meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
howto:networking [2021/02/22 14:08]
spaetz
howto:networking [2021/05/03 14:51]
spaetz
Line 1: Line 1:
-===== Networking HowTos =====+~~NOTOC~~{{METATOC 2-5}} 
 +====== Networking HowTos ​======
  
-=== Configure ​Mobile Data ===+===== Using Mobile Data =====
  
 If your correct provider settings do not show up in Settings >> Mobile >> Mobile Data >> Access Points, you can add a new one with the [+] button. If your correct provider settings do not show up in Settings >> Mobile >> Mobile Data >> Access Points, you can add a new one with the [+] button.
-Add a network name and your APN, e.g. Name: //3 internet// ​ APN: //​three.co.uk//​. The correct settings depend on your provider.+Add a network name and your APN, e.g. Name: //3 internet// ​ APN: //​three.co.uk//​. The correct settings depend on your provider. If mobile data does not work, make sure that the "​mobile data" toggle is turned on (this happens more often than you would think).
  
-==== Connection sharing/​Tethering ​====+===== Connecting to the Mobian device =====
  
-=== Sharing mobile data through wifi hotspot ​===+==== Connect to a running SSH server ====
  
-Run and create new hotspot ​connections ​with SSID `Pinephone` and Password `HotspotPassword`:​+This section explains how to connect to your Mobian device using a ssh server that you have installed on it. You should [[howto:​security#​using-ssh-with-a-key-instead-of-password|protect]] your ssh server to not allow logins via the numeric password if you want to remain safe.  
 + 
 +=== via Wifi ==== 
 + 
 +If your pinephone is connected to your local Wifi and you have an SSH server running, try to access it with `ssh mobian@mobian`. If that does not work out (e.g. because your network assigned the device a different hostname, you will need to find out the hostname/IP address to connect to. 
 + 
 +=== via USB-C cable connected to another computer === 
 + 
 +It's possible to connect to Mobian with a similar end result as using ''​adb shell''​ with an Android device, but using the USB-C connection and SSH instead. When connecting a Mobian device to a Linux computer via the USB-C connection, a network interface is made available to the computer, and utilizing udev and NetworkManager an IP address is assigned to both. This allows connecting to Mobian via a hardwired SSH session, instead of having to rely on wifi (which may not be 100% reliable). These instructions are written with the PinePhone as the sample device, and Linux Mint as the host computer OS, but should work for other devices/​OSes as well. 
 + 
 +  - Connect the PinePhone to the computer with a USB-C cable. 
 +  - Once connected, the system should create a network interface via NetworkManager. Learn the IP by issueing `sudo ip address show dev usb0` and looking for the IP address in the range of 10.66.0.XX (or install the graphical WhatIP tool).  
 +  - A connected Linux Desktop will automatically create a USB network connection. 
 +  - Once complete, it should be possible to SSH into Mobian at the IP address 10.66.0.XX using the username ''​mobian'',​ and the password ''​1234'':​ 
 +    * <​code>​ssh mobian@10.66.0.1</​code>​ 
 + 
 +== Network overlap with 10.0.0.0/8 == 
 + 
