meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
howto:networking [2021/02/24 14:27]
spaetz fix link
howto:networking [2021/05/03 14:53] (current)
spaetz
Line 1: Line 1:
-~~METATOC 2-5~~+~~NOTOC~~{{METATOC 2-5}}
 ====== Networking HowTos ====== ====== Networking HowTos ======
 +
 +===== Using Mobile Data =====
 +
 +If your correct provider settings do not show up in Settings >> Mobile >> Mobile Data >> Access Points, you can add a new one with the [+] button.
 +Add a network name and your APN, e.g. Name: //3 internet// ​ APN: //​three.co.uk//​. The correct settings depend on your provider. If mobile data does not work, make sure that the "​mobile data" toggle is turned on (this happens more often than you would think).
  
 ===== Connecting to the Mobian device ===== ===== Connecting to the Mobian device =====
  
-This section explains how to connect to your Mobian device using a ssh server that you have installed on it. You should [[thowto:​security#​using-ssh-with-a-key-instead-of-password|protect]] your ssh server to not allow logins via the numeric password if you want to remain safe. +==== Connect to a running SSH server ==== 
 + 
 +This section explains how to connect to your Mobian device using a ssh server that you have installed on it. You should [[howto:​security#​using-ssh-with-a-key-instead-of-password|protect]] your ssh server to not allow logins via the numeric password if you want to remain safe. 
  
-== Connect ​via Wifi and SSH ==+==via Wifi ====
  
-If you pinephone is connected to your local Wifi and you have an SSH server running, try to access it with `ssh mobian@mobian`. If that does not work out (e.g. because your network assigned the device a different hostname, you will need to find out the hostname/IP address to connect to.+If your pinephone is connected to your local Wifi and you have an SSH server running, try to access it with `ssh mobian@mobian`. If that does not work out (e.g. because your network assigned the device a different hostname, you will need to find out the hostname/IP address to connect to.
  
-== Connect ​via USB-C and SSH ==+==via USB-C cable connected to another computer ===
  
 It's possible to connect to Mobian with a similar end result as using ''​adb shell''​ with an Android device, but using the USB-C connection and SSH instead. When connecting a Mobian device to a Linux computer via the USB-C connection, a network interface is made available to the computer, and utilizing udev and NetworkManager an IP address is assigned to both. This allows connecting to Mobian via a hardwired SSH session, instead of having to rely on wifi (which may not be 100% reliable). These instructions are written with the PinePhone as the sample device, and Linux Mint as the host computer OS, but should work for other devices/​OSes as well. It's possible to connect to Mobian with a similar end result as using ''​adb shell''​ with an Android device, but using the USB-C connection and SSH instead. When connecting a Mobian device to a Linux computer via the USB-C connection, a network interface is made available to the computer, and utilizing udev and NetworkManager an IP address is assigned to both. This allows connecting to Mobian via a hardwired SSH session, instead of having to rely on wifi (which may not be 100% reliable). These instructions are written with the PinePhone as the sample device, and Linux Mint as the host computer OS, but should work for other devices/​OSes as well.
Line 18: Line 25:
   - A connected Linux Desktop will automatically create a USB network connection.   - A connected Linux Desktop will automatically create a USB network connection.
   - Once complete, it should be possible to SSH into Mobian at the IP address 10.66.0.XX using the username ''​mobian'',​ and the password ''​1234'':​   - Once complete, it should be possible to SSH into Mobian at the IP address 10.66.0.XX using the username ''​mobian'',​ and the password ''​1234'':​
-    * <​code>​ssh mobian@10.66.0.1 +    * <​code>​ssh mobian@10.66.0.1</​code>​
-mobian@10.66.0.1'​s password: +
-Linux mobian 5.9-sunxi64 #1 SMP PREEMPT Sun Dec 13 13:56:38 UTC 2020 aarch64+
  
-The programs included ​with the Debian GNU/Linux system are free software; +== Network overlap ​with 10.0.0.0/8 ==
-the exact distribution terms for each program are described in the +
-individual files in /​usr/​share/​doc/​*/​copyright.+
  
-Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent +When connecting a Mobian device to a computer via USB-CMobian is configured ​to use the IP address 10.66.0.1, in the subnet 10.0.0.0/8. This can cause an issue if Mobian is also connected to a wifi network which utilizes a subnet within the same 10.0.0.0/8 subnet. The configuration of the USB connection //could// be changed to use a different or smaller subnet, //or// a more specific route can be configured for the wifi connection to account for this special case. Here is how to add a persistent more specific route.
-permitted by applicable law. +
-mobian@mobian:​~$<​/code>+
  
