documentation/docs/alpine-desktop-setup/post-install/network.md

# Network

## Using wifi

Although `dhcp` will already work out of the box, wifi will not. Luckily there exists `wpa_supplicant`. Enable it in `/etc/NetworkManager/NetworkManager.conf`:

```
[main] 
dhcp=internal
plugins=ifupdown,keyfile

[ifupdown]
managed=true

[device]
wifi.scan-rand-mac-address=yes
wifi.backend=wpa_supplicant
```

Now restart the service and you should be able to connect with wifi.

```
# rc-service networkmanager restart
```

There are different frontends to configure connections but for now install `networkmanager-tui`:

```
# apk add networkmanager-tui
# nmtui
```

It should be self-explanatory how to use it.

To make it possible for users to edit connections create the config file `/etc/NetworkManager/conf.d/no-polkit.conf` with:

```
[main]
auth-polkit=false
```

## Using a VPN

NetworkManager can already use WireGuard but to use other VPN's it might be necessary to install their corresponding plugin. For OpenVPN that would be:

```
# apk add networkmanager-openvpn
```

## Security considerations

NetworkManager defaults are fine for normal usage but in terms of security they are definitely lacking.

### MAC Randomization

Create a config file `/etc/NetworkManager/conf.d/mac-rand.conf` to randomize the mac address every time your computer connects:

```
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
```

### IPv6 privacy

Although ipv6 will be turned off in the [security section](https://docs.bijl.us/alpine-desktop-setup/post-install/security/#cmdline) you can still turn it on by editing `/etc/NetworkManager/conf.d/ipv6-privacy.conf`:

```
[connection]
ipv6.ip6-privacy=2
```
Added network page 2023-12-25 14:28:35 +01:00			`# Network`

Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			`## Using wifi`
Added network page 2023-12-25 14:28:35 +01:00
Changed the order of things for networking 2024-04-24 12:02:58 +02:00			Although `dhcp` will already work out of the box, wifi will not. Luckily there exists `wpa_supplicant`. Enable it in `/etc/NetworkManager/NetworkManager.conf`:
Added network page 2023-12-25 14:28:35 +01:00
			```
			`[main]`
			`dhcp=internal`
			`plugins=ifupdown,keyfile`

			`[ifupdown]`
			`managed=true`

			`[device]`
			`wifi.scan-rand-mac-address=yes`
			`wifi.backend=wpa_supplicant`
			```

Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			`Now restart the service and you should be able to connect with wifi.`
Added network page 2023-12-25 14:28:35 +01:00
			```
			`# rc-service networkmanager restart`
			```

Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			There are different frontends to configure connections but for now install `networkmanager-tui`:
Added network page 2023-12-25 14:28:35 +01:00
			```
			`# apk add networkmanager-tui`
			`# nmtui`
			```

Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			`It should be self-explanatory how to use it.`
Added network page 2023-12-25 14:28:35 +01:00
Cleanup and changed lvm naming scheme 2024-01-01 20:47:20 +01:00			To make it possible for users to edit connections create the config file `/etc/NetworkManager/conf.d/no-polkit.conf` with:
Updated networkmanager things 2023-12-30 22:48:50 +01:00
			```
			`[main]`
			`auth-polkit=false`
			```

Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			`## Using a VPN`
Added network page 2023-12-25 14:28:35 +01:00
Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			`NetworkManager can already use WireGuard but to use other VPN's it might be necessary to install their corresponding plugin. For OpenVPN that would be:`
Added network page 2023-12-25 14:28:35 +01:00
			```
			`# apk add networkmanager-openvpn`
			```

Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			`## Security considerations`
Added network page 2023-12-25 14:28:35 +01:00
Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			`NetworkManager defaults are fine for normal usage but in terms of security they are definitely lacking.`
Added network page 2023-12-25 14:28:35 +01:00
			`### MAC Randomization`

Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			Create a config file `/etc/NetworkManager/conf.d/mac-rand.conf` to randomize the mac address every time your computer connects:
Added network page 2023-12-25 14:28:35 +01:00
			```
			`[connection-mac-randomization]`
			`ethernet.cloned-mac-address=random`
			`wifi.cloned-mac-address=random`
			```

			`### IPv6 privacy`

Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			Although ipv6 will be turned off in the [security section](https://docs.bijl.us/alpine-desktop-setup/post-install/security/#cmdline) you can still turn it on by editing `/etc/NetworkManager/conf.d/ipv6-privacy.conf`:
Added network page 2023-12-25 14:28:35 +01:00
			```
			`[connection]`
			`ipv6.ip6-privacy=2`
Changed the order of things for networking 2024-04-24 12:02:58 +02:00			```