 +When connecting a Mobian device to a computer via USB-C, Mobian is configured to use the IP address 10.66.0.1, in the subnet 10.0.0.0/8. This can cause an issue if Mobian is also connected to a wifi network which utilizes a subnet within the same 10.0.0.0/8 subnet. The configuration of the USB connection //could// be changed to use a different or smaller subnet, //or// a more specific route can be configured for the wifi connection to account for this special case. Here is how to add a persistent more specific route. 
 + 
 +  - Connect the Mobian device via USB-C to a computer, and SSH into it (see [[install#​Connect via USB-C and SSH]]) 
 +  - Connect the Mobian device to the desired wifi network 
 +  - Identify the name of the wifi network in Network Manager 
 +    * <​code>​$ nmcli connection 
 +NAME               ​UUID ​                                 TYPE      DEVICE  
 +USB                a3ee13d7-85ce-4386-8ba9-419a67309692 ​ ethernet ​ usb0    
 +wifi-network-name ​ bfe0a288-f193-4eeb-ba00-7d6f15ec27f6 ​ wifi      wlan0</​code>​ 
 +  - Add a more specific route for the destination network, using the wifi network'​s name and gateway IP address 
 +    * <​code>​$ sudo nmcli connection modify wifi-network-name +ipv4.routes "​10.45.89.128/​25 192.168.0.1"​ +ipv4.route-metric 25</​code>​ 
 +    * **10.45.89.128/​25** - This is the destination network, swap in whatever the desired network is 
 +    * **192.168.0.1** - This is the gateway to use for that network, in this case it's the wifi network'​s gateway. 
 +    * **wifi-network-name** - This is the name of the wifi network. 
 +  - Reload the connection configuration 
 +    * <​code>​$ sudo nmcli connection reload wifi-network-name</​code>​ 
 +  - It should now be possible to route packets to the destination network successfully over the wifi connection, instead of using the USB-C network connection. 
 +    * The route table should look something similar to this: 
 +    * <​code>​$ ip route 
 +default via 192.168.0.1 dev wlan0 proto dhcp metric 25  
 +10.0.0.0/8 dev usb0 proto kernel scope link src 10.66.0.1 metric 25  
 +10.45.89.128/​25 via 192.168.0.1 dev wlan0 proto static metric 25  
 +192.168.0.0/​24 dev wlan0 proto kernel scope link src 192.168.0.101 metric 25</​code>​ 
 + 
 +===== Connection sharing/​Tethering ===== 
 + 
 +It is possible to share your phone'​s mobile data with another device. Either create a wifi hotspot that others connect to, or use a USB cable to forward data. 
 + 
 +==== Sharing mobile data through wifi hotspot ==== 
 + 
 +Visit the settings -> Wifi. The "3 dot" menu will offer a "​Create WiFi Hotspot..."​ entry, which is all that you should need to create a hotspot. Unfortunately in gnome-control-center 3.36, there is still [[https://​gitlab.gnome.org/​GNOME/​gnome-control-center/​-/​issues/​965|a bug]] which requires you to go back to the bluetooth page (just enter it and leave it immediately again) ​and back to the Wifi section until it becomes enabled. 
 + 
 +The geeky way to use the terminal to create ​new hotspot ​connection ​with SSID `Pinephone` and Password `HotspotPassword` ​is:
   ​   ​
   sudo nmcli device wifi hotspot ifname wlan0 con-name Hotspot ssid Pinephone ​ password HotspotPassword   sudo nmcli device wifi hotspot ifname wlan0 con-name Hotspot ssid Pinephone ​ password HotspotPassword
   ​   ​
-Stop the hotspot from NetworkManager. To restart your hotspot you can use the 3 dots menu "​Connect to hidden network"​+Stop the hotspot from the Wifi page in the settings app.
  