-Once connected, it's possible ​to do all of the things normally possible with SSHsuch as command execution/automationmultiple logins, port forwarding, X11 forwarding, scp, etcDoing this is light years beyond doing anything ​in the terminal app on the phone with the on-screen keyboard.+  - Connect the Mobian device via USB-C to a computerand SSH into it (see [[install#​Connect via USB-C and SSH]]) 
 +  - Connect the Mobian device ​to the desired wifi network 
 +  - Identify the name of the wifi network in Network Manager 
 +    * <​code>​$ nmcli connection 
 +NAME               ​UUID ​                                 TYPE      DEVICE  
 +USB                a3ee13d7-85ce-4386-8ba9-419a67309692 ​ ethernet ​ usb0    
 +wifi-network-name ​ bfe0a288-f193-4eeb-ba00-7d6f15ec27f6 ​ wifi      wlan0</​code>​ 
 +  - Add a more specific route for the destination networkusing the wifi network'​s name and gateway IP address 
 +    * <​code>​$ sudo nmcli connection modify wifi-network-name +ipv4.routes "​10.45.89.128/25 192.168.0.1"​ +ipv4.route-metric 25</​code>​ 
 +    * **10.45.89.128/​25** - This is the destination networkswap in whatever the desired network is 
 +    * **192.168.0.1** - This is the gateway to use for that network, ​in this case it'​s ​the wifi network'​s gateway. 
 +    * **wifi-network-name** - This is the name of the wifi network. 
 +  ​Reload the connection configuration 
 +    * <​code>​$ sudo nmcli connection reload wifi-network-name</​code>​ 
 +  - It should now be possible to route packets to the destination network successfully over the wifi connection, instead of using the USB-C network connection. 
 +    * The route table should look something similar to this: 
 +    * <​code>​$ ip route 
 +default via 192.168.0.1 dev wlan0 proto dhcp metric 25  
 +10.0.0.0/8 dev usb0 proto kernel scope link src 10.66.0.1 metric 25  
 +10.45.89.128/​25 via 192.168.0.1 dev wlan0 proto static metric 25  
 +192.168.0.0/​24 dev wlan0 proto kernel scope link src 192.168.0.101 metric 25</​code>​
  
-=== Configure Mobile Data ===+===== Connection sharing/​Tethering =====
  
-If your correct provider settings do not show up in Settings >> Mobile >> Mobile Data >> Access Points, you can add a new one with the [+] button. +It is possible to share your phone'​s mobile data with another deviceEither create ​wifi hotspot that others connect toor use a USB cable to forward data.
-Add network name and your APNe.g. Name: //3 internet// ​ APN: //​three.co.uk//​. The correct settings depend on your provider.+
  
-==== Connection sharing/​Tethering ​====+==== Sharing mobile data through wifi hotspot ​====
  
-=== Sharing mobile data through wifi hotspot ​===+Visit the settings -> Wifi. The "3 dot" menu will offer a "​Create WiFi Hotspot..."​ entry, which is all that you should need to create a hotspot. Unfortunately in gnome-control-center 3.36, there is still [[https://​gitlab.gnome.org/​GNOME/​gnome-control-center/​-/​issues/​965|a bug]] which requires you to go back to the bluetooth page (just enter it and leave it immediately again) and back to the Wifi section until it becomes enabled. 
 +   
 +Stop the hotspot from the Wifi page in the settings app. 
 +{{:​hotspot_screen.png?​direct&​300|}}
  
-Run and create new hotspot ​connections ​with SSID `Pinephone` and Password `HotspotPassword`:​+== Hotspot: The geeky way == 
 +The geeky way to use the terminal to create ​new hotspot ​connection ​with SSID `Pinephone` and Password `HotspotPassword` ​is:
   ​   ​
   sudo nmcli device wifi hotspot ifname wlan0 con-name Hotspot ssid Pinephone ​ password HotspotPassword   sudo nmcli device wifi hotspot ifname wlan0 con-name Hotspot ssid Pinephone ​ password HotspotPassword
-  ​ 
-Stop the hotspot from NetworkManager. To restart your hotspot you can use the 3 dots menu "​Connect to hidden network"​ 
- 
-{{:​hotspot2.png?​direct&​200|}} {{:​hotspot3.png?​direct&​200|}} {{:​hotspot4.png?​direct&​200|}} {{:​hotspot1.png?​direct&​200|}} 
  
  
-=== Sharing internet from your PC via USB ===+==== Sharing internet from your PC via USB ====
  
 Set up ip-forwarding on your PC and configure your USB ethernet device'​s IP: Set up ip-forwarding on your PC and configure your USB ethernet device'​s IP:
Line 79: Line 99:
  
