Re: can't connect to server from outside LAN

[Jeffrey Walton]

On Wed, Jun 12, 2024 at 10:33 PM Greg Marks  wrote:
>
> I'm running a Debian server from my home with a static IP address,
> with ssh configured to use key-based authentication rather than
> password-based.  As of a couple weeks ago, I have been unable to ssh to
> my server from external locations.  When I ssh from a laptop connected
> to the wireless network on the same router as my home server, I do
> successfully connect to the server.  But when I ssh from an external
> location, I get this error:
>
>[...]
> The problem began a couple weeks ago; previously (and for many years)
> I had been able to ssh to my server without issue.  The first time it
> failed, I was using free wireless at an airport; I was able to ssh to my
> server from the hotel that morning, and maybe, the first time I tried,
> from the airport, but then subsequent ssh attempts from the airport
> failed to connect.  I mention this only because nothing had changed in
> my server's configuration when this problem began.
>
> This is a real problem for me, as a lot of my work involves sending
> files via scp between work and home.  Any suggestions about how to
> troubleshoot and hopefully fix the problem will be greatly appreciated.

In the past, I experienced similar breakages. In my case, my ISP
(Verizon) provided router updates that blew away my router config. So
I lost port forwarding to my internal servers.

I personally don't make port 22 available at the router. Instead, I
use port 1522 (first server), port 1523 (second server), etc. Then
port 1522 is forwarded to the first server on port 22, port 1523 is
forwarded to the second server on port 22, etc.

Jeff

Re: can't connect to server from outside LAN

[Tim Woodall]

On Wed, 12 Jun 2024, Greg Marks wrote:


I'm running a Debian server from my home with a static IP address,
with ssh configured to use key-based authentication rather than
password-based.  As of a couple weeks ago, I have been unable to ssh to
my server from external locations.  When I ssh from a laptop connected
to the wireless network on the same router as my home server, I do
successfully connect to the server.  But when I ssh from an external
location, I get this error:




The problem began a couple weeks ago; previously (and for many years)
I had been able to ssh to my server without issue.  The first time it
failed, I was using free wireless at an airport; I was able to ssh to my
server from the hotel that morning, and maybe, the first time I tried,
from the airport, but then subsequent ssh attempts from the airport
failed to connect.  I mention this only because nothing had changed in
my server's configuration when this problem began.

This is a real problem for me, as a lot of my work involves sending
files via scp between work and home.  Any suggestions about how to
troubleshoot and hopefully fix the problem will be greatly appreciated.



Run tcptraceroute to ports 22 and 80 to see ehere it's being blocked.

(or 443)

Depending on where it's blocked and why, possibly run sshd on a
different port. (or fix the firewall if it's controlled by you)

You can also run openvpn on 443 without breaking the webserver, which is
another workaround.

Re: can't connect to server from outside LAN

[David Christensen]

On 6/12/24 15:54, Greg Marks wrote:

I'm running a Debian server from my home with a static IP address,
with ssh configured to use key-based authentication rather than
password-based.  As of a couple weeks ago, I have been unable to ssh to
my server from external locations.  When I ssh from a laptop connected
to the wireless network on the same router as my home server, I do
successfully connect to the server.  But when I ssh from an external
location, I get this error:

OpenSSH_8.4p1 Debian-5+deb11u3, OpenSSL 1.1.1w  11 Sep 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf 
matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname xxx.xxx.xxx.xxx is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> 
'/home/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> 
'/home/user/.ssh/known_hosts2'
debug2: ssh_connect_direct
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
kex_exchange_identification: read: Connection timed out
banner exchange: Connection to xxx.xxx.xxx.xxx port 22: Connection timed out

When I ping the server from external locations, I get 100% packet loss;
whereas when I ping the server from my local wireless network, there
is 0% packet loss.  (I do have nftables set to drop connections from
numerous IP addresses that have attempted hacks in the past; however,
the problem persists after flushing nftables, and at any rate, using
check-host.net and www.site24x7.com to ping my server from various
worldwide locations also results in 100% packet loss.)  Port 22 is open.
The package ufw is not installed on my server.

The apache2 Web server running on my home server is correctly hosting
my Web pages: from external locations, my Web page gmarks.org will
open in a Web browser (even though "ping -c 10 gmarks.org" shows 100%
packet loss).  Running "traceroute xxx.xxx.xxx.xxx" from external
locations reported four successful steps, not reaching my server IP,
followed by a series of "* * *" lines.

Running "sudo service sshd status" on my server shows ssh.service
is active and running.  Running "ip address show" on my server shows
nothing unusual.  I've restarted my router, and I've restarted my server;
neither helped.

The problem began a couple weeks ago; previously (and for many years)
I had been able to ssh to my server without issue.  The first time it
failed, I was using free wireless at an airport; I was able to ssh to my
server from the hotel that morning, and maybe, the first time I tried,
from the airport, but then subsequent ssh attempts from the airport
failed to connect.  I mention this only because nothing had changed in
my server's configuration when this problem began.

This is a real problem for me, as a lot of my work involves sending
files via scp between work and home.  Any suggestions about how to
troubleshoot and hopefully fix the problem will be greatly appreciated.

Best regards,
Greg Marks



Ping:

2024-06-12 16:19:25 dpchrist@laalaa ~
$ ping -c 1 -v gmarks.org
PING gmarks.org (76.235.90.201) 56(84) bytes of data.

--- gmarks.org ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms


HTTPS works:

https://gmarks.org/

Greg Marks
Office: 313 Ritter Hall
Phone: (314)977-7206
E-mail address:  local-part consists of surname, domain name identical 
to that of the present Web page

PGP encryption public key ID: 0x53F269E8

Postal Address:
Department of Mathematics and Statistics
St. Louis University
221 N. Grand Blvd.
St. Louis, MO 63103-2006
U.S.A.

