documentation/docs/alpine-desktop-setup/post-install/network.md

71 lines
1.6 KiB
Markdown

# Network
## Wi-Fi
Although `dhcp` will already work out of the box, Wi-Fi will not. Luckily there exists `wpa_supplicant`, enable it in `/etc/NetworkManager/NetworkManager.conf`:
```
[main]
dhcp=internal
plugins=ifupdown,keyfile
[ifupdown]
managed=true
[device]
wifi.scan-rand-mac-address=yes
wifi.backend=wpa_supplicant
```
Now restart the service, and you should be able to connect with Wi-Fi.
```
# rc-service networkmanager restart
```
There are different frontends to configure connections but for now install `networkmanager-tui`:
```
# apk add networkmanager-tui
# nmtui
```
It should be self-explanatory how to use it.
To make it possible for users to edit connections create the config file `/etc/NetworkManager/conf.d/no-polkit.conf` with:
```
[main]
auth-polkit=false
```
## VPN
NetworkManager can already use WireGuard but to use other VPNs it might be necessary to install their corresponding plugin. For OpenVPN that would be:
```
# apk add networkmanager-openvpn
```
## Security considerations
NetworkManager defaults are fine for normal usage but in terms of security they are definitely lacking.
### MAC Randomization
Create a config file `/etc/NetworkManager/conf.d/mac-rand.conf` to randomize the mac address every time your computer connects:
```
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
```
### IPv6 privacy
Although ipv6 will be turned off in the [security section](https://docs.bijl.us/alpine-desktop-setup/post-install/security/#cmdline) you can still turn it on by editing `/etc/NetworkManager/conf.d/ipv6-privacy.conf`:
```
[connection]
ipv6.ip6-privacy=2
```