documentation/docs/alpine-desktop-setup/post-install/network.md

# Network

## Wifi

Being able to connect to the internet is essential so lets set it up. Although `dhcp` will already work out of the box, wifi will not. Luckily there exist `wpa_supplicant`. First install the necessary packages:

```
# apk add networkmanager-wifi wpa_supplicant
```

Then configure `/etc/NetworkManager/NetworkManager.conf` to use `wpa_supplicant`:

```
[main] 
dhcp=internal
plugins=ifupdown,keyfile

[ifupdown]
managed=true

[device]
wifi.scan-rand-mac-address=yes
wifi.backend=wpa_supplicant
```

Now restart the service and you should be able to connect to the Wifi.

```
# rc-service networkmanager restart
```

There are different frontends to configure connections but for now lets install `networkmanager-tui`:

```
# apk add networkmanager-tui
# nmtui
```

It should be pretty self-explanatory on how to use it.

To make it possible for users to edit connections create the config file `/etc/NetworkManager/conf.d/no-polkit.conf` with:

```
[main]
auth-polkit=false
```

## VPN's

NetworkManager can already use WireGuard but to use other VPN types it might be necessary to install their corresponding plugin. For OpenVPN that would be:

```
# apk add networkmanager-openvpn
```

## Security

NetworkManager's defaults are fine for normal usage but in terms of security they are definitly lacking.

### MAC Randomization

Create a config file `/etc/NetworkManager/conf.d/mac-rand.conf` to randomize te mac address for every time your computer connects:

```
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
```

### IPv6 privacy

Although ipv6 will be turned off in the [security section](https://docs.bijl.us/alpine-desktop-setup/post-install/security/#cmdline) you can still turn this on just in case byediting `/etc/NetworkManager/conf.d/ip6-privacy.conf`:

```
[connection]
ipv6.ip6-privacy=2
```