Resources for students

Resources for mathematicians

Research papers


It appears that someone who controls one or more of the routers between 
the Internet and your router has blocked ICMP echo requests, ICMP ech

can't connect to server from outside LAN

[Greg Marks]

I'm running a Debian server from my home with a static IP address,
with ssh configured to use key-based authentication rather than
password-based.  As of a couple weeks ago, I have been unable to ssh to
my server from external locations.  When I ssh from a laptop connected
to the wireless network on the same router as my home server, I do
successfully connect to the server.  But when I ssh from an external
location, I get this error:

   OpenSSH_8.4p1 Debian-5+deb11u3, OpenSSL 1.1.1w  11 Sep 2023
   debug1: Reading configuration data /etc/ssh/ssh_config
   debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf 
matched no files
   debug1: /etc/ssh/ssh_config line 21: Applying options for *
   debug2: resolve_canonicalize: hostname xxx.xxx.xxx.xxx is address
   debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> 
'/home/user/.ssh/known_hosts'
   debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> 
'/home/user/.ssh/known_hosts2'
   debug2: ssh_connect_direct
   debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
   debug1: Connection established.
   debug1: identity file /home/user/.ssh/id_rsa type -1
   debug1: identity file /home/user/.ssh/id_rsa-cert type -1
   debug1: identity file /home/user/.ssh/id_dsa type -1
   debug1: identity file /home/user/.ssh/id_dsa-cert type -1
   debug1: identity file /home/user/.ssh/id_ecdsa type -1
   debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
   debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
   debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
   debug1: identity file /home/user/.ssh/id_ed25519 type -1
   debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
   debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
   debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
   debug1: identity file /home/user/.ssh/id_xmss type -1
   debug1: identity file /home/user/.ssh/id_xmss-cert type -1
   debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
   kex_exchange_identification: read: Connection timed out
   banner exchange: Connection to xxx.xxx.xxx.xxx port 22: Connection timed out

When I ping the server from external locations, I get 100% packet loss;
whereas when I ping the server from my local wireless network, there
is 0% packet loss.  (I do have nftables set to drop connections from
numerous IP addresses that have attempted hacks in the past; however,
the problem persists after flushing nftables, and at any rate, using
check-host.net and www.site24x7.com to ping my server from various
worldwide locations also results in 100% packet loss.)  Port 22 is open.
The package ufw is not installed on my server.

The apache2 Web server running on my home server is correctly hosting
my Web pages: from external locations, my Web page gmarks.org will
open in a Web browser (even though "ping -c 10 gmarks.org" shows 100%
packet loss).  Running "traceroute xxx.xxx.xxx.xxx" from external
locations reported four successful steps, not reaching my server IP,
followed by a series of "* * *" lines.

Running "sudo service sshd status" on my server shows ssh.service
is active and running.  Running "ip address show" on my server shows
nothing unusual.  I've restarted my router, and I've restarted my server;
neither helped.

The problem began a couple weeks ago; previously (and for many years)
I had been able to ssh to my server without issue.  The first time it
failed, I was using free wireless at an airport; I was able to ssh to my
server from the hotel that morning, and maybe, the first time I tried,
from the airport, but then subsequent ssh attempts from the airport
failed to connect.  I mention this only because nothing had changed in
my server's configuration when this problem began.

This is a real problem for me, as a lot of my work involves sending
files via scp between work and home.  Any suggestions about how to
troubleshoot and hopefully fix the problem will be greatly appreciated.

Best regards,
Greg Marks


signature.asc
Description: PGP signature

Re: Erreurs tracker-extract: Could not connect to filesystem miner endpoint: Le délai d’attente est dépassé

[Charles Plessy]

> Le 15/05/2024 à 11:03, Charles Plessy a écrit :
> > 
> > j'ai des tonnes de ceci dans mes logs système:
> > 
> >  mai 15 17:51:18 bubu tracker-extract[1711]: Could not connect to 
> > filesystem miner endpoint: Le délai d’attente est dépassé
> > 
Le Wed, May 15, 2024 at 11:12:12AM +0200, NoSpam a écrit :
> 
> il s'agit d'un programme d'indexation de fichiers sous gnome. Sous Ubuntu il
> s'agit du paquet tracker-miner-fs

Merci, j'ai essayé `tracker3 reset -s -r` et ça a l'air de l'avoir calmé
pour le moment.

Bonne soirée,

Charles

Re: Erreurs tracker-extract: Could not connect to filesystem miner endpoint: Le délai d’attente est dépassé

[NoSpam]

Bonjour

il s'agit d'un programme d'indexation de fichiers sous gnome. Sous 
Ubuntu il s'agit du paquet tracker-miner-fs


Le 15/05/2024 à 11:03, Charles Plessy a écrit :

Bonjour à tous,

j'ai des tonnes de ceci dans mes logs système:

 mai 15 17:51:18 bubu tracker-extract[1711]: Could not connect to 
filesystem miner endpoint: Le délai d’attente est dépassé

Il y a aussy d'autres messages du type:

 mai 15 17:58:49 bubu tracker-miner-f[4486]: Error opening readwrite 
database: database disk image is malformed

Un systemctl status avec ou sans sudo ne montre pas de services avec
tracker dans le nom.  Je vois cependant les fichiers suivants:

 /lib/systemd/user/tracker-miner-fs-3.service
 /lib/systemd/user/tracker-extract-3.service
 /lib/systemd/user/tracker-miner-fs-control-3.service
 /lib/systemd/user/tracker-xdg-portal-3.service
 /lib/systemd/user/tracker-writeback-3.service

Mais toute tentative d'arrêter, redémarrer, etc., ces services se
soldent par des erreurs du genre:

 Failed to restart tracker-miner-fs-3.service: Unit 
tracker-miner-fs-3.service not found.

Je voudrais vraiment enlever ces messages de mes logs, car j'ai un
problème plus important à cerner, et ces messages me brouillent la vue…

Une suggestion?

Librement,

Charles

Erreurs tracker-extract: Could not connect to filesystem miner endpoint: Le délai d’attente est dépassé

[Charles Plessy]

Bonjour à tous,

j'ai des tonnes de ceci dans mes logs système:

mai 15 17:51:18 bubu tracker-extract[1711]: Could not connect to filesystem 
miner endpoint: Le délai d’attente est dépassé

Il y a aussy d'autres messages du type:

mai 15 17:58:49 bubu tracker-miner-f[4486]: Error opening readwrite 
database: database disk image is malformed

Un systemctl status avec ou sans sudo ne montre pas de services avec
tracker dans le nom.  Je vois cependant les fichiers suivants:

/lib/systemd/user/tracker-miner-fs-3.service
/lib/systemd/user/tracker-extract-3.service
/lib/systemd/user/tracker-miner-fs-control-3.service
/lib/systemd/user/tracker-xdg-portal-3.service
/lib/systemd/user/tracker-writeback-3.service

Mais toute tentative d'arrêter, redémarrer, etc., ces services se
soldent par des erreurs du genre:

Failed to restart tracker-miner-fs-3.service: Unit 
tracker-miner-fs-3.service not found.

Je voudrais vraiment enlever ces messages de mes logs, car j'ai un
problème plus important à cerner, et ces messages me brouillent la vue…

Une suggestion?

Librement,

Charles

-- 
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med
Tooting from work,   https://fediscience.org/@charles_plessy
Tooting from home, https://framapiaf.org/@charles_plessy

rTorrent: unable to connect to UDP tracker

[Franco Martelli]

Hi everybody,

I'm trying to download some live DVD images using rTorrent,

$ apt show rtorrent

all works fine with Debian's images, I've successfully downloaded:

- debian-12.5.0-amd64-DVD-1.iso
- debian-live-12.5.0-amd64-kde.iso

using their torrent files respectively. I've trouble with KDE NEON 
website ¹  the .torrent downloaded at this URL ²  fails with this error 
message:


"Tracker: [unable to connect to UDP tracker]"

Does it depend on me?

