meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
howto:networking [2021/02/23 10:52]
spaetz add link to arch
howto:networking [2021/05/03 14:53] (current)
spaetz
Line 1: Line 1:
-===== Networking HowTos =====+~~NOTOC~~{{METATOC 2-5}} 
 +====== Networking HowTos ​======
  
-=== Configure ​Mobile Data ===+===== Using Mobile Data =====
  
 If your correct provider settings do not show up in Settings >> Mobile >> Mobile Data >> Access Points, you can add a new one with the [+] button. If your correct provider settings do not show up in Settings >> Mobile >> Mobile Data >> Access Points, you can add a new one with the [+] button.
-Add a network name and your APN, e.g. Name: //3 internet// ​ APN: //​three.co.uk//​. The correct settings depend on your provider.+Add a network name and your APN, e.g. Name: //3 internet// ​ APN: //​three.co.uk//​. The correct settings depend on your provider. If mobile data does not work, make sure that the "​mobile data" toggle is turned on (this happens more often than you would think).
  
-==== Connection sharing/​Tethering ​====+===== Connecting to the Mobian device =====
  
-=== Sharing mobile data through wifi hotspot ​===+==== Connect to a running SSH server ====
  
-Run and create new hotspot connections ​with SSID `Pinephone` and Password ​`HotspotPassword`:+This section explains how to connect to your Mobian device using a ssh server that you have installed on it. You should [[howto:​security#​using-ssh-with-a-key-instead-of-password|protect]] your ssh server to not allow logins via the numeric password if you want to remain safe.  
 + 
 +=== via Wifi ==== 
 + 
 +If your pinephone is connected to your local Wifi and you have an SSH server running, try to access it with `ssh mobian@mobian`. If that does not work out (e.g. because your network assigned the device a different hostname, you will need to find out the hostname/IP address to connect to. 
 + 
 +=== via USB-C cable connected to another computer === 
 + 
 +It's possible to connect to Mobian with a similar end result as using ''​adb shell''​ with an Android device, but using the USB-C connection ​and SSH instead. When connecting a Mobian device to a Linux computer via the USB-C connection, a network interface is made available to the computer, and utilizing udev and NetworkManager an IP address is assigned to both. This allows connecting to Mobian via a hardwired SSH session, instead of having to rely on wifi (which may not be 100% reliable). These instructions are written with the PinePhone as the sample device, and Linux Mint as the host computer OS, but should work for other devices/​OSes as well. 
 + 
 +  - Connect the PinePhone to the computer with a USB-C cable. 
 +  - Once connected, the system should create a network interface via NetworkManager. Learn the IP by issueing ​`sudo ip address show dev usb0and looking for the IP address in the range of 10.66.0.XX (or install the graphical WhatIP tool).  
 +  - A connected Linux Desktop will automatically create a USB network connection. 
 +  - Once complete, it should be possible to SSH into Mobian at the IP address 10.66.0.XX using the username ''​mobian'',​ and the password ''​1234''​: 
 +    * <​code>​ssh mobian@10.66.0.1</​code>​ 
 + 
 +== Network overlap with 10.0.0.0/8 == 
 + 
 +When connecting a Mobian device to a computer via USB-C, Mobian is configured to use the IP address 10.66.0.1, in the subnet 10.0.0.0/8. This can cause an issue if Mobian is also connected to a wifi network which utilizes a subnet within the same 10.0.0.0/8 subnet. The configuration of the USB connection //could// be changed to use a different or smaller subnet, //or// a more specific route can be configured for the wifi connection to account for this special case. Here is how to add a persistent more specific route. 
 + 
 +  - Connect the Mobian device via USB-C to a computer, and SSH into it (see [[install#​Connect via USB-C and SSH]]) 
 +  - Connect the Mobian device to the desired wifi network 
 +  - Identify the name of the wifi network in Network Manager 
 +    * <​code>​$ nmcli connection 
 +NAME               ​UUID ​                                 TYPE      DEVICE  
 +USB                a3ee13d7-85ce-4386-8ba9-419a67309692 ​ ethernet ​ usb0    
 +wifi-network-name ​ bfe0a288-f193-4eeb-ba00-7d6f15ec27f6 ​ wifi      wlan0</​code>​ 
 +  - Add a more specific route for the destination network, using the wifi network'​s name and gateway IP address 
 +    * <​code>​$ sudo nmcli connection modify wifi-network-name +ipv4.routes "​10.45.89.128/​25 192.168.0.1"​ +ipv4.route-metric 25</​code>​ 
 +    * **10.45.89.128/​25** - This is the destination network, swap in whatever the desired network is 
 +    * **192.168.0.1** - This is the gateway to use for that network, in this case it's the wifi network'​s gateway. 
 +    * **wifi-network-name** - This is the name of the wifi network. 
 +  - Reload the connection configuration 
 +    * <​code>​$ sudo nmcli connection reload wifi-network-name</​code>​ 
 +  - It should now be possible to route packets to the destination network successfully over the wifi connection, instead of using the USB-C network connection. 
 +    * The route table should look something similar to this: 
 +    * <​code>​$ ip route 
 +default via 192.168.0.1 dev wlan0 proto dhcp metric 25  
 +10.0.0.0/8 dev usb0 proto kernel scope link src 10.66.0.1 metric 25  
 +10.45.89.128/​25 via 192.168.0.1 dev wlan0 proto static metric 25  
 +192.168.0.0/​24 dev wlan0 proto kernel scope link src 192.168.0.101 metric 25</​code>​ 
 + 
 +===== Connection sharing/​Tethering ===== 
 + 
 +It is possible to share your phone'​s mobile data with another device. Either create a wifi hotspot that others connect to, or use a USB cable to forward data. 
 + 
 +==== Sharing mobile data through wifi hotspot ==== 
 + 
 +Visit the settings -> Wifi. The "3 dot" menu will offer a "​Create WiFi Hotspot..."​ entry, which is all that you should need to create a hotspot. Unfortunately in gnome-control-center 3.36, there is still [[https://​gitlab.gnome.org/​GNOME/​gnome-control-center/​-/​issues/​965|a bug]] which requires you to go back to the bluetooth page (just enter it and leave it immediately again) and back to the Wifi section until it becomes enabled.
   ​   ​
-  sudo nmcli device wifi hotspot ifname wlan0 con-name Hotspot ssid Pinephone ​ password HotspotPassword +Stop the hotspot from the Wifi page in the settings app. 
-   +{{:​hotspot_screen.png?​direct&​300|}}
-Stop the hotspot from NetworkManagerTo restart your hotspot you can use the 3 dots menu "​Connect to hidden network"​+
  
