From: Matt Birkholz Date: Sat, 25 Apr 2026 22:58:20 +0000 (-0600) Subject: Discuss an example configuration for a wireless ISP. X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=0e39667b796cf1089087a3533d3630e794ef0076;p=Institute Discuss an example configuration for a wireless ISP. Update the Configure Core NetworkD and Configure Gate NetworkD sections. Do not bother NetworkD when UdevD configurations change. A reboot will be necessary. --- diff --git a/README.org b/README.org index 66833ad..394bbf0 100644 --- a/README.org +++ b/README.org @@ -1244,8 +1244,8 @@ Gate was also connected to the USB Ethernet dongles cabled to the campus Wi-Fi access point and the campus ISP and the values of three variables (~gate_lan_mac~, ~gate_wild_mac~, and ~gate_isp_mac~ in [[file:private/vars.yml][=private/vars.yml=]]) match the actual hardware MAC addresses of the -dongles. (For more information, see the tasks in section [[Configure -Gate NetworkD]].) +dongles. (For more information, see the tasks in the [[Configure Gate +NetworkD]] section.) At this point Gate was prepared for provisioning with Ansible. @@ -2595,19 +2595,19 @@ list, and to disable its cache and stub listener. ** Configure Core NetworkD Core's network interface is statically configured using the -~systemd-networkd~ configuration files =10-lan.link= and -=10-lan.network= installed in =/etc/systemd/network/=. Those files -statically assign Core's IP address (as well as the campus name server -and search domain), and its default route through Gate. A second -route, through Core itself to Front, is advertised to other hosts, and -is routed through a WireGuard™ interface connected to Front's public -WireGuard™ VPN. +~systemd-udevd~ configuration file =10-lan.link= and the +~systemd-networkd~ configuration file =10-lan.network=, both installed +in =/etc/systemd/network/=. Those files statically assign Core's IP +address and its default route through Gate. A second route, through +Core itself to Front, is advertised to other hosts, and is routed +through a WireGuard™ interface connected to Front's public WireGuard™ +VPN. Note that the ~[Match]~ sections of the =.network= files should specify only a ~MACAddress~. Getting ~systemd-udevd~ to rename interfaces has thusfar been futile (short of a reboot), so specifying -a ~Name~ means the interface does not match, leaving it un-configured -(until the next reboot). +a ~Name~ means the interface will not be configured until after the +next reboot. The configuration needs the MAC address of the primary (only) NIC, an example of which is given here. (A clever way to extract that name @@ -4955,10 +4955,11 @@ The following should be familiar boilerplate by now. ** Configure Gate NetworkD -Gate's network interfaces are configured using SystemD NetworkD -configuration files that specify their MAC addresses. (One or more -might be plug-and-play USB dongles.) These addresses are provided by -the [[file:private/vars.yml][=private/vars.yml=]] file as in the example code here. +Gate's network interfaces are configured by =.link= and =.network= +files installed in =/etc/systemd/network=. The files specify +interfaces by matching their MAC addresses. (One or more might be +plug-and-play USB dongles.) The addresses are provided by the +[[file:private/vars.yml][=private/vars.yml=]] file as in the example code here. #+CAPTION: [[file:private/vars.yml][=private/vars.yml=]] #+BEGIN_SRC conf :tangle private/vars.yml @@ -4967,6 +4968,9 @@ gate_wild_mac: 08:00:27:4a:de:d2 gate_isp_mac: 08:00:27:3d:42:e5 #+END_SRC +Note that the =.network= files do not use the interface names for +reasons discussed in the [[Configure Core NetworkD]] section. + The tasks in the following sections install the necessary configuration files. @@ -4988,7 +4992,6 @@ The campus Ethernet interface is named ~lan~ and configured by [Link] Name=lan dest: /etc/systemd/network/10-lan.link - notify: Reload networkd. - name: Install 10-lan.network. become: yes @@ -5059,7 +5062,6 @@ configured by =10-wild.link= and =10-wild.network= files in [Link] Name=wild dest: /etc/systemd/network/10-wild.link - notify: Reload networkd. - name: Install 10-wild.network. become: yes @@ -5111,7 +5113,6 @@ tether, Wi-Fi connection, etc. [Link] Name=isp dest: /etc/systemd/network/10-isp.link - notify: Reload networkd. - name: Install 10-isp.network. become: yes @@ -5127,7 +5128,9 @@ not already exist so that it can be easily modified to debug a new campus ISP without interference from Ansible. The following example =gate-isp.network= file recognizes an Ethernet -interface by its MAC address. +interface by its MAC address and configures it as a DHCP client. The +block tangles to =private/gate-isp.network= as part of the test +configuration. #+CAPTION: [[file:private/gate-isp.network][=private/gate-isp.network=]] #+BEGIN_SRC conf :tangle private/gate-isp.network :tangle-mode u=rw,g=,o= @@ -5143,6 +5146,37 @@ UseMTU=true UseDNS=false #+END_SRC +The same =gate-isp.link= and =gate-isp.network= files can be used to +configure a wireless interface simply by replacing the interface MAC, +though the machine will need to reboot in order to name the new +interface ~isp~ and re-load the firewall rules with that new naming. + +Once the wireless interface is named ~isp~, WPA Supplicant can be +supplied a configuration file like the following, and used to connect +and authenticate. + +#+CAPTION: =/etc/wpa_supplicant/wpa_supplicant-isp.conf= +#+BEGIN_SRC conf +ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=root +network={ + ssid="Access Point Name" + scan_ssid=1 + key_mgmt=WPA-PSK + psk="access point passphrase" +} +#+END_SRC + +#+BEGIN_SRC sh +sudo systemctl start wpa_supplicant@isp +networkctl +sudo systemctl enable wpa_supplicant@isp +#+END_SRC + +The same =gate-isp.link= and =gate-isp.network= files would also be +used with a USB tether simply by replacing the interface MAC. Again, +the machine will need to reboot in order to name the interface ~isp~ +and re-load the firewall rules with that new naming. + ** Configure Gate ResolveD Gate provides name service on the wild Ethernet by having its "stub