Thanks in advance, kind regards.

¹ https://neon.kde.org/download
² 
https://files.kde.org/neon/images/user/20240304-2101/neon-user-20240304-2101.iso.torrent

--
Franco Martelli

Re: Wifi - unable to connect. [solved]

[Kamil Jońca]

Jeffrey Walton  writes:

> On Mon, Mar 4, 2024 at 4:58 PM Greg  wrote:
>>
>> On 2/26/24 18:52, Kamil Jońca wrote:
>> [...]
>> >
>> > What if:
>> > network = {
>> >   ssid="ssid"
>> >   key_mgmt=WPA-EAP
>> >   eap=PEAP
>> >   identity="uid"
>> >   phase2="auth=MSCHAPV2"
>> >   mesh_fwding=1
>> >   password="pas"
>> >   }
>
> The MSCHAPv2 is like a dagger in my eye. Are you required to use it?
>
> 
>
> Jeff

This not question to OP, but rather to his admin :).

KJ

Re: Wifi - unable to connect. [solved]

[Jeffrey Walton]

On Mon, Mar 4, 2024 at 4:58 PM Greg  wrote:
>
> On 2/26/24 18:52, Kamil Jońca wrote:
> [...]
> >
> > What if:
> > network = {
> >   ssid="ssid"
> >   key_mgmt=WPA-EAP
> >   eap=PEAP
> >   identity="uid"
> >   phase2="auth=MSCHAPV2"
> >   mesh_fwding=1
> >   password="pas"
> >   }

The MSCHAPv2 is like a dagger in my eye. Are you required to use it?



Jeff

Re: Wifi - unable to connect. [solved]

[Greg]

On 2/26/24 18:52, Kamil Jońca wrote:
[...]


What if:
network = {
  ssid="ssid"
  key_mgmt=WPA-EAP
  eap=PEAP
  identity="uid"
  phase2="auth=MSCHAPV2"
  mesh_fwding=1
  password="pas"
  }


Bingo! Dzięki wielkie, ułatwiłeś mi życie.

Regards
Greg

Re: Wifi - unable to connect.

[Kamil Jońca]

Grzesiek Sójka  writes:


[...]
> According to the instruction the settings should be:
> WPA2 Enterprise,
> PEAP,
> MSCHAPv2,
> no certificate.
>
> And my wpa config is:
> network={
> ssid="ssid"
> proto=RSN
> key_mgmt=WPA-EAP
> pairwise=CCMP
> auth_alg=OPEN
> eap=MSCHAPV2
> identity="uid"
> password="pas"
> mesh_fwding=1
> }
>
> Any suggestions?

What if:
network = {
 ssid="ssid"
 key_mgmt=WPA-EAP
 eap=PEAP
 identity="uid"
 phase2="auth=MSCHAPV2"
 mesh_fwding=1
 password="pas"
 }


KJ

Re: Wifi - unable to connect.

[Jeffrey Walton]

On Mon, Feb 26, 2024 at 12:03 PM Grzesiek Sójka  wrote:
>
> Hi there,
>
> I'm trying to connect to wifi at work, unfortunately I get the following:
>
> wlan0: SME: Trying to authenticate with 24:81:3b:2a:0f:e1 (SSID='ssid'
> freq=2412 MHz)
> wlan0: Trying to associate with 24:81:3b:2a:0f:e1 (SSID='ssid' freq=2412
> MHz)
> wlan0: Associated with 24:81:3b:2a:0f:e1
> wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
> wlan0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=PL
> wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
> wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=26
> wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 26 (MSCHAPV2) selected
> EAP-MSCHAPV2: Authentication succeeded
> wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
> wlan0: PMKSA-CACHE-ADDED 24:81:3b:2a:0f:e1 1
> wlan0: RSN: PMKID mismatch - authentication server may have derived
> different MSK?!
> wlan0: CTRL-EVENT-DISCONNECTED bssid=24:81:3b:2a:0f:e1 reason=1
> locally_generated=1
> BSSID 24:81:3b:2a:0f:e1 ignore list count incremented to 2, ignoring for
> 10 seconds
> wlan0: CTRL-EVENT-DSCP-POLICY clear_all
>
> According to the instruction the settings should be:
> WPA2 Enterprise,
> PEAP,
> MSCHAPv2,
> no certificate.
>
> And my wpa config is:
> network={
>  ssid="ssid"
>  proto=RSN
>  key_mgmt=WPA-EAP
>  pairwise=CCMP
>  auth_alg=OPEN
>  eap=MSCHAPV2
>  identity="uid"
>  password="pas"
>  mesh_fwding=1
> }
>
> Any suggestions?

Not my area of expertise, but...

EAP success tells me you are authenticated using the shared secret or password.

WPA2 Enterprise and MSCHAPv2 look suspicious. I would use WPA2
Personal without MSCHAP and see if it produces a better result.

Jeff

Wifi - unable to connect.

[Grzesiek Sójka]

Hi there,

I'm trying to connect to wifi at work, unfortunately I get the following:

wlan0: SME: Trying to authenticate with 24:81:3b:2a:0f:e1 (SSID='ssid' 
freq=2412 MHz)
wlan0: Trying to associate with 24:81:3b:2a:0f:e1 (SSID='ssid' freq=2412 
MHz)

wlan0: Associated with 24:81:3b:2a:0f:e1
wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlan0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=PL
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=26
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 26 (MSCHAPV2) selected
EAP-MSCHAPV2: Authentication succeeded
wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
wlan0: PMKSA-CACHE-ADDED 24:81:3b:2a:0f:e1 1
wlan0: RSN: PMKID mismatch - authentication server may have derived 
different MSK?!
wlan0: CTRL-EVENT-DISCONNECTED bssid=24:81:3b:2a:0f:e1 reason=1 
locally_generated=1
BSSID 24:81:3b:2a:0f:e1 ignore list count incremented to 2, ignoring for 
10 seconds

wlan0: CTRL-EVENT-DSCP-POLICY clear_all

According to the instruction the settings should be:
WPA2 Enterprise,
PEAP,
MSCHAPv2,
no certificate.

And my wpa config is:
network={
ssid="ssid"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP
auth_alg=OPEN
eap=MSCHAPV2
identity="uid"
password="pas"
mesh_fwding=1
}

Any suggestions?

--
Regards
Greg

Re: connect two hosts over wifi without router?

[Tim Woodall]

On Mon, 27 Nov 2023, Hans wrote:


Hi folks,

just before I am trying forever:

Is it possible, to connect two hosts directly over wlan without using a
router?



