1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
<?xml version="1.0" encoding="utf-8"?>
<chapter label="5" id="networking">
<title>Networking</title>
<highlights><para>In this chapter, we will discuss how to configure your Adélie Linux system for networking. Wired, wireless, and VPN connections using both static and dynamic IP addressing will be covered. In addition, advanced topics including interface bondage and KVM configuration will also be discussed.</para></highlights>
<section>
<title>Introduction</title>
<para>The Adélie Linux system uses <firstterm><package>netifrc</package></firstterm> as its network configuration and management system. The netifrc system uses a declarative configuration syntax in a single file, <filename>/etc/conf.d/net</filename>, for ease of administration. All main system network configuration is declared in this file. Some additional configuration may be required for wireless or VPN connections; notably, wireless connections require WPA Supplicant to be configured using either <package>wpa_gui</package> (on computers that use X11), or in the <filename>/etc/wpa_supplicant/wpa_supplicant.conf</filename> file.</para>
<para>The default configuration for the Adélie Linux system uses the traditional Linux interface names (such as "eth0", "eth1", and "wlan0"). If you prefer the new "predictable" interface names (such as "enP2p36s15f0" or "wlp9s0"), refer to <xref linkend="crappy_udev_ifs" />.</para>
<section>
<title>A netfirc primer</title>
<para>The netifrc configuration file consists of INI-style configuration variables. For example, <literal>config_eth0="dhcp"</literal> sets the variable <varname>config_eth0</varname> to the value <literal>dhcp</literal>. By default, all interfaces on the system that are enabled will attempt to retrieve a DHCP address. Retrieving a DHCP address requires the <package>dhcpcd</package> package to be installed.</para>
<para>To enable a network interface, you must create a symbolic link to <filename>/etc/init.d/net.lo</filename> in <filename class="directory">/etc/init.d</filename> named <filename>net.<replaceable>IFACE</replaceable></filename> where <replaceable>IFACE</replaceable> is the name of the interface. For example, for the interface named <literal>eth0</literal>, you would run <command>ln -s /etc/init.d/net.lo /etc/init.d/net.eth0</command>. Next, you need to add the service to the default runlevel. As noted in <xref linkend="enable_disable_rc" />, you would run <command>rc-update add net.<userinput>IFACE</userinput> default</command> to enable the net.<replaceable>IFACE</replaceable> service. You may then <link linkend="start_stop_rc">start the service</link>, assuming the interface has been configured properly in <filename>/etc/conf.d/net</filename>.</para>
<para>To disable a network interface, you must first <link linkend="start_stop_rc">stop it</link>, if it is running. Next, <link linkend="enable_disable_rc">remove it from the default runlevel</link> (<command>rc-update del net.<userinput>IFACE</userinput> default</command>). Finally, remove the symbolic link in <filename class="directory">/etc/init.d</filename>.</para>
</section>
<section>
<title>Identifying adaptors</title>
<para>Before we begin configuring the network, we will list the network adaptors available on your computer. This will ensure that the adaptor or adaptors were detected successfully by the kernel. To do this, ensure the <package>iproute2</package> package is installed, and run the command <command>ip link</command> as root.</para>
</section>
</section>
<section>
<title>Wired connections</title>
<para>For the purposes of this handbook, a <firstterm>wired connection</firstterm> is a connection to a network that utilises Ethernet. While the Adélie Linux system supports ATM, CAN bus, IEEE 1394, and Token Ring networking, these connection types are exceedingly rare and out of the scope of this handbook.</para>
<section id="how2dhcp">
<title>Dynamic addressing</title>
<para>To explicitly configure an interface to use dynamic addressing via DHCP, set <varname>config_<replaceable>IFACE</replaceable></varname>=<literal>"dhcp"</literal>, where <replaceable>IFACE</replaceable> is the interface you wish to use dynamic addressing. For more information on customising dynamic addressing, refer to <xref linkend="dhcphax" />.</para>
</section>
<section id="how2static">
<title>Static addressing</title>
<para></para>
<section id="how2dns">
<title>Configuring DNS resolution</title>
<para>When you use static addressing, you additionally need to configure DNS resolution. To do this, you must add one or more <firstterm>nameserver</firstterm>s (DNS resolution systems) in <filename>/etc/resolv.conf</filename>. (Note that there is no 'e' at the end of <filename>resolv.conf</filename>.) Adding more than one server will allow your system to have a fallback if one nameserver is down or not responding.</para>
<para>There are a few nameservers on the Internet that respect user privacy, including <ulink url="https://labs.ripe.net/Members/stephane_bortzmeyer/quad9-a-public-dns-resolver-with-security">Quad9</ulink> and <ulink url="https://dns.watch/">DNS.WATCH</ulink>. In this example, we will configure our system to use Quad9 over IPv6, with Quad9 and DNS.WATCH over IPv4 as fallbacks:</para>
<example>
<title><filename>/etc/resolv.conf</filename> file using Quad9 and DNS.WATCH</title>
<programlisting>
nameserver 2620:fe::fe
nameserver 9.9.9.9
nameserver 84.200.69.80
</programlisting>
</example>
</section>
</section>
</section>
<section>
<title>Wireless connections</title>
<para></para>
<section>
<title>WPA-based authentication</title>
<para></para>
</section>
<section>
<title>RADIUS (certificate-based) authentication</title>
<para></para>
</section>