-{{:hotspot2.png?​direct&​200|}} {{:hotspot3.png?​direct&​200|}} {{:​hotspot4.png?​direct&​200|}} {{:​hotspot1.png?​direct&​200|}}+== HotspotThe geeky way == 
 +The geeky way to use the terminal to create a new hotspot connection with SSID `Pinephone` and Password `HotspotPassword` is: 
 +   
 +  sudo nmcli device wifi hotspot ifname wlan0 con-name Hotspot ssid Pinephone ​ password HotspotPassword
  
  
-=== Sharing internet from your PC via USB ===+==== Sharing internet from your PC via USB ====
  
 Set up ip-forwarding on your PC and configure your USB ethernet device'​s IP: Set up ip-forwarding on your PC and configure your USB ethernet device'​s IP:
Line 47: Line 98:
 Useful status output can be gathered by ''​sudo ufw status''​ and ''​sudo ufw status verbose''​. Other useful commands are "ufw allow ssh" (check /​etc/​ufw/​applications.d/​ which applications are possible) or manually allow ports. Useful status output can be gathered by ''​sudo ufw status''​ and ''​sudo ufw status verbose''​. Other useful commands are "ufw allow ssh" (check /​etc/​ufw/​applications.d/​ which applications are possible) or manually allow ports.
  
