You are not logged in.

#276 2022-02-25 17:36:26

hoschi
Member
From: Ulm (Germany)
Registered: 2008-11-03
Posts: 457

Re: The IWD thread

Is it okay to use this thread?

According to IWD the wpa_supplicant daemon shouldn't run in parallel, which makes sense. So I've turned it off but it is still running:

● wpa_supplicant.service - WPA supplicant
     Loaded: loaded (/usr/lib/systemd/system/wpa_supplicant.service; disabled; vendor preset: disabled)
     Active: active (running) since Fri 2022-02-25 08:40:19 CET; 9h ago
   Main PID: 918 (wpa_supplicant)
      Tasks: 1 (limit: 18220)
     Memory: 3.3M
        CPU: 138ms
     CGroup: /system.slice/wpa_supplicant.service
             └─918 /usr/bin/wpa_supplicant -u

Feb 25 08:40:19 hoschi systemd[1]: Starting WPA supplicant...
Feb 25 08:40:19 hoschi systemd[1]: Started WPA supplicant.
Feb 25 08:40:19 hoschi wpa_supplicant[918]: Successfully initialized wpa_supplicant

The parent has PID 1, it is Systemd. And Systemd seem to launch it because:

Feb 25 08:40:19 hoschi systemd[1]: Started WPA supplicant.
Feb 25 08:40:19 hoschi audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=wpa_supplicant comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 25 08:40:19 hoschi wpa_supplicant[918]: Successfully initialized wpa_supplicant

IWD still works with exception of some weird reconnetions. But I think the authors of IWD are serious about not running wpa_supplicant in parallel. According to some findings on the web and here it is Geoclue causing the DBus-Activation. Am I right that the correct solution is neither `masking` wpa_supplicant nor using the special networkmanager-iwd from AUR. But requesting Geoclue to stop that and just activing NetworkManager or whatever?

I'm surprised that our Wiki doesn't mention this issue.
Thank you


// edit
I've created an upstream issue.

Last edited by hoschi (2022-02-25 18:04:25)

Offline

#277 2022-03-01 11:54:25

glitsj16
Member
Registered: 2015-04-26
Posts: 116

Re: The IWD thread

hoschi wrote:

Am I right that the correct solution is neither `masking` wpa_supplicant nor using the special networkmanager-iwd from AUR. But requesting Geoclue to stop that and just activing NetworkManager or whatever?

I've been using IWD with NetworkManager for quite a while and uninstalled wpa_supplicant. That completely avoids ever running wpa_supplicant in parallel with IWD. Due to iwd being an optdepends of networkmanager this all works out very well. In such a setup there's no need for masking or anything else. Have you considered removing wpa_supplicant yet?

Offline

#278 2022-05-01 22:23:42

Cvlc
Member
Registered: 2020-03-26
Posts: 273

Re: The IWD thread

Hi

I've been using IWD with NetworkManager for quite a while and uninstalled wpa_supplicant

How did you manage that ?

$ pacman -Qi iwd && sudo pacman -Rsn wpa_supplicant 

Name            : iwd
Version         : 1.27-1
Description     : Internet Wireless Daemon
Architecture    : x86_64
URL             : https://git.kernel.org/cgit/network/wireless/iwd.git/
Licenses        : LGPL
Groups          : None
Provides        : None
Depends On      : glibc  readline  libreadline.so=8-64  ell
Optional Deps   : None
Required By     : None
Optional For    : networkmanager
Conflicts With  : None
Replaces        : None
Installed Size  : 1918.02 KiB
Packager        : Andreas Radke <andyrtr@archlinux.org>
Build Date      : Thu Apr 21 20:47:13 2022
Install Date    : Sat Apr 23 18:01:09 2022
Install Reason  : Explicitly installed
Install Script  : Yes
Validated By    : Signature

checking dependencies...
error: failed to prepare transaction (could not satisfy dependencies)
:: removing wpa_supplicant breaks dependency 'wpa_supplicant' required by networkmanager

Offline

#279 2022-05-01 23:07:17

glitsj16
Member
Registered: 2015-04-26
Posts: 116

Re: The IWD thread

Cvlc wrote:

How did you manage that ?

When using iwd as the Wi-Fi backend for NM and only needing wpa_supplicant for calculation of the PreSharedKey one can safely use wpa-psk from the AUR as a wpa_supplicant drop-in. Download its snapshot, add

provides=('wpa_supplicant')
conflicts=('wpa_supplicant')

to the PKGBUILD and build/install via regular makepkg routine. After doing so you can uninstall wpa_supplicant.

Offline

#280 2022-05-02 00:32:46

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: The IWD thread

Except that package does not provide wpa_supplicant.  You could acheive the same by just forcing pacman to break dependencies (e.g., w/ -d flag(s)), and this would not require using a "package" for something that is essentially a single line of python code.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#281 2022-05-04 11:30:39

Cvlc
Member
Registered: 2020-03-26
Posts: 273

Re: The IWD thread

Thanks. Will the dependency on wpa_supplicant eventually be dropped to avoid such hacks ?