Yes. It's called adhoc networking. No AP, no router, just two wifi cards
acting as a ptp link.

But I doubt you can do it other than by low level commands.

I have done it in the past when trying to connect two points via a very
marginal link but I don't recall details. At some point I'll boot up my
eeepc and see if I still have scripts around - if nobody else sorts your
problem.

Re: connect two hosts over wifi without router?

[Jeffrey Walton]

On Mon, Nov 27, 2023 at 2:11 PM Hans  wrote:
>
> Hi folks,
>
> just before I am trying forever:
>
> Is it possible, to connect two hosts directly over wlan without using a
> router?
>
> The background: I want to stream video from my drone using RTMP to my
> notebook.
>
> This is already possible, when i am using a router. But in the fields, I got 
> no
> router available (I have a portable router, yes, but I want to mimize and ease
> as possible).
>
> The goal of my project I am working of, shall be a bootable live-usb or live-
> cd, which is preconfigured with the network address, a listening nginx for
> RTMP, automatically started X with automatically started VLC.
>
> The user just has to start his drone software (or whatever) on a tablet or
> mobile, input an IP in the streaming software and is ready.
>
> Everything shall be done without any router (because of avoiding as much
> latencies as possible).
>
> At the moment I am stuck with the directly connection.
>
> If someone has running this already, I would be happy for any configurations,
> or also with the help of some priciples.
>
> With an ethernet cable, this is easy (using a crossover ethernet cable), but
> how do this with wireless? Is this technically possible at all???

I think you want an ad-hoc wifi network. It is a peer to peer network
using Independent Basic Service Set (IBSS). See
<https://wiki.archlinux.org/title/ad-hoc_networking> and more
generally <https://www.google.com/search?q=linux+wifi+create+adhoc+network>.

Jeff

Re: connect two hosts over wifi without router?

[Anssi Saari]

Hans  writes:

> Hi folks,
>
> hmm, looks like the only way is using a hotspot, either one as a vitual one 
> using hostapd (or some similar software). 

I don't know much about drones but even a cursory look seemed to
indicate some drones can act as wifi hotspots themselves? And newer
drones support Wifi Direct but that doesn't help you since Wifi Direct
isn't usually supported on PCs. It's common on mobile devices running
Android or iOS.

Re: connect two hosts over wifi without router?

[hw]

On Mon, 2023-11-27 at 17:48 +0100, Hans wrote:
> Hi folks,
> 
> hmm, looks like the only way is using a hotspot, either one as a vitual one 
> using hostapd (or some similar software). 
> 
> But this is just what I wanted to avoid, as every software between
> streaming device and receiving device will cause delays (which I
> also get when using a router

To minimize delays, you could use a recording device on the drone
(Don't they record by default?); or put a dashcam or something similar
on it that can record.

Are there are any recording devices that don't use software and do
everything in hardware instead?  They did that in the past, i. e. you
might have to use film for that.

What does it matter when it takes a few milliseconds before the data
reaches the recording device?  It's just a recrding.  As long as you
are under 10ms, you can have phone conversations without the delays
getting to long.  Is there someone in the air somewhere you need to
talk to through a drone?

You could use (thin) wires instead.  Wires make for better connections
than radio waves alone do, and you can have it as real-time as it
gets, and even analog.

> i.e. some Fritz!Box

Those are the worst junk you can get; avoid them.  Letting all their
other problems aside, they're designed solely to save energy, not for
any kind of performance.


> or similar).
>
> So at the moment it looks like there is no "wireless-crossover-connection". I 
> also never heard of it, that it is possible at all. 
> 
> Well, still keep searching. At the moment I am falling back to the combination
> 
> Host 1 > AP -> Host 2
> 
> Thanks for all the help. See it as solved, but I will let this question some 
> time open, and then mark it as [SOLVED] in a few days.
> 
> Best regards
> 
> 
> Hans 
> 
> 
> 
> 

Re: connect two hosts over wifi without router?

[Hans]

Hi folks,

hmm, looks like the only way is using a hotspot, either one as a vitual one 
using hostapd (or some similar software). 

But this is just what I wanted to avoid, as every software between streaming 
device and receiving device will cause delays (which I also get when using a 
router i.e. some Fritz!Box or similar).

So at the moment it looks like there is no "wireless-crossover-connection". I 
also never heard of it, that it is possible at all. 

Well, still keep searching. At the moment I am falling back to the combination

Host 1 > AP -> Host 2

Thanks for all the help. See it as solved, but I will let this question some 
time open, and then mark it as [SOLVED] in a few days.

Best regards


Hans 

Re: connect two hosts over wifi without router?

[Dan Ritter]

Hans wrote: 
> Is it possible, to connect two hosts directly over wlan without using a 
> router?

Sometimes. The capability is called Ad-Hoc mode.

If you have two Linux machines with wifi NICs that support it,
you can do it.

If one of the hosts is a drone, it might not be capable of that.

Instead, some wifi NICs support host mode on the Linux side,
which turns your Linux machine into an access point. That might
be just as good.

The package you want is hostapd.

-dsr-

Re: connect two hosts over wifi without router?

[tomas]

On Mon, Nov 27, 2023 at 03:06:40PM +0100, hw wrote:
> On Mon, 2023-11-27 at 14:54 +0100, Hans wrote:
> > Hi folks,
> > 
> > just before I am trying forever:
> > 
> > Is it possible, to connect two hosts directly over wlan without using a 
> > router?
> 
> You don't need a router for it; you can do it via an access point.

...and as others have said, you might set your laptop up as an access
point, so you possibly don't need extra hardware. Hostapd is the program
to do the magic [0]. As people have said here, you need your WiFi
adapter to play along, not everyone seems willing to.

And then, there is WiFi Ad Hoc, here [1] in the Debian context. No idea
whether this would work with any WiFi hardware.

Cheers

[0] https://packages.debian.org/stable/hostapd
[1] https://wiki.debian.org/WiFi/AdHoc
-- 
t


signature.asc
Description: PGP signature

Re: connect two hosts over wifi without router?