 NOTE: If you prefer graphical apps, the package gufw allows to configure the firewall via a graphical application. However, it requires to have the "​x11-xserver-utils"​ package installed (or [[https://​bugs.debian.org/​cgi-bin/​bugreport.cgi?​bug=864603|it will crash]]), as it makes use of the "​xhost"​ program in order to allow root to display any application on the screen. NOTE: If you prefer graphical apps, the package gufw allows to configure the firewall via a graphical application. However, it requires to have the "​x11-xserver-utils"​ package installed (or [[https://​bugs.debian.org/​cgi-bin/​bugreport.cgi?​bug=864603|it will crash]]), as it makes use of the "​xhost"​ program in order to allow root to display any application on the screen.
- 
-===== Network overlap with 10.0.0.0/8 ==== 
- 
-When connecting a Mobian device to a computer via USB-C, Mobian is configured to use the IP address 10.66.0.1, in the subnet 10.0.0.0/8. This can cause an issue if Mobian is also connected to a wifi network which utilizes a subnet within the same 10.0.0.0/8 subnet. The configuration of the USB connection //could// be changed to use a different or smaller subnet, //or// a more specific route can be configured for the wifi connection to account for this special case. Here is how to add a persistent more specific route. 
- 
-  - Connect the Mobian device via USB-C to a computer, and SSH into it (see [[install#​Connect via USB-C and SSH]]) 
-  - Connect the Mobian device to the desired wifi network 
-  - Identify the name of the wifi network in Network Manager 
-    * <​code>​$ nmcli connection 
-NAME               ​UUID ​                                 TYPE      DEVICE ​ 
-USB                a3ee13d7-85ce-4386-8ba9-419a67309692 ​ ethernet ​ usb0    
-wifi-network-name ​ bfe0a288-f193-4eeb-ba00-7d6f15ec27f6 ​ wifi      wlan0</​code>​ 
-  - Add a more specific route for the destination network, using the wifi network'​s name and gateway IP address 
-    * <​code>​$ sudo nmcli connection modify wifi-network-name +ipv4.routes "​10.45.89.128/​25 192.168.0.1"​ +ipv4.route-metric 25</​code>​ 
-    * **10.45.89.128/​25** - This is the destination network, swap in whatever the desired network is 
-    * **192.168.0.1** - This is the gateway to use for that network, in this case it's the wifi network'​s gateway. 
-    * **wifi-network-name** - This is the name of the wifi network. 
-  - Reload the connection configuration 
-    * <​code>​$ sudo nmcli connection reload wifi-network-name</​code>​ 
-  - It should now be possible to route packets to the destination network successfully over the wifi connection, instead of using the USB-C network connection. 
-    * The route table should look something similar to this: 
-    * <​code>​$ ip route 
-default via 192.168.0.1 dev wlan0 proto dhcp metric 25  
-10.0.0.0/8 dev usb0 proto kernel scope link src 10.66.0.1 metric 25  
-10.45.89.128/​25 via 192.168.0.1 dev wlan0 proto static metric 25  
-192.168.0.0/​24 dev wlan0 proto kernel scope link src 192.168.0.101 metric 25</​code>​ 
  
 ===== VPN ===== ===== VPN =====
Line 117: Line 111:
  
 Note: If there are still problems, it has been [[https://​gitlab.com/​mobian1/​issues/​-/​issues/​60|reported]] that the IPv6 configuration in wireguard can cause trouble and needs to be removed (see same issue linked to earlier). (//Please update if this changes//) Note: If there are still problems, it has been [[https://​gitlab.com/​mobian1/​issues/​-/​issues/​60|reported]] that the IPv6 configuration in wireguard can cause trouble and needs to be removed (see same issue linked to earlier). (//Please update if this changes//)
 +
 +== Alternative Wireguard method ==
 +
 +If for some reason the method above, involving network-manager,​ appears to complex and/or doesnt work, one can install Wireguard and have it always-on using a non-network-manager method:
 +
 +
 +1/ generate a pair of keys using wg genkey, and create a /​etc/​wireguard/​wg0.conf (with umask 077 in the folder)
 +
 +<​code>​
 +[Interface] ​
 +PrivateKey = xxxx (private_key)
 +[Peer]
 +PublicKey = yyyy (public_key)
 +EndPoint = x.y.z.a:​port
 +AllowedIPs = 0.0.0.0/0
 +</​code>​
 +
 +2/ using systemd, activate the interface using
 +<​code>​
 +sudo systemctl enable wg-quick@wg0
 +</​code>​
 +
 +Should work for routing all communications from interfaces configured through network-manager
  
 == Always-On VPN == == Always-On VPN ==