<section>
<title>Configuring for multiple access points</title>
<para></para>
</section>
</section>
<section>
<title>VPN connections</title>
<para></para>
<section>
<title>OpenVPN</title>
<para></para>
</section>
<section>
<title>StrongSwan</title>
<para></para>
</section>
</section>
<section>
<title>Virtual machine networking</title>
<para></para>
<section>
<title>Networking guests with each other only</title>
<para></para>
</section>
<section>
<title>Sharing a host network with guests</title>
<para>The Adélie Linux system can be configured to provide bridged networking to a QEMU virtual machine or KVM guest using TAP networking. You will need the <package>iproute2</package> package installed.</para>
<para>First, we will need to add a <firstterm>bridge</firstterm> to netifrc. A bridge allows multiple network adaptors to combine multiple network segments into a single aggregate. For our purposes, we will be combining the physical network adaptor on the host with the virtual network adaptors on each guest. The bridge will have your physical network adaptor as its first member. This way, no network reconfiguration will be required when you start or stop virtual machines. You will need to move the configuration for your physical network adaptor to the bridge, so that all members of the bridge may share that connection. In the following example, the interface <literal>eth0</literal> is the physical adaptor and the bridge is set to use a static IPv6 address, which will then be used by the physical adaptor as well.</para>
<example>
<title>Configuring <filename>/etc/conf.d/net</filename> to use bridged networking</title>
<programlisting>
config_eth0="null"
bridge_br0="eth0"
config_br0="2001:db8::2/32"
routes_br0="default via 2001:db8::1"
</programlisting>
</example>
<para>Note that the physical adaptor must still be specified with a <literal>"null"</literal> configuration. This ensures that the link will still be activated and network traffic will still flow. If you are using DHCP, you may simply use <code>config_br0="dhcp"</code>.</para>
<para>You will then need to replace your <literal>net.<replaceable>IFACE</replaceable></literal> file with a <literal>net.br0</literal> file in <filename class="directory">/etc/init.d</filename>. For example:</para>
<example>
<title>Replacing a physical adaptor with bridged adaptor in OpenRC</title>
<screen>
computer ~ # rc-update del net.eth0
computer ~ # service net.eth0 stop
computer ~ # mv /etc/init.d/net.eth0 /etc/init.d/net.br0
computer ~ # rc-update add net.br0 default
computer ~ # service net.br0 start
</screen>
</example>
<warning><title>Warning</title><para>You will momentarily lose network connectivity after stopping net.<replaceable>IFACE</replaceable>. Do not perform these steps while connected to the machine over the network.</para></warning>
<para>Now we need to create scripts for QEMU (or KVM) to use. The <filename>/etc/qemu-ifup</filename> script should be created as follows:</para>
<programlisting language="shell">
#!/bin/sh
ip tuntap add mode tap name $1
ip link set dev $1 master br0
ifconfig $1 up
</programlisting>
<para>The <filename>/etc/qemu-ifdown</filename> script should be created as follows:</para>
<programlisting language="shell">
#!/bin/sh
ifconfig $1 down
ip tuntap del name $1
</programlisting>
<para>You may now start your QEMU or KVM virtual machines with network access by adding <literal>-net tap</literal> to the command line. Note that if you have more than one guest that needs network access, you will need to set a custom MAC address for each NIC. Otherwise there will be MAC collisions and networking may not work correctly. For example:</para>
<informalexample><para><code>qemu-system-ppc64 -accel kvm -m 768 -drive file=/dev/gwyn/testvm,format=raw -net nic,model=virtio,macaddr=02:00:00:00:00:01 -net tap -machine pseries-2.12</code></para></informalexample>
<para>This will start a machine with network access and a MAC address of <literal>02:00:00:00:00:01</literal>.</para>
</section>
</section>
<section>
<title>Advanced topics</title>
<para></para>
<section id="crappy_udev_ifs">
<title>Advanced: Using "predictable" network interface names</title>
<para></para>
</section>
<section>
<title>Advanced: Multiple interfaces</title>
<para></para>
<para>Note that by default, all interfaces must be active before the rest of the system will consider the network to be active. This will cause network services to delay start-up until all interfaces are active. If this is not desired, you may set <varname>rc_depend_strict</varname> to <literal>NO</literal> in <filename>/etc/rc.conf</filename>.</para>
</section>
<section>
<title>Advanced: Interface bondage</title>
<para></para>
</section>
<section>
<title>Advanced: 802.1X authentication</title>
<para></para>
</section>
<section id="dhcphax">
<title>Advanced: Customising dynamic addressing</title>
<para>You may use the <varname>dhcp_<replaceable>IFACE</replaceable></varname> variable to control how DHCP is used. Valid options include:</para>
<table>
<title><varname>dhcp_<replaceable>IFACE</replaceable></varname> options</title>
<tgroup cols="2" align="left" colsep="1" rowsep="1">
<thead>
<row>
<entry>Option</entry>
<entry>Meaning</entry>
</row>
</thead>
<tbody>
<row>
<entry><code>nodns</code></entry>
<entry>Setting this option will cause the <filename>/etc/resolv.conf</filename> to remain unmodified. This allows for static DNS and nameserver configuration even with dynamic addressing.</entry>
</row>
<row>
<entry><code>nontp</code></entry>
<entry>Setting this option will cause the <filename>/etc/ntp.conf</filename> to remain unmodified, even if the DHCP server sends NTP configuration information.</entry>
</row>
</tbody>
</tgroup>
</table>
</section>
</section>
</chapter>
|
