as per normal to make connections.
ConnMan
ConnMan supports iwd somewhat. Make sure to set the iwd USE flag en (re-)emerge:
root #echo "net-misc/connman iwd" >> /etc/portage/package.use/zz-autounmaskroot #emerge --ask --newuse net-misc/connmanConnMan still relies on wpa_supplicant for scanning, but connecting via iwd is possible.
Connecting to an access point with iwctl
iwctl is iwd's tool to control iwd. It supports both a command line interface and an interactive mode. A complete command line would be iwctl station list to see what adapters you might be able to use:
user $iwctl station listDevices in Station Mode -------------------------------------------------------------------------------- Name State Scanning -------------------------------------------------------------------------------- wlan0 disconnected
An interactive session of iwctl commands can be used to connect to a WiFi network access point. First check the status of the WiFi network interface, set it in scanning mode if needed, and then obtain the list of WiFi access points. Finally connect to the access point.
user $iwctl# station wlan0 show
Station: wlan0
--------------------------------------------------------------------------------
Settable Property Value
--------------------------------------------------------------------------------
Scanning no
State disconnected
# station wlan0 scan
# station wlan0 get-networks
Available networks
--------------------------------------------------------------------------------
Network name Security Signal
--------------------------------------------------------------------------------
FRITZ!Box 7362 SL psk ***
WLAN-105127 psk *
# station wlan0 connect "FRITZ!Box 7362 SL"
Type the network passphrase for FRITZ!Box 7362 SL psk.
Passphrase:
That last step would autogenerate the /var/lib/iwd/station.psk file.
Note that it is not possible to assign a priority to a network, instead iwd will prioritize networks based on:
- signal strength level
- security features
- maximum rate
- channel utilization
- time since the last connect.
Configuration files
Daemon configuration
iwd keeps its main configuration file in /etc/iwd/main.conf.
iwd native network management
Native network management can be activated as follows:
/etc/iwd/main.conf[General] EnableNetworkConfiguration=true [Network] RoutePriorityOffset=200 NameResolvingService=resolvconf
Where:
- EnableNetworkConfiguration is required to activate the native network management
- RoutePriorityOffset is optional and sets the route metric
- NameResolvingService is optional and can be used to configure a DNS manager like 'resolvconf' from net-dns/openresolv or 'systemd'.
iwd has updated the configuration file syntax. Previous settings like enable_network_configuration are now obsolete and replaced by EnableNetworkConfiguration.
Disable periodic scan
To prevent iwd from continuous scanning while not connected:
/etc/iwd/main.conf[Scan] DisablePeriodicScan=true
Configuration per connection
iwd keeps its configuration file per connection in /var/lib/iwd/.
This directory contains files with names like <station>.<networktype>, where:
- station is the name (SSID) of the network
- networktype can be
- psk for pre-shared key, like WPA-PSK or WPA2-PSK
- 8021x for WPA-Enterprise, like EAP-PWD or EAP-PEAP.
Security
For WPA authentication the contents of the file looks like this:
/var/lib/iwd/station.psk[Security] PreSharedKey=924179acd138039828674bb2339a4a2c95cce4a41deb934d99c00380d0be8490 Passphrase=<human readable password>
Passphrase in case of WPA2-PSK needs to be the same as is set in the router and is known from wpa_supplicant's psk= entries. The PreSharedKey is the same as one that could have been calculated with wpa_passphrase, from package net-wireless/wpa_supplicant. iwd does not provide a passphrase calculator yet.
Static network configuration
iwd defaults to DHCP, either natively or using an external DHCP-client. For static IPV4 configuration add something like this to /var/lib/iwd/station.pwk:
/var/lib/iwd/station.psk[IPv4] ip=192.168.1.100 netmask=255.255.255.0 gateway=192.168.1.1 broadcast=192.168.1.255 dns=192.168.1.1
Interface management
Starting with version 0.18 iwd is actively managing network interfaces [1]. On startup it may destroy an existing network interface and create a new one. The newly created interface will be configured optimally for iwd's use. Note that currently interface renaming is not supported. This means that an interface that was detected by udev, and renamed to say 'wlp2s0' will be destroyed and a new one named for example 'wlan0' might be created. When iwd terminates it destroys the wireless interface it created.
It is possible to suppress this behaviour by passing commandline options -p (+the the name of the phy) and -i (+ the name of the interface) to the iwd daemon.
See also
- Wifi — describes the setup of a WiFi (wireless) network device.
- Wpa_supplicant — a wifi supplicant to handle network authentication.
External resources
- Iwd: simplifying WiFi management
- Arch linux iwd wiki
- iwd without dbus - This is a complete rewrite of the original eiwd with the new focus being to modify as little as possible from upstream.