-{{:​hotspot2.png?​direct&​200|}} {{:​hotspot3.png?​direct&​200|}} {{:​hotspot4.png?​direct&​200|}} {{:hotspot1.png?​direct&​200|}}+{{:​hotspot2.png?​direct&​200|}} {{:​hotspot3.png?​direct&​200|}} {{:​hotspot4.png?​direct&​200|}} {{:hotspot_screen.png?​direct&​300|}}
  
  
-=== Sharing internet from your PC via USB ===+==== Sharing internet from your PC via USB ====
  
 Set up ip-forwarding on your PC and configure your USB ethernet device'​s IP: Set up ip-forwarding on your PC and configure your USB ethernet device'​s IP:
Line 47: Line 98:
 Useful status output can be gathered by ''​sudo ufw status''​ and ''​sudo ufw status verbose''​. Other useful commands are "ufw allow ssh" (check /​etc/​ufw/​applications.d/​ which applications are possible) or manually allow ports. Useful status output can be gathered by ''​sudo ufw status''​ and ''​sudo ufw status verbose''​. Other useful commands are "ufw allow ssh" (check /​etc/​ufw/​applications.d/​ which applications are possible) or manually allow ports.
  
-NOTE: If you prefer graphical apps, the package gufw allows to configure the firewall via a graphical application. ​(gufw crashes on start! WHY?) +NOTE: If you prefer graphical apps, the package gufw allows to configure the firewall via a graphical application. ​Howeverit requires ​to have the "x11-xserver-utils" package installed ​(or [[https://bugs.debian.org/cgi-bin/bugreport.cgi?​bug=864603|it will crash]])as it makes use of the "​xhost"​ program in order to allow root to display any application on the screen.
- +
-===== Network overlap with 10.0.0.0/8 ==== +
- +
-When connecting a Mobian device to a computer via USB-CMobian is configured ​to use the IP address 10.66.0.1, in the subnet 10.0.0.0/8. This can cause an issue if Mobian is also connected to a wifi network which utilizes a subnet within the same 10.0.0.0/8 subnet. The configuration of the USB connection //could// be changed to use a different or smaller subnet, //or// a more specific route can be configured for the wifi connection to account for this special case. Here is how to add a persistent more specific route. +
- +
-  ​Connect the Mobian device via USB-C to a computer, and SSH into it (see [[install#​Connect via USB-C and SSH]]) +
-  - Connect the Mobian device to the desired wifi network +
-  - Identify the name of the wifi network in Network Manager +
-    * <​code>​$ nmcli connection +
-NAME               ​UUID ​                                 TYPE      DEVICE  +
-USB                a3ee13d7-85ce-4386-8ba9-419a67309692 ​ ethernet ​ usb0    +
-wifi-network-name ​ bfe0a288-f193-4eeb-ba00-7d6f15ec27f6 ​ wifi      wlan0</code> +
-  - Add a more specific route for the destination network, using the wifi network'​s name and gateway IP address +
-    * <​code>​$ sudo nmcli connection modify wifi-network-name +ipv4.routes "10.45.89.128/25 192.168.0.1"​ +ipv4.route-metric 25</code> +
-    * **10.45.89.128/​25** - This is the destination networkswap in whatever the desired network is +
-    * **192.168.0.1** - This is the gateway to use for that network, in this case it's the wifi network'​s gateway. +
-    * **wifi-network-name** - This is the name of the wifi network. +
-  - Reload the connection configuration +
-    * <​code>​$ sudo nmcli connection reload wifi-network-name</​code>​ +
-  - It should now be possible ​to route packets ​to the destination network successfully over the wifi connection, instead of using the USB-C network connection. +
-    * The route table should look something similar to this: +
-    * <​code>​$ ip route +
-default via 192.168.0.1 dev wlan0 proto dhcp metric 25  +
-10.0.0.0/8 dev usb0 proto kernel scope link src 10.66.0.1 metric 25  +
-10.45.89.128/​25 via 192.168.0.1 dev wlan0 proto static metric 25  +
-192.168.0.0/​24 dev wlan0 proto kernel scope link src 192.168.0.101 metric 25</​code>​+
  
 ===== VPN ===== ===== VPN =====
Line 86: Line 111:
  
 Note: If there are still problems, it has been [[https://​gitlab.com/​mobian1/​issues/​-/​issues/​60|reported]] that the IPv6 configuration in wireguard can cause trouble and needs to be removed (see same issue linked to earlier). (//Please update if this changes//) Note: If there are still problems, it has been [[https://​gitlab.com/​mobian1/​issues/​-/​issues/​60|reported]] that the IPv6 configuration in wireguard can cause trouble and needs to be removed (see same issue linked to earlier). (//Please update if this changes//)
 +
 +== Alternative Wireguard method ==
 +
 +If for some reason the method above, involving network-manager,​ appears to complex and/or doesnt work, one can install Wireguard and have it always-on using a non-network-manager method:
 +
 +
 +1/ generate a pair of keys using wg genkey, and create a /​etc/​wireguard/​wg0.conf (with umask 077 in the folder)
 +
 +<​code>​
 +[Interface] ​
 +PrivateKey = xxxx (private_key)
 +[Peer]
 +PublicKey = yyyy (public_key)
 +EndPoint = x.y.z.a:​port
 +AllowedIPs = 0.0.0.0/0
 +</​code>​
 +
 +2/ using systemd, activate the interface using
 +<​code>​
 +sudo systemctl enable wg-quick@wg0
 +</​code>​
 +
 +Should work for routing all communications from interfaces configured through network-manager
  
 == Always-On VPN == == Always-On VPN ==
  
-VPN functionality will be added to Gnome-Control-Center in the future, but for now you can configure this via ''​nmcli''​. This guide will explain how to import an OpenVPN connection, and then configure other connections to require it as a "​secondary"​.+VPN functionality will be added to Gnome-Control-Center in the future, but for now you can configure this via ''​nmcli''​. This guide will explain how to import an OpenVPN connection, and then configure other connections to require it as a "​secondary"​. ​(see the always great Arch wiki for [[https://​wiki.archlinux.org/​index.php/​NetworkManager#​Automatically_connect_to_VPN|more]] on this)
  
 1. Add OpenVPN support for NetworkManager by running ''​sudo apt install network-manager-openvpn''​. 1. Add OpenVPN support for NetworkManager by running ''​sudo apt install network-manager-openvpn''​.