8.2. Configuring the Network
The network is automatically configured during the initial installation. If Network Manager gets installed (which is generally the case for full desktop installations), then it might be that no configuration is actually required (for example, if you rely on DHCP on a wired connection and have no specific requirements). If a configuration is required (for example, for a WiFi interface), then it will create the appropriate file in /etc/NetworkManager/system-connections/
.
If Network Manager is not installed, then the installer will configure
ifupdown by creating the
/etc/network/interfaces
file. A line starting with
auto
gives a list of interfaces to be automatically configured on boot by the
networking
service. When there are many interfaces, it is good practice to keep the configuration in different files inside
/etc/network/interfaces.d/
as described in sidebar
BACK TO BASICS Directories ending in .d
.
In a server context, ifupdown is thus the network configuration tool that you usually get. That is why we will cover it in the next sections. For more information about the syntax of the configuration file please read interfaces(5).
Alternatives to the mentioned packages are netplan
and systemd-networkd
, which should be mentioned here. They are often used by cloud hosters and providers of virtual private servers. Please read their manual pages if you are planning on using them.
8.2.1. Ethernet Interface
If the computer has an Ethernet card, the IP network that is associated with it must be configured by choosing from one of two methods. The simplest method is dynamic configuration with DHCP, and it requires a DHCP server on the local network. It may indicate a desired hostname, corresponding to the hostname
setting in the example below. The DHCP server then sends configuration settings for the appropriate network.
Example 8.1. DHCP configuration
auto enp0s31f6
iface enp0s31f6 inet dhcp
hostname arrakis
A “static” configuration must indicate network settings in a fixed manner. This includes at least the IP address and subnet mask; network and broadcast addresses are also sometimes listed. A router connecting to the exterior will be specified as a gateway.
Example 8.2. Static configuration
auto enp0s31f6
iface enp0s31f6 inet static
address 192.168.0.3/24
broadcast 192.168.0.255
network 192.168.0.0
gateway 192.168.0.1
8.2.2. Wireless Interface
Getting wireless network cards to work can be a bit more challenging. First of all, they often require the installation of proprietary firmwares. Then wireless networks rely on cryptography to restrict access to authorized users only, this implies storing some secret key in the network configuration. Let's tackle those topics one by one.
8.2.2.1. Installing the required firmwares
First you have to enable the non-free-firmware repository in APT's sources.list file: see
Section 6.1, “Filling in the sources.list
File” for details about this file. Many firmware are proprietary and are thus located in this repository. You can try to skip this step if you want, but if the next step doesn't find the required firmware, retry after having enabled the non-free section.
Then you have to install the appropriate firmware-*
packages. If you don't know which package you need, you can install the isenkram package and run its isenkram-autoinstall-firmware
command. The packages are often named after the hardware manufacturer or the corresponding kernel module: firmware-iwlwifi for Intel wireless cards, firmware-atheros for Qualcomm Atheros, firmware-realtek for Realtek, etc. A reboot is then recommended because the kernel driver usually looks for the firmware files when it is first loaded and no longer afterwards.
8.2.2.2. Wireless specific entries in /etc/network/interfaces
ifupdown is able to manage wireless interfaces but it needs the help of the wpasupplicant package which provides the required integration between ifupdown and the wpa_supplicant
command used to configure the wireless interfaces (when using WPA/WPA2 encryption). The usual entry in /etc/network/interfaces
needs to be extended with two supplementary parameters to specify the name of the wireless network (aka its SSID) and the Pre-Shared Key (PSK).
Example 8.3. DHCP configuration for a wireless interface
auto wlp4s0
iface wlp4s0 inet dhcp
wpa-ssid Falcot
wpa-psk ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b
The wpa-psk
parameter can contain either the plain text passphrase or its hashed version generated with wpa_passphrase SSID passphrase
. If you use an unencrypted wireless connection, then you should put a wpa-key-mgmt NONE
and no wpa-psk
entry. For more information about the possible configuration options, have a look at /usr/share/doc/wpasupplicant/README.Debian.gz
.