[Joel Roth]

On Mon, Nov 27, 2023 at 02:54:44PM +0100, Hans wrote:
> Hi folks,
> 
> just before I am trying forever:
> 
> Is it possible, to connect two hosts directly over wlan without using a 
> router?
> 
> The background: I want to stream video from my drone using RTMP to my 
> notebook. 
> 
> This is already possible, when i am using a router. But in the fields, I got 
> no 
> router available (I have a portable router, yes, but I want to mimize and 
> ease 
> as possible). 
> 
> The goal of my project I am working of, shall be a bootable live-usb or live-
> cd, which is preconfigured with the network address, a listening nginx for 
> RTMP, automatically started X with automatically started VLC.
> 
> The user just has to start his drone software (or whatever) on a tablet or 
> mobile, input an IP in the streaming software and is ready.
> 
> Everything shall be done without any router (because of avoiding as much 
> latencies as possible).
> 
> At the moment I am stuck with the directly connection.
> 
> If someone has running this already, I would be happy for any configurations, 
> or also with the help of some priciples. 
> 
> With an ethernet cable, this is easy (using a crossover ethernet cable), but 
> how do this with wireless? Is this technically possible at all???
> 
> Thanks for any help.
> 
> Best regards
> 
> Hans 
 
Probably there are a lot more knowledgeable people here than
myself, but a naive search for "wifi adapter client host
mode linux" brings up this page.

https://woshub.com/create-wi-fi-access-point-hotspot-linux/

Most wifi adapters can operate as an access point, which is
indicated by AP and AP/VLAN appearing in the output of `iw list`.

Hope this helps


-- 
Joel Roth

Re: connect two hosts over wifi without router?

[Joe]

On Mon, 27 Nov 2023 14:54:44 +0100
Hans  wrote:

> Hi folks,
> 
> just before I am trying forever:
> 
> Is it possible, to connect two hosts directly over wlan without using
> a router?
> 
> The background: I want to stream video from my drone using RTMP to my 
> notebook. 
> 
> This is already possible, when i am using a router. But in the
> fields, I got no router available (I have a portable router, yes, but
> I want to mimize and ease as possible). 
> 
> The goal of my project I am working of, shall be a bootable live-usb
> or live- cd, which is preconfigured with the network address, a
> listening nginx for RTMP, automatically started X with automatically
> started VLC.
> 
> The user just has to start his drone software (or whatever) on a
> tablet or mobile, input an IP in the streaming software and is ready.
> 
> Everything shall be done without any router (because of avoiding as
> much latencies as possible).
> 
> At the moment I am stuck with the directly connection.
> 
> If someone has running this already, I would be happy for any
> configurations, or also with the help of some priciples. 
> 
> With an ethernet cable, this is easy (using a crossover ethernet
> cable), but how do this with wireless? Is this technically possible
> at all???
> 
>
Have a look at this: (your wifi adaptor must be capable of access point
mode, or you need to buy a dongle that is).

https://owlhowto.com/how-to-create-a-wifi-hotspot-on-debian-12/

Note: I've never done this.

-- 
Joe

Re: connect two hosts over wifi without router?

[hw]

On Mon, 2023-11-27 at 14:54 +0100, Hans wrote:
> Hi folks,
> 
> just before I am trying forever:
> 
> Is it possible, to connect two hosts directly over wlan without using a 
> router?

You don't need a router for it; you can do it via an access point.
Something like a HP MSM430 or something from Aruba should do, and you
can find them for good prices on Ebay.  You'll need something to power
it, like a POE injector or a POE switch connected to a portable power
station or to an inverter connected to a car maybe.

And this is cheap enough to experiment with.


> 
> The background: I want to stream video from my drone using RTMP to my 
> notebook. 
> 
> This is already possible, when i am using a router. But in the fields, I got 
> no 
> router available (I have a portable router, yes, but I want to mimize and 
> ease 
> as possible). 
> 
> The goal of my project I am working of, shall be a bootable live-usb or live-
> cd, which is preconfigured with the network address, a listening nginx for 
> RTMP, automatically started X with automatically started VLC.
> 
> The user just has to start his drone software (or whatever) on a tablet or 
> mobile, input an IP in the streaming software and is ready.
> 
> Everything shall be done without any router (because of avoiding as much 
> latencies as possible).
> 
> At the moment I am stuck with the directly connection.
> 
> If someone has running this already, I would be happy for any configurations, 
> or also with the help of some priciples. 
> 
> With an ethernet cable, this is easy (using a crossover ethernet cable), but 
> how do this with wireless? Is this technically possible at all???
> 
> Thanks for any help.
> 
> Best regards
> 
> Hans 
> 
>  
> 
> 

connect two hosts over wifi without router?

[Hans]

Hi folks,

just before I am trying forever:

Is it possible, to connect two hosts directly over wlan without using a 
router?

The background: I want to stream video from my drone using RTMP to my 
notebook. 

This is already possible, when i am using a router. But in the fields, I got no 
router available (I have a portable router, yes, but I want to mimize and ease 
as possible). 

The goal of my project I am working of, shall be a bootable live-usb or live-
cd, which is preconfigured with the network address, a listening nginx for 
RTMP, automatically started X with automatically started VLC.

The user just has to start his drone software (or whatever) on a tablet or 
mobile, input an IP in the streaming software and is ready.

Everything shall be done without any router (because of avoiding as much 
latencies as possible).

At the moment I am stuck with the directly connection.

If someone has running this already, I would be happy for any configurations, 
or also with the help of some priciples. 

With an ethernet cable, this is easy (using a crossover ethernet cable), but 
how do this with wireless? Is this technically possible at all???

Thanks for any help.

Best regards

Hans 

 

Re: How do I connect my new wifi router (Mi Router 4C)?

[Max Nikulin]

On 08/11/2023 20:39, Martin wrote:

Here is output from phone connected to WiFi setup program:
Default gateway: 192.168.231.3


It seems dnsmasq is able to serve reasonable settings with minimal 
configuration.



 chain postrouting {
 type nat hook postrouting priority srcnat; policy accept;
 ip saddr 192.168.231.0/24 oifname "wlxe8de27a5ab1c" masquerade


You had a rule that was working for you.

I do not see obvious issues with this one besides docker0 instances are 
likely inaccessible from the phone.



10:47:52.614642 enp3s0 In  IP 192.168.231.243.48257 > 192.168.231.3.53: 29809+ 
A? www.google.com. (32)
10:47:52.614851 wlxe8de27a5ab1c Out IP 192.168.0.16.34673 > 81.24.247.14.53: 
10155+ A? www.google.com. (32)
10:47:52.614902 wlxe8de27a5ab1c Out IP 192.168.0.16.34673 > 81.24.247.44.53: 
10155+ A? www.google.com. (32)
10:47:52.791389 wlxe8de27a5ab1c In  IP 81.24.247.14.53 > 192.168.0.16.34673: 
10155 1/0/0 A 142.251.208.132 (62)
10:47:52.791559 enp3s0 Out IP 192.168.231.3.53 > 192.168.231.243.48257: 29809 
1/0/0 A 142.251.208.132 (62)
10:47:52.794704 enp3s0 In  IP 192.168.231.243.46639 > 142.251.208.132.80: Flags 
[S], seq 4183167263, win 29200, options [mss 1460,sackOK,TS val 19413 ecr 
0,nop,wscale 6], length 0
10:47:52.846385 enp3s0 In  IP 192.168.231.243.46640 > 142.251.208.132.80: Flags 
[S], seq 1626803236, win 29200, options [mss 1460,sackOK,TS val 19418 ecr 
0,nop,wscale 6], length 0


Since packets from wlxe8de27a5ab1c to 142.251.208.132:80 are missed, 
perhaps IP forwarding is disabled or there is a blocking forwarding rule 
in the firewall. If I am not wrong, masquerading should affect source IP 
address of forwarded packets, but not their presence.



