Chapter 5. Networking

Table of Contents

Introduction
A netfirc primer
Identifying adaptors
Wired connections
Dynamic addressing
Static addressing
Wireless connections
WPA-based authentication
RADIUS (certificate-based) authentication
Configuring for multiple access points
VPN connections
OpenVPN
StrongSwan
Virtual machine networking
Networking guests with each other only
Sharing a host network with guests
Advanced topics
Advanced: Using "predictable" network interface names
Advanced: Multiple interfaces
Advanced: Interface bondage
Advanced: 802.1X authentication
Advanced: Customising dynamic addressing

In this chapter, we will discuss how to configure your Adélie Linux system for networking. Wired, wireless, and VPN connections using both static and dynamic IP addressing will be covered. In addition, advanced topics including interface bondage and KVM configuration will also be discussed.

Introduction

The Adélie Linux system uses netifrc as its network configuration and management system. The netifrc system uses a declarative configuration syntax in a single file, /etc/conf.d/net, for ease of administration. All main system network configuration is declared in this file. Some additional configuration may be required for wireless or VPN connections; notably, wireless connections require WPA Supplicant to be configured using either wpa_gui (on computers that use X11), or in the /etc/wpa_supplicant/wpa_supplicant.conf file.

The default configuration for the Adélie Linux system uses the traditional Linux interface names (such as "eth0", "eth1", and "wlan0"). If you prefer the new "predictable" interface names (such as "enP2p36s15f0" or "wlp9s0"), refer to the section called “Advanced: Using "predictable" network interface names”.

A netfirc primer

The netifrc configuration file consists of INI-style configuration variables. For example, config_eth0="dhcp" sets the variable config_eth0 to the value dhcp. By default, all interfaces on the system that are enabled will attempt to retrieve a DHCP address. Retrieving a DHCP address requires the dhcpcd package to be installed.

To enable a network interface, you must create a symbolic link to /etc/init.d/net.lo in /etc/init.d named net.IFACE where IFACE is the name of the interface. For example, for the interface named eth0, you would run ln -s /etc/init.d/net.lo /etc/init.d/net.eth0. Next, you need to add the service to the default runlevel. As noted in the section called “Enabling and disabling services”, you would run rc-update add net.IFACE default to enable the net.IFACE service. You may then start the service, assuming the interface has been configured properly in /etc/conf.d/net.

To disable a network interface, you must first stop it, if it is running. Next, remove it from the default runlevel (rc-update del net.IFACE default). Finally, remove the symbolic link in /etc/init.d.

Identifying adaptors

Before we begin configuring the network, we will list the network adaptors available on your computer. This will ensure that the adaptor or adaptors were detected successfully by the kernel. To do this, ensure the iproute2 package is installed, and run the command ip link as root.

Wired connections

For the purposes of this handbook, a wired connection is a connection to a network that utilises Ethernet. While the Adélie Linux system supports ATM, CAN bus, IEEE 1394, and Token Ring networking, these connection types are exceedingly rare and out of the scope of this handbook.

Dynamic addressing

To explicitly configure an interface to use dynamic addressing via DHCP, set config_IFACE="dhcp", where IFACE is the interface you wish to use dynamic addressing. For more information on customising dynamic addressing, refer to the section called “Advanced: Customising dynamic addressing”.

Static addressing

Configuring DNS resolution

When you use static addressing, you additionally need to configure DNS resolution. To do this, you must add one or more nameservers (DNS resolution systems) in /etc/resolv.conf. (Note that there is no 'e' at the end of resolv.conf.) Adding more than one server will allow your system to have a fallback if one nameserver is down or not responding.

There are a few nameservers on the Internet that respect user privacy, including Quad9 and DNS.WATCH. In this example, we will configure our system to use Quad9 over IPv6, with Quad9 and DNS.WATCH over IPv4 as fallbacks:

Example 5.1. /etc/resolv.conf file using Quad9 and DNS.WATCH

nameserver 2620:fe::fe
nameserver 9.9.9.9
nameserver 84.200.69.80

Wireless connections

WPA-based authentication

[Warning] Not Yet Written

This section has not yet been written.