At this point, you should consider restricting the read permissions on /etc/network/interfaces
to the root user only since the file contains a private key that not all users should have access to.
8.2.3. Connecting with PPP through a PSTN Modem
A point to point (PPP) connection establishes an intermittent connection; this is the most common solution for connections made with a telephone modem (“PSTN modem”, since the connection goes over the public switched telephone network).
A connection by telephone modem requires an account with an access provider, including a telephone number, username, password, and, sometimes the authentication protocol to be used. Such a connection is configured using the pppconfig
tool in the Debian package of the same name. By default, it sets up a connection named provider
(as in Internet service provider). When in doubt about the authentication protocol, choose PAP: it is offered by the majority of Internet service providers.
After configuration, it is possible to connect using the pon
command (giving it the name of the connection as a parameter, when the default value of provider
is not appropriate). The link is disconnected with the poff
command. These two commands can be executed by the root user, or by any other user, provided they are in the dip
group.
8.2.4. Connecting through an ADSL Modem
The generic term “ADSL modem” covers a multitude of devices with very different functions. The modems that are simplest to use with Linux are those that have an Ethernet interface (and not only a USB interface). These tend to be popular; most ADSL Internet service providers lend (or lease) a “box” with Ethernet interfaces. Depending on the type of modem, the configuration required can vary widely.
8.2.4.1. Modems Supporting PPPOE
Some Ethernet modems work with the PPPOE protocol (Point to Point Protocol over Ethernet). The pppoeconf
tool (from the package with the same name) will configure the connection. To do so, it modifies the /etc/ppp/peers/dsl-provider
file with the settings provided and records the login information in the /etc/ppp/pap-secrets
and /etc/ppp/chap-secrets
files. It is recommended to accept all modifications that it proposes.
Once this configuration is complete, you can open the ADSL connection with the command, pon dsl-provider
and disconnect with poff dsl-provider
.
8.2.4.2. Modems Supporting PPTP
The PPTP (Point-to-Point Tunneling Protocol) protocol was created by Microsoft. Deployed at the beginning of ADSL, it was quickly replaced by PPPOE. If this protocol is forced on you, see
Section 10.3.4, “PPTP”.
8.2.4.3. Modems Supporting DHCP
When a modem is connected to the computer by an Ethernet cable (crossover cable) you typically configure a network connection by DHCP on the computer; the modem automatically acts as a gateway by default and takes care of routing (meaning that it manages the network traffic between the computer and the Internet).
Most “ADSL routers” on the market can be used like this, as do most of the ADSL modems provided by Internet services providers.
8.2.5. Automatic Network Configuration for Roaming Users
Many Falcot engineers have a laptop computer that, for professional purposes, they also use at home. The network configuration to use differs according to location. At home, it may be a wifi network (protected by a WPA key), while the workplace uses a wired network for greater security and more bandwidth.
To avoid having to manually connect or disconnect the corresponding network interfaces, administrators installed the network-manager package on these roaming machines. This software enables a user to easily switch from one network to another using a small icon displayed in the notification area of their graphical desktop. Clicking on this icon displays a list of available networks (both wired and wireless), so they can simply choose the network they wish to use. The program saves the configuration for the networks to which the user has already connected, and automatically switches to the best available network when the current connection drops.
In order to do this, the program is structured in two parts: a daemon running as root handles activation and configuration of network interfaces and a user interface controls this daemon. PolicyKit handles the required authorizations to control this program and Debian configured PolicyKit in such a way so that members of the netdev group can add or change Network Manager connections.
Network Manager knows how to handle various types of connections (DHCP, manual configuration, local network), but only if the configuration is set with the program itself. This is why it will systematically ignore all network interfaces in /etc/network/interfaces
and /etc/network/interfaces.d/
for which it is not suited. Since Network Manager doesn't give details when no network connections are shown, the easy way is to delete from /etc/network/interfaces
any configuration for all interfaces that must be managed by Network Manager. Alternatively, it can be configured to manage all devices listed in that file as well. This configuration is handled in the [ifupdown]
section of its configuration file.
Note that this program is installed by default when the “Desktop Environment” task is chosen during initial installation.