Warning: if you have not configured network interfaces for DHCP in dnsmasq
then do it. Otherwise other computers connected to the upstream WiFi link
may receive DHCP leases emitted from wlxe8de27a5ab1c.


Only thing I added to dnsmasq configuration is one line in
/etc/dnsmasq.d/myHomeDHCPrange file:
dhcp-range=192.168.231.241,192.168.231.254,12h


Dnsmasq may be smart enough to not send DHCP leases to interfaces with 
addresses inconsistent with the specified range, but I would still limit 
interfaces that dnsmasq listens to.


On 08/11/2023 21:30, Anssi Saari wrote:


systemctl start nftables.service

So if you're experimenting, you edit /etc/nftables.conf and after
editing run systemctl restart nftables.service


And be prepared that this command flushes away rules added by docker. It 
is a reason why earlier I suggested to create a dedicated file that may 
reload specific set of rules using "nft -f".


Current set of rules is more important than state of the service.

Re: How do I connect my new wifi router (Mi Router 4C)?

[Anssi Saari]

Martin  writes:

> I just enabled it (again) now:
> root@redmoon:~# systemctl enable nftables.service
> Created symlink /etc/systemd/system/sysinit.target.wants/nftables.service → 
> /lib/systemd/system/nftables.service.
> root@redmoon:~# systemctl status nftables.service
> ○ nftables.service - nftables
>  Loaded: loaded (/lib/systemd/system/nftables.service; enabled; preset: 
> enabled)
>  Active: inactive (dead)
>Docs: man:nft(8)
>  http://wiki.nftables.org

In case it's unclear, enabling a service just means it'll be started at
boot. In practice it just creates a symlink as shown above. If you want
to start the service manually you do

systemctl start nftables.service

So if you're experimenting, you edit /etc/nftables.conf and after
editing run systemctl restart nftables.service

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Sun, Nov 05, 2023 at 10:55:12PM +0700, Max Nikulin wrote:
> It should be checked first and
> 
> journalctl -b -u nftables.service
> 
> alongside with searching for any nft messages in "journalctl -b". I
> suggested earlier to read /usr/share/doc/nftables/README.Debian It
> explicitly recommends to enable the service.

I just enabled it (again) now:
root@redmoon:~# systemctl enable nftables.service
Created symlink /etc/systemd/system/sysinit.target.wants/nftables.service → 
/lib/systemd/system/nftables.service.
root@redmoon:~# systemctl status nftables.service
○ nftables.service - nftables
 Loaded: loaded (/lib/systemd/system/nftables.service; enabled; preset: 
enabled)
 Active: inactive (dead)
   Docs: man:nft(8)
 http://wiki.nftables.org
root@redmoon:~# journalctl -b -u nftables.service
-- No entries --

> > 2: enp3s0:  mtu 1500 qdisc fq_codel state 
> > UP group default qlen 1000
> > inet 192.168.231.3/24 brd 192.168.231.255 scope global enp3s0
> 
> I hope, your router allows to view configuration received from the DHCP
> server. Since static addresses were working (and it can be rechecked), I
> guess, gateway is not explicitly configured, so the router tries to send
> packets to 192.168.231.1. Either change the interface IP or configure
> dnsmasq to send 192.168.231.3.

I think WiFi is configured properly (with automatic setup it does have same
settings as I did with manual settings)

Here is output from phone connected to WiFi setup program:
Connectino type: DHCP
 IP address: 192.168.231.243
Subnet mask: 255.255.255.0
Default gateway: 192.168.231.3
DNS: 192.168.231.3

Those are same values I was providing previously when I used manual setup too.

> To debug run wireshark or tcpdump on enp3s0 and wlxe8de27a5ab1c to check
> that packets from the phone are properly received and routed.

Well this is the part where my knowledge is thin as it can be, sadly.
I have read part of manual page for tcpdump, some web page with tutorials
and all I came with is to issue command:
$ sudo tcpdump -s 0 -i any -w  any-0.pcap
$ tcpdump -r any-0.pcap  > any-0.tcpdump

While tcpdump was recording what was going on network I issued those commands
from my phone:
connect to with browser: http://www.google.com
In terminal program that I downloaded on phone I issued those commands
(2 top ping worked third did not)
ping -c1 192.168.0.16
ping -c1 192.168.231.3
ping -c1 google.come
connect to with browser: http://192.168.231.3/test.html

The connection to www.google.com did not worked, but connection to my own
web server did showed test.html page (which I created for this)

I have run this commands 2 times once right after rebooting when my changes to
nftables where not done yet and second time after I added this to nftables:
table ip masqrule {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.231.0/24 oifname "wlxe8de27a5ab1c" masquerade
}
}

and here are the outputs of tcpdump (I did post them to pastebin as they are 
not tiny)
(tcpdump -r any-0-no_masq.pcap  > any-0-no_masq.tcpdump) (pastebinit -i 
any-0-no_masq.tcpdump)
https://paste.debian.net/hidden/be2f7994/
(tcpdump -r any-0.pcap  > any-0.tcpdump) (pastebinit -i any-0.tcpdump)
https://paste.debian.net/hidden/1589ec04/

There are also same outputs with '-n' (to print IP numbers instead of names) 
option too:
(tcpdump -r any-0-no_masq.pcap -n > any-0-no_masq-n.tcpdump) (pastebinit -i 
any-0-no_masq-n.tcpdump)
https://paste.debian.net/hidden/08ecfd39/
(tcpdump -r any-0.pcap -n > any-0-n.tcpdump) (pastebinit -i any-0-n.tcpdump)
https://paste.debian.net/hidden/a55e6f77/

Here is extract from https://paste.debian.net/hidden/a55e6f77/ that I thing is
doing connection to google:

