User Tools

Site Tools


networkmanager

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
networkmanager [2021/06/09 21:48]
Andrew Zaborowski Warn about user-owned connections
networkmanager [2022/09/23 15:21] (current)
Andrew Zaborowski [Converting network profiles] Minor update
Line 74: Line 74:
  
 //​Warning://​ setting connection properties not supported by IWD will make the conversion fail.  For example the nm-connection-editor'​s //All users may connect to this network// option must be checked (in gnome-control-center/​gnome-shell it is named //Make available to other users//), connections can not be user-owned with IWD. //​Warning://​ setting connection properties not supported by IWD will make the conversion fail.  For example the nm-connection-editor'​s //All users may connect to this network// option must be checked (in gnome-control-center/​gnome-shell it is named //Make available to other users//), connections can not be user-owned with IWD.
 +
 +//​Warning://​ 802.1X (EAP) network configurations often reference certificate and user private key files (usually ''​.pem''​). ​ NM may be allowed to access the whole filesystem but IWD's [[https://​git.kernel.org/​pub/​scm/​network/​wireless/​iwd.git/​tree/​src/​iwd.service.in|default systemd unit file]] sets ''​ProtectHome=yes''​ which would cause connections to fail when trying to access certificate files in user home directories. ​ If you intend to use ''​iwd-config-path''​ (**note distro maintainers**) make sure that NM and IWD have the same level of filesystem access, in their systemd unit files or otherwise.
  
 ==== Converting network profiles ==== ==== Converting network profiles ====
  
-If you've been using the NM + wpa_supplicant combo and switched to IWD it's possible to bulk-convert your existing network profiles to [[networkconfigurationsettings|the IWD format]], so that you can keep using them with the IWD backend. ​ Especially useful for EAP (802.1X) networks. ​ You will need to have the ''​iwd-config-path''​ mechanism enabled (see previous section). ​ Optimally these steps would be done automatically by distribution scripts such as Debian'​s ''​update-alternatives''​ but they require a few changes to the profile settings ​so the user needs to be conscious ​this is happening. ​ This is how to do it:+If you've been using the NM + wpa_supplicant combo and switched to IWD it's possible to bulk-convert your existing network profiles to [[networkconfigurationsettings|the IWD format]], so that you can keep using them with the IWD backend. ​ Especially useful for EAP (802.1X) networks. ​ You will need to have the ''​iwd-config-path''​ mechanism enabled, now on by default ​(see previous section). ​ Optimally these steps would be done automatically by distribution scripts such as Debian'​s ''​update-alternatives''​ but they require a few changes to the profile settings ​(it might be preferrable to notify ​the user this is happening).  This is how to do it:
  
   - Remove any ''​[connection].interface-name=''​ and ''​[connection].permissions=''​ settings from the profiles. ​ In some NM versions some of those keys were set by default on new profiles. ​ IWD profiles are global so any user can activate them on any interface, so NM's IWD backend will refuse to use profiles that have any permissions set on them.   - Remove any ''​[connection].interface-name=''​ and ''​[connection].permissions=''​ settings from the profiles. ​ In some NM versions some of those keys were set by default on new profiles. ​ IWD profiles are global so any user can activate them on any interface, so NM's IWD backend will refuse to use profiles that have any permissions set on them.
networkmanager.1623275330.txt.gz ยท Last modified: 2021/06/09 21:48 by Andrew Zaborowski