documentation/docs/alpine-desktop-setup/post-install/network.md

72 lines
1.6 KiB
Markdown
Raw Normal View History

2023-12-25 14:28:35 +01:00
# Network
## Using wifi
2023-12-25 14:28:35 +01:00
Although `dhcp` will already work out of the box, wifi will not. Luckily there exists `wpa_supplicant`. Enable it in `/etc/NetworkManager/NetworkManager.conf`:
2023-12-25 14:28:35 +01:00
```
[main]
dhcp=internal
plugins=ifupdown,keyfile
[ifupdown]
managed=true
[device]
wifi.scan-rand-mac-address=yes
wifi.backend=wpa_supplicant
```
Now restart the service and you should be able to connect with wifi.
2023-12-25 14:28:35 +01:00
```
# rc-service networkmanager restart
```
There are different frontends to configure connections but for now install `networkmanager-tui`:
2023-12-25 14:28:35 +01:00
```
# apk add networkmanager-tui
# nmtui
```
It should be self-explanatory how to use it.
2023-12-25 14:28:35 +01:00
2024-01-01 20:47:20 +01:00
To make it possible for users to edit connections create the config file `/etc/NetworkManager/conf.d/no-polkit.conf` with:
2023-12-30 22:48:50 +01:00
```
[main]
auth-polkit=false
```
## Using a VPN
2023-12-25 14:28:35 +01:00
NetworkManager can already use WireGuard but to use other VPN's it might be necessary to install their corresponding plugin. For OpenVPN that would be:
2023-12-25 14:28:35 +01:00
```
# apk add networkmanager-openvpn
```
## Security considerations
2023-12-25 14:28:35 +01:00
NetworkManager defaults are fine for normal usage but in terms of security they are definitely lacking.
2023-12-25 14:28:35 +01:00
### MAC Randomization
Create a config file `/etc/NetworkManager/conf.d/mac-rand.conf` to randomize the mac address every time your computer connects:
2023-12-25 14:28:35 +01:00
```
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
```
### IPv6 privacy
Although ipv6 will be turned off in the [security section](https://docs.bijl.us/alpine-desktop-setup/post-install/security/#cmdline) you can still turn it on by editing `/etc/NetworkManager/conf.d/ipv6-privacy.conf`:
2023-12-25 14:28:35 +01:00
```
[connection]
ipv6.ip6-privacy=2
```