10:47:52.614642 enp3s0 In  IP 192.168.231.243.48257 > 192.168.231.3.53: 29809+ 
A? www.google.com. (32)
10:47:52.614851 wlxe8de27a5ab1c Out IP 192.168.0.16.34673 > 81.24.247.14.53: 
10155+ A? www.google.com. (32)
10:47:52.614902 wlxe8de27a5ab1c Out IP 192.168.0.16.34673 > 81.24.247.44.53: 
10155+ A? www.google.com. (32)
10:47:52.791389 wlxe8de27a5ab1c In  IP 81.24.247.14.53 > 192.168.0.16.34673: 
10155 1/0/0 A 142.251.208.132 (62)
10:47:52.791559 enp3s0 Out IP 192.168.231.3.53 > 192.168.231.243.48257: 29809 
1/0/0 A 142.251.208.132 (62)
10:47:52.794704 enp3s0 In  IP 192.168.231.243.46639 > 142.251.208.132.80: Flags 
[S], seq 4183167263, win 29200, options [mss 1460,sackOK,TS val 19413 ecr 
0,nop,wscale 6], length 0
10:47:52.846385 enp3s0 In  IP 192.168.231.243.46640 > 142.251.208.132.80: Flags 
[S], seq 1626803236, win 29200, options [mss 1460,sackOK,TS val 19418 ecr 
0,nop,wscale 6], length 0
10:47:53.819034 enp3s0 In  IP 192.168.231.243.46639 > 142.251.208.132.80: Flags 
[S], seq 4183167263, win 29200, options [mss 1460,sackOK,TS va

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Sun, Nov 05, 2023 at 06:48:47AM +, Tixy wrote:
> On Sat, 2023-11-04 at 20:08 +0100, Martin wrote:
> [...]
> > BTW putting above script into /etc/nftables.conf (at the bottom of file)
> > did not ever worked - I had always to run that file manualy as root.
> > Command 'nft list ruleset' only then showed this table.
> > I have no idea why. To me it seemed as if /etc/nftables.conf file
> > was not executed (I have rebooted many times so this file should run).
> [...]
> 
> Did you enable the nftables service? To do that, use:
> 
> # systemctl enable nftables.service
> 
> and to see status of the service
> 
> # systemctl status nftables.service

It was not enabled by default. I enabled it now.
That is great - now i know where to put script when it start working.
Unfortunately I am not there yet :(

Thank you.
Martin

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Sun, Nov 05, 2023 at 10:26:17AM +0200, Anssi Saari wrote:
> Anyways, a typical masquerade rule would specify the source network and
> an outgoing interface. For example, I have in my Linux router:
> 
> ip saddr 10.0.2.0/24 oifname "enp1s0" masquerade
> 
> so for you that would become
> 
> ip saddr 192.168.231.0/24 oifname "wlxe8de27a5ab1c" masquerade

I tried this line too, unforutately it does not work either.
I mean after executing the config file with this line it shows itself in
output of command 'nft list ruleset' but I still can not connect to
internet from my phone.

I tried many lines similar to this, none works:
ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
ip saddr 192.168.231.0/24 ip daddr != 192.168.231.0/24 masquerade
ip saddr 192.168.231.0/24 oifname "wlxe8de27a5ab1c" masquerade
oifname "wlxe8de27a5ab1c" masquerade

I also noticed in output of 'nft list ruleset' that other rules there are
using capitalized letter so i try it too:
istead of   chain postrouting {
I used  chain POSTROUTING {

I also tried to put this command in table that already exist instead of
creating new one (masqrule) - instead of running my whole script I run
only one command (after reboot so there are no more changes made by me before):

nft add rule ip nat POSTROUTING oifname  wlxe8de27a5ab1c  masquerade

(note that here I used 'ip nat' table that is added autmaticaly by
docker server i guess)

Since nothing I tried does work I guess my next step should be to see
where/how those packets from phone are handled. I guess program for that
is tcpdump which I have installed. But since I am unfamiliar with this tool
I would need help from mailing list to guide me what to look for and how
to use this tool.

So please can you give me some info what command should I use with
tcpdump to see where packets from phone are going - or why they do not
go where they should?

Just a reminder - I can connect from phone to my computers web server - which
I also installed just for debugging this. The problem is I can not connect from
phone to internet (let say google.com)

Martin

Re: How do I connect my new wifi router (Mi Router 4C)?

[Max Nikulin]

On 05/11/2023 13:48, Tixy wrote:

On Sat, 2023-11-04 at 20:08 +0100, Martin wrote:
[...]

BTW putting above script into /etc/nftables.conf (at the bottom of file)
did not ever worked - I had always to run that file manualy as root.
Command 'nft list ruleset' only then showed this table.
I have no idea why. To me it seemed as if /etc/nftables.conf file
was not executed (I have rebooted many times so this file should run).

[...]

Did you enable the nftables service? To do that, use:

# systemctl enable nftables.service

and to see status of the service

# systemctl status nftables.service


It should be checked first and

journalctl -b -u nftables.service

alongside with searching for any nft messages in "journalctl -b". I 
suggested earlier to read /usr/share/doc/nftables/README.Debian It 
explicitly recommends to enable the service.



2: enp3s0:  mtu 1500 qdisc fq_codel state UP 
group default qlen 1000
inet 192.168.231.3/24 brd 192.168.231.255 scope global enp3s0


I hope, your router allows to view configuration received from the DHCP 
server. Since static addresses were working (and it can be rechecked), I 
guess, gateway is not explicitly configured, so the router tries to send 
packets to 192.168.231.1. Either change the interface IP or configure 
dnsmasq to send 192.168.231.3.


To debug run wireshark or tcpdump on enp3s0 and wlxe8de27a5ab1c to check 
that packets from the phone are properly received and routed.


Warning: if you have not configured network interfaces for DHCP in 
dnsmasq then do it. Otherwise other computers connected to the upstream 
WiFi link may receive DHCP leases emitted from wlxe8de27a5ab1c.

Re: How do I connect my new wifi router (Mi Router 4C)?

[Anssi Saari]

Martin  writes:

> #!/usr/sbin/nft -f
>
> table ip masqrule {}
> flush table ip masqrule
> table ip masqrule {
>   chain postrouting {
> type nat hook postrouting priority srcnat; policy accept;
> ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
>   }
> }
>
> When I execute this file with sudo unfortunately nothing changes, I can
> not connect to the internet (trying www.google.com from phone).

I might guess it's because your masquerade rule does nothing. I'm not
sure though.

Anyways, a typical masquerade rule would specify the source network and
an outgoing interface. For example, I have in my Linux router:

ip saddr 10.0.2.0/24 oifname "enp1s0" masquerade

so for you that would become

ip saddr 192.168.231.0/24 oifname "wlxe8de27a5ab1c" masquerade

Re: How do I connect my new wifi router (Mi Router 4C)?

[Tixy]

On Sat, 2023-11-04 at 20:08 +0100, Martin wrote:
[...]
> BTW putting above script into /etc/nftables.conf (at the bottom of file)
> did not ever worked - I had always to run that file manualy as root.
> Command 'nft list ruleset' only then showed this table.
> I have no idea why. To me it seemed as if /etc/nftables.conf file
> was not executed (I have rebooted many times so this file should run).
[...]

