You are not logged in.
Well, on the bright side your hardware is all right and wpa_supplicant gets the job done.
The network may be ISPs fault, mine for example haves quite a little bit of trouble reaching this forum, but certain others do not...
I guess networking these days is a little bit of a fortune cookie...
Offline
The network may be ISPs fault
What are you referring to? There is no problem to assign blame for. I was comparing performance between IWD and wpa_supplicant/dhcpcd and initially thought there was a substantial difference; but there isn't.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
GaKu999 wrote:The network may be ISPs fault
What are you referring to?
A little bit of slowdown over there, some lag over here, that is what I was talking about.
That may reflect in the wrong assumption that foo is faster than bar, if not tested properly.
Anyways, that was a little bit of off topic...
Probably this whole ‘who is faster?’ started because of that assumption.
Last edited by GaKu999 (2020-08-01 19:04:35)
Offline
Hello. I've been struggling to get iwd to connect to eduroam for several days now. I've scoured the internet, including these forums and a lot of reddit posts. It seems I should only need a simple configuration, however, I cannot for the life of me get it working. I am running version 1.8
I am provided with the following information from my university
*link to certificate*
EAP Method: EAP
Phase 2 Authentication: MSCHAPv2
Identity: myusername
Password: mypassword
I have the following configuration file for wpa_supplicant, which works perfectly. (Note that MSCHAPv2 is the default in this scenario, hence not being explicitly defined here.)
network={
ssid="eduroam"
key_mgmt=WPA-EAP
eap=PEAP
identity="myusername"
password="mypassword"
ca_cert="/path/to/cert.pem"
}
As of this moment, my iteration of eduroam.8021x looks like this.
[Security]
EAP-Method=PEAP
EAP-PEAP-CACert=/path/to/cert.pem
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=myusername
EAP-PEAP-Phase2-Password=mypassword
"common tricks" such as trying varieties of EAP-TTLS instead of EAP-PEAP does not work for me, and neither does moving the certificate to another directory on the filesystem (I am aware of the ProtectHome setting). I've tried removing the CACert altogether, as well as trying to add the domainmask. It feels to me like I've tried almost all possible (realistic) variations of this configuration, when in theory it should boil down to 3-6 basic options...
System DNS and everything else works with wpa_supplicant and all other networks with iwd as well, which leads me to believe that this is a problem with my configuration or iwd when using the EAP-(PEAP/TTLS) options.
Nothing seems to get me further than this
wlan0: authenticate with xx:xx:xx:xx:xx:xx
wlan0: send auth to xx:xx:xx:xx:xx:xx (try 1/3)
wlan0: authenticated
wlan0: associate with xx:xx:xx:xx:xx:xx (try 1/3)
wlan0: RX AssocResp from xx:xx:xx:xx:xx:xx (capab=0x1111 status=0 aid=3)
wlan0: associated
wlan0: deauthenticating from xx:xx:xx:xx:xx:xx by local choice (Reason: 15=4WAY_HANDSHAKE_TIMEOUT)
Setting the TLS debug flag just results in spamming of
4-Way handshake failed for ifindex: 8, reason: 15
I would really appreciate any insight on this matter.
Last edited by getmeonline (2020-08-20 23:09:07)
Offline
Is it just me, or iwd is much faster than wpa_supplicant? Pacman shows higher numbers when synchronizing packages. Basically went from <1 MiB/s to a few MiB/s.
My configs, basically the simplest ones from wiki:
$ cat /etc/systemd/network/25-wireless.network
[Match]
Name=wl*
[Network]
DHCP=yes
[DHCP]
RouteMetric=20
$ cat /etc/systemd/resolved.conf
[Resolve]
DNS= 1.1.1.1#one.one.one.one
FallbackDNS=1.0.0.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888
Domains=~.
DNSSEC=true
DNSOverTLS=yes
$ cat /etc/wpa_supplicant/wpa_supplicant-wlp0s20f3.conf
ctrl_interface=/var/run/wpa_supplicant
update_config=1
network={
ssid="SSID"
psk="passphrase"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP
auth_alg=OPEN
}
For iwd, I just used iwctl.
@getmeonline I'm also interested how to connect to eduroam with iwd. My working wpa_supplicant config for eduroam is similar. I didn't understand what I was doing, just copied stuff from the forums. The only difference is I also have:
proto=RSN
pairwise=CCMP
auth_alg=OPEN
Offline
Is it just me, or iwd is much faster than wpa_supplicant?