Offline

#282 2022-05-17 14:00:12

olly
Member
From: South West England
Registered: 2017-08-22
Posts: 38

Re: The IWD thread

Hi,
I'm having a problem with iwd and wonder if anyone has had similar.

If a stored profile has its AutoConnect value set to 'true', then iwd will try to connect it if it detects the SSID is broadcast. However, if the connection fails, iwd will repeatedly try to connect and fail over and over again, which ends up blocking the whole network system. Everything else in iwd fails.

Last edited by olly (2022-05-17 18:04:39)


Bullies are only weak people trying to compensate for their own inadequacy. If they can't compete intellectually, they bully.

Offline

#283 2022-05-21 10:23:04

hoschi
Member
From: Ulm (Germany)
Registered: 2008-11-03
Posts: 457

Re: The IWD thread

Thanks for your responses.

Cvlc wrote:

Thanks. Will the dependency on wpa_supplicant eventually be dropped to avoid such hacks ?

Same question from me. Simpler to use correctly? Possibly making both iwd and wpa_supplicant optdepends?

Offline

#284 2022-05-21 10:59:03

bjo
Member
Registered: 2011-09-10
Posts: 80

Re: The IWD thread

Please take a look at the discusssion here: https://bugs.archlinux.org/task/5972

Offline

#285 2022-06-07 08:24:20

mystiquewolf
Member
Registered: 2021-10-25
Posts: 17

Re: The IWD thread

hoschi wrote:

Thanks for your responses.

Cvlc wrote:

Thanks. Will the dependency on wpa_supplicant eventually be dropped to avoid such hacks ?

Same question from me. Simpler to use correctly? Possibly making both iwd and wpa_supplicant optdepends?

Why don’t make both wpa_supplicant and iwd to provide the same thing, for example wireless-daemon, and networkmanager requiring that wireless-daemon?

Last edited by mystiquewolf (2022-06-07 08:25:29)


Your device could make a difference. You can help: https://join.worldcommunitygrid.org

Offline

#286 2022-06-07 12:12:59

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: The IWD thread

They don't provide the same thing, unless that same thing is arbitrary-requirement-of-networkmanager.  wpa_supplicant never should have been a hard dependency for networkmanager.  NM can be used with no wireless at all - if someone has no wireless interfaces on their system but still wants to use NM, why should they install either wpa_supplicant or iwd?

NM depends on wpa_supplicant because of an arbitrary preference of either a NM dev or of the arch packager.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#287 2022-06-13 06:01:39

Mr Green
Forum Fellow
From: U.K.
Registered: 2003-12-21
Posts: 5,893
Website

Re: The IWD thread

Have started using iwd on my laptop and found it very easy to use (following wiki guide). From time to time I do plug in a wired connection to boost download speeds. I know that when running NetworkManager you have to disable things like dhcp as it handles this itself.

My thinking is to remove NetworkManager and applet and use iwd for wireless connections, but need a simple way to handle wired ones. Tempted to try the udev rule that comes with arch media or is there a better way to check connection type?


Mr Green

Offline

#288 2022-06-13 14:49:01

Moo-Crumpus
Member
From: Hessen / Germany
Registered: 2003-12-01
Posts: 1,487

Re: The IWD thread

depending on your environment. I only use systemd for wired network. systemd-networkd, systemd-resolved, iwd work pretty well together. You may even bond wired and wireless, if you want to.


Frumpus addict
[mu'.krum.pus], [frum.pus]

Offline

#289 2022-06-15 07:34:25

Mr Green
Forum Fellow
From: U.K.
Registered: 2003-12-21
Posts: 5,893
Website

Re: The IWD thread

I have used systemd-resolved as part of iwd configuration, was simply concerned about clash of services as mentioned on wiki page.

Thank you for your help ;-)


Mr Green

Offline

#290 2022-06-16 20:19:37

jprestwo
Member
Registered: 2022-01-06
Posts: 31

Re: The IWD thread

Trilby wrote:

They don't provide the same thing, unless that same thing is arbitrary-requirement-of-networkmanager.  wpa_supplicant never should have been a hard dependency for networkmanager.  NM can be used with no wireless at all - if someone has no wireless interfaces on their system but still wants to use NM, why should they install either wpa_supplicant or iwd?

NM depends on wpa_supplicant because of an arbitrary preference of either a NM dev or of the arch packager.

Actually AFAIK the only reason its a dependency is because of wired authentication. And wpa_supplicant is the only game in town, except IWD's own Ethernet Authentication Daemon (EAD) which isn't quite read for prime time yet in terms of NM support.

Offline

#291 2022-06-16 20:43:03

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: The IWD thread

jprestwo wrote:

Actually AFAIK the only reason its a dependency is because of wired authentication.