-NOTE: If you prefer graphical apps, the package gufw allows to configure the firewall via a graphical application. ​(gufw crashes on start! WHY?) +NOTE: If you prefer graphical apps, the package gufw allows to configure the firewall via a graphical application. ​Howeverit requires ​to have the "x11-xserver-utils" package installed ​(or [[https://bugs.debian.org/cgi-bin/bugreport.cgi?​bug=864603|it will crash]])as it makes use of the "​xhost"​ program in order to allow root to display any application on the screen.
- +
-===== Network overlap with 10.0.0.0/8 ==== +
- +
-When connecting a Mobian device to a computer via USB-CMobian is configured ​to use the IP address 10.66.0.1, in the subnet 10.0.0.0/8. This can cause an issue if Mobian is also connected to a wifi network which utilizes a subnet within the same 10.0.0.0/8 subnet. The configuration of the USB connection //could// be changed to use a different or smaller subnet, //or// a more specific route can be configured for the wifi connection to account for this special case. Here is how to add a persistent more specific route. +
- +
-  ​Connect the Mobian device via USB-C to a computer, and SSH into it (see [[install#​Connect via USB-C and SSH]]) +
-  - Connect the Mobian device to the desired wifi network +
-  - Identify the name of the wifi network in Network Manager +
-    * <​code>​$ nmcli connection +
-NAME               ​UUID ​                                 TYPE      DEVICE  +
-USB                a3ee13d7-85ce-4386-8ba9-419a67309692 ​ ethernet ​ usb0    +
-wifi-network-name ​ bfe0a288-f193-4eeb-ba00-7d6f15ec27f6 ​ wifi      wlan0</code> +
-  - Add a more specific route for the destination network, using the wifi network'​s name and gateway IP address +
-    * <​code>​$ sudo nmcli connection modify wifi-network-name +ipv4.routes "10.45.89.128/25 192.168.0.1"​ +ipv4.route-metric 25</code> +
-    * **10.45.89.128/​25** - This is the destination networkswap in whatever the desired network is +
-    * **192.168.0.1** - This is the gateway to use for that network, in this case it's the wifi network'​s gateway. +
-    * **wifi-network-name** - This is the name of the wifi network. +
-  - Reload the connection configuration +
-    * <​code>​$ sudo nmcli connection reload wifi-network-name</​code>​ +
-  - It should now be possible ​to route packets ​to the destination network successfully over the wifi connection, instead of using the USB-C network connection. +
-    * The route table should look something similar to this: +
-    * <​code>​$ ip route +
-default via 192.168.0.1 dev wlan0 proto dhcp metric 25  +
-10.0.0.0/8 dev usb0 proto kernel scope link src 10.66.0.1 metric 25  +
-10.45.89.128/​25 via 192.168.0.1 dev wlan0 proto static metric 25  +
-192.168.0.0/​24 dev wlan0 proto kernel scope link src 192.168.0.101 metric 25</​code>​+
  
 ===== VPN ===== ===== VPN =====
Line 86: Line 111:
  
 Note: If there are still problems, it has been [[https://​gitlab.com/​mobian1/​issues/​-/​issues/​60|reported]] that the IPv6 configuration in wireguard can cause trouble and needs to be removed (see same issue linked to earlier). (//Please update if this changes//) Note: If there are still problems, it has been [[https://​gitlab.com/​mobian1/​issues/​-/​issues/​60|reported]] that the IPv6 configuration in wireguard can cause trouble and needs to be removed (see same issue linked to earlier). (//Please update if this changes//)
 +
 +== Alternative Wireguard method ==
 +
 +If for some reason the method above, involving network-manager,​ appears to complex and/or doesnt work, one can install Wireguard and have it always-on using a non-network-manager method:
 +
 +
 +1/ generate a pair of keys using wg genkey, and create a /​etc/​wireguard/​wg0.conf (with umask 077 in the folder)
 +
 +<​code>​
 +[Interface] ​
 +PrivateKey = xxxx (private_key)
 +[Peer]
 +PublicKey = yyyy (public_key)
 +EndPoint = x.y.z.a:​port
 +AllowedIPs = 0.0.0.0/0
 +</​code>​
 +
 +2/ using systemd, activate the interface using
 +<​code>​
 +sudo systemctl enable wg-quick@wg0
 +</​code>​
 +
 +Should work for routing all communications from interfaces configured through network-manager
  
 == Always-On VPN == == Always-On VPN ==