It's not just you - look through this thread, there is a lot of discussion about that. I had several posts where I was quite excited about it. Unfortunately, in my case it seemed to be a fluke (perhaps mixed with hopeful confirmation bias). It was a very odd coincidence that I had measurably faster speeds with IWD over several repeated tests ... but in the end it was just a coincidence (for me).
What did remain consisten (again at least for me) is IWD connects/reconnects much faster than wpa_supplicant, but upon more critical testing I couldn't document any actual download/upload speed diffference. This should be intuitively obvious as well: except in some quite worst-case scenarios, the wireless link between your machine and your router shouldn't be the bandwidth limiting step in the route to download pacman packages.
In other words, even if IWD did make the wilress lan faster, it can't have any impact in the links from your router to modem to ISP, to various intermediary servers, to the arch mirror you use.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
Hmm, too bad I don't have the expertise to diagnose why pacman downloads are much faster when I switched to iwd. Basically I installed Arch on another laptop (Intel 82579LM), and tried iwd. I thought the speed increase was because I had not set up Cloudflare's DNS and DNS over TLS. But no, it still has the speed increase even after I messed with resolved.conf. And my other laptop (Intel Cannon Point-LP CNVi) still had slow pacman download speed when using wpa_supplicant. So I switched my other laptop to iwd and got faster speed to.
Could be just a coincidence. Could be some weird configs on my laptop and network. fast.com certainly give similar numbers for both iwd and wpa_supplicant.
Offline
Different mirrors?
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
The other laptop got faster speed without changing the mirrors. I have been feeling the download speed of <1 MiB/s was kinda weird, so I did a few rankmirrors in the last few months before I found iwd. But they didn't solve the problem.
I did try switching back to wpa_supplicant again just now. And it downloads much faster. Well, I guess it could be just some weird coincidence. I'll keep with iwd for now. Just in case. Unless logging in to eduroam proves impossible.
Offline
Ah ... I was asking if you were using different mirrors between the two machines. Whether or not you've "changed" them doesn't impact that as there is no default to change from: the two may not have started with the same mirrors. Actually check what the mirrors are - is the first one the same on both machines?
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
No, they are not the same.
But just to summarize:
Laptop 1. Arch installed around January iirc. Always have slow pacman download speed of <1 MiB/s despite multiple rankmirrors to find faster mirror. There was some work done by the ISP, so I thought it has to do with it. Tried iwd because Laptop 2 got better speed for some reason. Laptop 1 also got better pacman download speed. Switched back to wpa_supplicant just to find some proof, but it's still fast.
Laptop2. Just installed Arch. Out of curiosity, tried iwd. Got much faster download speed.
Last edited by E3LDDfrK (2020-08-21 16:41:53)
Offline
Then set them to use the same mirrors - otherwise you're just comparing apples to oranges. As for just on laptop 1, speeds will fluctuate regardless of the tool you use which is why one would need to do repeated (and unbiased) tests to see if there was a real difference between iwd and wpa_supplicant. I did many tests, and early on there certainly did seem to be a pattern of iwd being faster, but by the time I got to a more respectable sample size, I could see no effect of the tool at all. Coincidences happen - and they can be alluring, particularly when there have been previous suspicions of this effect - but until there is actual repeatable data, it's just suspicion and coincidence.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
I misunderstood. Laptop 1 had the same mirrorlist when switching from wpa_supplicant to iwd and getting the speed boost. But when I switched back to wpa_supplicant, the speed boost persisted. Anyways, I don't have reliable data. I'll report again, when I notice something similar.
Offline
I wanted to test the new shiny wireless backend so I gave iwd a go. I started with the hardest of networks to connect to: eduroam. After loosing a considerable amount of time, I found out that my eduroam network does not accept TLSv1.2, which was translated as a 4-way handshake failure with reason 23 "IEEE8021X_FAILED". Sadly, AFAICT iwd does not allow one to disable TLSv1.2 as wpa_supplicant does with:
phase1="peaplabel=auto tls_disable_tlsv1_2=1"
(in the network configuration block)
So right now, iwd is a bit immature. It is very nice otherwise, with a great interface via iwctl and clearer config files.