RADIUS (certificate-based) authentication

[Warning] Not Yet Written

This section has not yet been written.

Configuring for multiple access points

[Warning] Not Yet Written

This section has not yet been written.

VPN connections

OpenVPN

[Warning] Not Yet Written

This section has not yet been written.

StrongSwan

[Warning] Not Yet Written

This section has not yet been written.

Virtual machine networking

Networking guests with each other only

[Warning] Not Yet Written

This section has not yet been written.

Sharing a host network with guests

The Adélie Linux system can be configured to provide bridged networking to a QEMU virtual machine or KVM guest using TAP networking. You will need the iproute2 package installed.

First, we will need to add a bridge to netifrc. A bridge allows multiple network adaptors to combine multiple network segments into a single aggregate. For our purposes, we will be combining the physical network adaptor on the host with the virtual network adaptors on each guest. The bridge will have your physical network adaptor as its first member. This way, no network reconfiguration will be required when you start or stop virtual machines. You will need to move the configuration for your physical network adaptor to the bridge, so that all members of the bridge may share that connection. In the following example, the interface eth0 is the physical adaptor and the bridge is set to use a static IPv6 address, which will then be used by the physical adaptor as well.

Example 5.2. Configuring /etc/conf.d/net to use bridged networking

config_eth0="null"

bridge_br0="eth0"
config_br0="2001:db8::2/32"
routes_br0="default via 2001:db8::1"

Note that the physical adaptor must still be specified with a "null" configuration. This ensures that the link will still be activated and network traffic will still flow. If you are using DHCP, you may simply use config_br0="dhcp".

You will then need to replace your net.IFACE file with a net.br0 file in /etc/init.d. For example:

Example 5.3. Replacing a physical adaptor with bridged adaptor in OpenRC

computer ~ # rc-update del net.eth0
computer ~ # service net.eth0 stop
computer ~ # mv /etc/init.d/net.eth0 /etc/init.d/net.br0
computer ~ # rc-update add net.br0 default
computer ~ # service net.br0 start

[Warning] Warning

You will momentarily lose network connectivity after stopping net.IFACE. Do not perform these steps while connected to the machine over the network.

Now we need to create scripts for QEMU (or KVM) to use. The /etc/qemu-ifup script should be created as follows:

#!/bin/sh
ip tuntap add mode tap name $1
ip link set dev $1 master br0
ifconfig $1 up

The /etc/qemu-ifdown script should be created as follows:

#!/bin/sh
ifconfig $1 down
ip tuntap del name $1

You may now start your QEMU or KVM virtual machines with network access by adding -net tap to the command line. Note that if you have more than one guest that needs network access, you will need to set a custom MAC address for each NIC. Otherwise there will be MAC collisions and networking may not work correctly. For example:

qemu-system-ppc64 -accel kvm -m 768 -drive file=/dev/gwyn/testvm,format=raw -net nic,model=virtio,macaddr=02:00:00:00:00:01 -net tap -machine pseries-2.12

This will start a machine with network access and a MAC address of 02:00:00:00:00:01.

Advanced topics

Advanced: Using "predictable" network interface names

[Warning] Not Yet Written

This section has not yet been written.

Advanced: Multiple interfaces

Note that by default, all interfaces must be active before the rest of the system will consider the network to be active. This will cause network services to delay start-up until all interfaces are active. If this is not desired, you may set rc_depend_strict to NO in /etc/rc.conf.

Advanced: Interface bondage

[Warning] Not Yet Written

This section has not yet been written.

Advanced: 802.1X authentication

[Warning] Not Yet Written

This section has not yet been written.

Advanced: Customising dynamic addressing

You may use the dhcp_IFACE variable to control how DHCP is used. Valid options include:

Table 5.1. dhcp_IFACE options

Option Meaning
nodns Setting this option will cause the /etc/resolv.conf to remain unmodified. This allows for static DNS and nameserver configuration even with dynamic addressing.
nontp Setting this option will cause the /etc/ntp.conf to remain unmodified, even if the DHCP server sends NTP configuration information.