71 lines
1.6 KiB
Markdown
71 lines
1.6 KiB
Markdown
# Network
|
|
|
|
## Wi-Fi
|
|
|
|
Although `dhcp` will already work out of the box, Wi-Fi will not. Luckily there exists `wpa_supplicant`, enable it in `/etc/NetworkManager/NetworkManager.conf`:
|
|
|
|
```
|
|
[main]
|
|
dhcp=internal
|
|
plugins=ifupdown,keyfile
|
|
|
|
[ifupdown]
|
|
managed=true
|
|
|
|
[device]
|
|
wifi.scan-rand-mac-address=yes
|
|
wifi.backend=wpa_supplicant
|
|
```
|
|
|
|
Now restart the service, and you should be able to connect with Wi-Fi.
|
|
|
|
```
|
|
# rc-service networkmanager restart
|
|
```
|
|
|
|
There are different frontends to configure connections but for now install `networkmanager-tui`:
|
|
|
|
```
|
|
# apk add networkmanager-tui
|
|
# nmtui
|
|
```
|
|
|
|
It should be self-explanatory how to use it.
|
|
|
|
To make it possible for users to edit connections create the config file `/etc/NetworkManager/conf.d/no-polkit.conf` with:
|
|
|
|
```
|
|
[main]
|
|
auth-polkit=false
|
|
```
|
|
|
|
## VPN
|
|
|
|
NetworkManager can already use WireGuard but to use other VPNs it might be necessary to install their corresponding plugin. For OpenVPN that would be:
|
|
|
|
```
|
|
# apk add networkmanager-openvpn
|
|
```
|
|
|
|
## Security considerations
|
|
|
|
NetworkManager defaults are fine for normal usage but in terms of security they are definitely lacking.
|
|
|
|
### MAC Randomization
|
|
|
|
Create a config file `/etc/NetworkManager/conf.d/mac-rand.conf` to randomize the mac address every time your computer connects:
|
|
|
|
```
|
|
[connection-mac-randomization]
|
|
ethernet.cloned-mac-address=random
|
|
wifi.cloned-mac-address=random
|
|
```
|
|
|
|
### IPv6 privacy
|
|
|
|
Although ipv6 will be turned off in the [security section](https://docs.bijl.us/alpine-desktop-setup/post-install/security/#cmdline) you can still turn it on by editing `/etc/NetworkManager/conf.d/ipv6-privacy.conf`:
|
|
|
|
```
|
|
[connection]
|
|
ipv6.ip6-privacy=2
|
|
```
|