It's a monologue intended as a comment on iwd's maturity but also just in case anyone also encounters this error.
Offline
Matbac, iwd might never support older SSL/TLS versions. Those are not considered secure anymore. only TLSv1.2 and newer are recommended.
Last edited by progandy (2020-09-02 18:40:41)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
My experience with iwd was short and simple: wpa_supplicant can handle hotplugging of USB WiFi dongles, iwd can't. It's a "eprom reset timeout" issue, iwd gets into a race with something else - issue acknowledged by iwd dev in some iwd video presentation but not fixed.
So I'm staying with wpa_supplicant . It is a little slower at establishing connections but who cares.
Offline
Matbac, iwd might never support older SSL/TLS versions. Those are not considered secure anymore. only TLSv1.2 and newer are recommended.
I understand completely, sadly the real world still uses older TLS versions. However I don't think iwd itself supports TLS stuff, but rather uses a library for this, so allowing to specify the version as a configuration option should not be much work. Nonetheless I understand that accepting this would open the door to every "backward compatibility" options one could imagine, and that is a lot of work.
Offline
Hello. I've been struggling to get iwd to connect to eduroam for several days now. I've scoured the internet, including these forums and a lot of reddit posts. It seems I should only need a simple configuration, however, I cannot for the life of me get it working. I am running version 1.8
As of this moment, my iteration of eduroam.8021x looks like this.
[Security]
EAP-Method=PEAP
EAP-PEAP-CACert=/path/to/cert.pem
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=myusername
EAP-PEAP-Phase2-Password=mypassword
I was struggling with the same problem for the past few days. eduroam at my uni uses the same settings. Surpsiringly, I can connect to eduroam with the ARCH ISO from August 1 (Kernel 5.7.11, systemd 245.7-1), but connecting to eduroam with ARCH ISO from September 1 using iwd was not possible. I started suspecting a problem with either the newer kernel or systemd.
After a lot of back and fourth and trying out differnt things, I decided to install the kernel 5.8.6 today. Looks like the problem is fixed for now.
Offline
Does iwd get along with gnome-keyring when used as backend for NetworkManager? Unchecking "Make available to other users" has no effect on iwd's defaults. Commenting the cleartext passphrase entry in /var/lib/iwd/example.pk causes NetworkManager to forget. The keyring is unlocked automatically on login.
iwd prefers 2.5Ghz, even when 5Ghz is preferred (BandModifier5Ghz= >1.0). Have increased it considerably with the access point being about a foot away. Both iwd and NetworkManager services are enabled on startup. iwd will connect to 5Ghz only if it's the only band broadcast.
Offline
ipv6 is not working for me with the new iwd 1.10
i have no idea what i'm doing wrong
Offline
I have to say I've had the exact opposite experience: iwd seems overall much slower.
1. my desktop pc at home, connected to a wifi router, loses connection at random for a few seconds, then reconnects (did not happen with wpa_supplicant)
2. my laptop at work, connected to my smartphone as a hotspot, because I often walk away from the computer and so it goes out of range and disconnects, takes several minutes to reconnect once I'm back at my desk, and I have to manually use iwctl to reconnect. Again, reconnection took an instant with wpa_supplicant.
Is it just me?
Offline
I'm afraid so, yes. I run seven devices, they work without problems. My combination is systemd-networkd (with bonding of ethernet and wireless), systemd-resolved, iwd. Runs smoothly.
Frumpus ♥ addict
[mu'.krum.pus], [frum.pus]
Offline
Is there any way to encrypt the passphrases in the profiles stored by IWD in /var/lib/iwd, whether it be manually-created, or automatically-generated by iwd? These profiles have the passwords in plaintext, which can potentially be accessed by a malicious actor, and it's admittedly a little concerning.
Last edited by SRSR333 (2021-04-10 14:30:20)
Offline
SRSR333, the profiles should be (or could be made) only readable by the root user. If someone has root access to your machine, you've got bigger issues than losing wifi passphrases.
Last edited by Trilby (2021-04-10 15:39:38)
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
hi everyone.
you have done a well work with iwd. it is fast and easy to use.
i have an question about the ap feature in iwctl. how should i name the file in /var/lib/iwd/ap that it appears in
[iwd]# ap wlan0 start-profile ?
thank you
Offline