Fair point.  But not all NM users would require wired authentication - that's a pretty rare use case, and exactly the type of thing optional dependencies are for.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#292 2022-06-21 15:39:03

jprestwo
Member
Registered: 2022-01-06
Posts: 31

Re: The IWD thread

Trilby wrote:
jprestwo wrote:

Actually AFAIK the only reason its a dependency is because of wired authentication.

Fair point.  But not all NM users would require wired authentication - that's a pretty rare use case, and exactly the type of thing optional dependencies are for.

Oh you're preaching to the choir here. I agree, its a rare use case and really should be opt-in. Especially since it requires users to manually configure their credentials anyways.

Offline

#293 2022-12-07 10:18:44

Bv4b4g==
Member
Registered: 2022-12-07
Posts: 1

Re: The IWD thread

Hi everyone,
I have been running into issues with iwd 2.0 trying to connect to WPA-Enterprise EAP-PEAP MSCHAPV2 (eduroam/uni-wifi) and I hope someone is capable of helping me.

This is my current config uni-wifi.8021x:

[Security]
EAP-Method=PEAP
EAP-Identity=anonymous@uni.com
EAP-PEAP-CACert=/var/lib/iwd/chain.pem
EAP-PEAP-ServerDomainMask=*.uni.com
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=<id>@uni.com
EAP-PEAP-Phase2-Password=<password>

This is the output of sudo IWD_TLS_DEBUG=TRUE /usr/lib/iwd/iwd -d 2>&1 | tee iwd_debug_out :

Full Debug Log File: https://pastebin.com/pnY48JHc

The interesting lines (in my opinion) are the following:

...
src/eapol.c:eapol_handle_ptk_1_of_4() Authenticator sent a PMKID that didn't match
...
src/eap-tls-common.c:eap_tls_init_request_assembly() PEAP: Server has set the redundant TLS Message Length field for the un-fragmented packet.
...
PEAP: tls_finished:3044 Saving new session xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx to cache
PEAP: tls_reset_handshake:208 New state TLS_HANDSHAKE_WAIT_START
...
src/eapol.c:eapol_eap_results_cb() EAP key material received
...
EAP completed with eapSuccess
PEAP: tls_reset_handshake:208 New state TLS_HANDSHAKE_WAIT_START
...
EAP completed with eapSuccess
...
EAP completed with eapSuccess
...
...
...
Received Deauthentication event, reason: 15, from_ap: true
...


EAP completed with eapSuccess  only happens when the right identity, phase2-identity and phase2-password is set. If that is not the case you get EAP completed with eapFail

EAP Authentication repeats multiple times until i get the output Received Deauthentication event, reason: 15, from_ap: true which I interpret as having send to many request and therefore being rate limited

I have also tried to connect without wifi-certificates but I still get stuck in the EAP Auth loop.

I managed to get the wifi connection working with wpa_supplicant, but there are some weird bugs with wpa_supplicant that im trying to prevent by using iwd instead.

Any help is deeply appreciated.

Offline

#294 2023-10-21 08:33:55

Dieter@be
Forum Fellow
From: Belgium
Registered: 2006-11-05
Posts: 2,000
Website

Re: The IWD thread

For those here looking for a clean way to use iwd instead of wpa_supplicant with networkmanager.  See https://wiki.archlinux.org/title/Networ … Fi_backend
I followed the tip to create /etc/NetworkManager/conf.d/wifi_backend.conf as below, and it seems to work fine for me. wpa_supplicant (despite being installed as hard dependency) is no longer launched by networkmanager. it seems to properly use iwd.

[device]
wifi.backend=iwd

< Daenyth> and he works prolifically
4 8 15 16 23 42

Offline

#295 2023-11-05 10:24:30

ringo
Member
Registered: 2023-07-10
Posts: 1

Re: The IWD thread

hello guys,
i am running into issues trying to connect with eduroam on kde plasma and asahi linux (aarch64):

this is the error i am getting:
"failed to add/activate connection 802.1x connections must have IWD provisioning files".

even after manually creating the configuration file /var/lib/iwd/essid.8021x following this instruction: https://wiki.archlinux.org/title/Iwd#eduroam and adding the settings required by the uni: wpa/wpa2 enterprise, ttls + pap. my university doesn't require a certifcate but they don't supply info to be extracted on https://cat.eduroam.org/ unfortunately.

this is a copy the content of my config file:

[Security]
EAP-Method=TTLS
EAP-Identity=anonymous@udk-berlin.de
EAP-TTLS-CACert=
EAP-TTLS-ServerDomainMask=*.udk-berlin.de
EAP-TTLS-Phase2-Method=Tunneled-PAP
EAP-TTLS-Phase2-Identity=XXX@udk-berlin.de	
EAP-TTLS-Phase2-Password=XXX

[Settings]
AutoConnect=true

now, when i was looking for the file to copy it, apparently, it has been removed..! so i am a little clueless right now.

would be great if somebody could help me out on this one! thank you!

Offline

Board footer

Powered by FluxBB