Did you enable the nftables service? To do that, use:

# systemctl enable nftables.service

and to see status of the service

# systemctl status nftables.service

-- 
Tixy

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Thu, Oct 26, 2023 at 10:00:08PM +0700, Max Nikulin wrote:
> On 26/10/2023 17:06, Martin wrote:
> > On Thu, Oct 26, 2023 at 09:54:22AM +0700, Max Nikulin wrote:
> > > 
> > > #!/usr/sbin/nft -f
> > > table inet sharedconnection {}
> > > flush table inet sharedconnection
> > > table ip sharedconnection { ... } from above

> I wrote "FILE" in caps trying to express that you can choose any name.
> Debian has /etc/nftables.conf and nft supports the "include" directive, see
> nft(8). So you may put your file to /etc or to create a dedicated directory,
> e.g. /etc/nftables.conf.d, for your settings and include your file from the
> main conf file, so it should be applied on each boot by nftables.service.
> You may put "table ip shared ..." content directly into /etc/nftables.conf
> as well, however I prefer to minimize changes in files provided by packages
> when it is possible to use additional ones.

> By the way, since you have dnsmasq running, you may enable its DHCP server
> (dhcp-range=192.168.231.5,192.168.231.254) and may switch mi router from
> static network configuration to DHCP.

Sorry for long pause in reply (my hard disk was dieing so I replaced HD and
installed whole debian from scratch).

Now (after reinstall everything) I am the point where I want to make my
router to work. I set up dnsmasq to enable DHCP with line in config:
dhcp-range=192.168.231.241,192.168.231.254,12h
and reseted my WiFi router after little configuring with my phone I can
connect my phone to WiFi router and to my computer (that still has address
192.168.231.3). I can access http server on my computer when I type in my
phone address to connect in web browser: http://192.168.231.3/text.html
(I created on my computer file /var/www/html/test.html)

That is all without changing anything with nft program.
I created a file with exatly this content:

#!/usr/sbin/nft -f

table ip masqrule {}
flush table ip masqrule
table ip masqrule {
  chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
  }
}

When I execute this file with sudo unfortunately nothing changes, I can
not connect to the internet (trying www.google.com from phone).

[[ this is about old system I had on old HD:
I remeber before reinstalling whole system at this point I had connection
from my phone to the internet (I could see google and then some videos on
youtube worked too on the phone) After I rebooted my old system I could not
connect to internet anymore from the phone. I slightly changed the script
from your post to current state (namely using ip allways instead of inet at
first two lines of script and using 'masqrule'as table name) I thing those
changes are ok.
]]

I have no idea what else should I try to make this work. Maybe I forgot
to issue some command (but I do not think so).

BTW putting above script into /etc/nftables.conf (at the bottom of file)
did not ever worked - I had always to run that file manualy as root.
Command 'nft list ruleset' only then showed this table.
I have no idea why. To me it seemed as if /etc/nftables.conf file
was not executed (I have rebooted many times so this file should run).

Bye
Martin

My current network connections, and 'ip route' command:
(I see 2 changes from my prevoius setup: missing tun0 and  br-7bfdce95ff27
they were before created automaticaly so I hope it does not matter they
are not present now - both where doing local addresses 10.1.1.1/24 and
172.18.0.1/16, maybe they will appeear when I install more programs from
repository - i am not worried about them, just mentioning to be complete)
root@redmoon:~# ip address list
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
   valid_lft forever preferred_lft forever
2: enp3s0:  mtu 1500 qdisc fq_codel state UP 
group default qlen 1000
link/ether e0:d5:5e:73:c9:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.231.3/24 brd 192.168.231.255 scope global enp3s0
   valid_lft forever preferred_lft forever
inet6 fe80::e2d5:5eff:fe73:c9d3/64 scope link proto kernel_ll
   valid_lft forever preferred_lft forever
3: wlxe8de27a5ab1c:  mtu 1500 qdisc noqueue 
state UP group default qlen 1000
link/ether e8:de:27:a5:ab:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.16/24 brd 192.168.0.255 scope global dynamic wlxe8de27a5ab1c
   valid_lft 591334sec preferred_lft 591334sec
inet6 fe80::eade:27ff:fea5:ab1c/64 scope link proto kernel_ll
   valid_lft forever preferred_lft forever
4: docker0:  mtu 1500 qdisc noqueue state 
DOWN group default
link/ether 02:42:33:88:62:ce brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker

Re: How do I connect my new wifi router (Mi Router 4C)?

[Max Nikulin]

On 26/10/2023 17:06, Martin wrote:

On Thu, Oct 26, 2023 at 09:54:22AM +0700, Max Nikulin wrote:


#!/usr/sbin/nft -f
table inet sharedconnection {}
flush table inet sharedconnection
# table ip shared connection { ... } from above


I did create FILE.conf and after executing it I can connect to internet from
my phone. THANK YOU!

Now where do I put this FILE.conf? I would like for it to run everytime
I turn on my computer.


I wrote "FILE" in caps trying to express that you can choose any name. 
Debian has /etc/nftables.conf and nft supports the "include" directive, 
see nft(8). So you may put your file to /etc or to create a dedicated 
directory, e.g. /etc/nftables.conf.d, for your settings and include your 
file from the main conf file, so it should be applied on each boot by 
nftables.service. You may put "table ip shared ..." content directly 
into /etc/nftables.conf as well, however I prefer to minimize changes in 
files provided by packages when it is possible to use additional ones.


Instead of installing dnsmasq you may specify a public dns server in 
your router settings (8.8.8.8, etc.). Or if you are sure that DNS 
configuration provided by the upstream router 192.168.0.1 is stable then 
you may use servers from DHCP lease. However having a local caching DNS 
server (dnsmasq or systemd-resolved) should not harm.


By the way, since you have dnsmasq running, you may enable its DHCP 
server (dhcp-range=192.168.231.5,192.168.231.254) and may switch mi 
router from static network configuration to DHCP.


As a final note, NetworkManager allows to create "shared" connections 
(ipv4.method). It starts dnsmasq and adds necessary firewall nat rules. 
I used it in both directions: with ethernet upstream connection to share 
wifi or to leverage 1G ethernet link to copy files between laptops while 
one of them has an active wifi connection.

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Thu, Oct 26, 2023 at 09:54:22AM +0700, Max Nikulin wrote:
> On 26/10/2023 02:20, Martin wrote:
> > On Wed, Oct 25, 2023 at 07:33:52PM +0700, Max Nikulin wrote:
> > > should have something like
> > > 
> > > table ip sharedconnection {
> > >chain postrouting {
> > >  type nat hook postrouting priority srcnat; policy accept;
> > >  ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
> > >}
> > > }
> 
> "sharedconnection" is an arbitrary name. It should be chosen to not conflict
> with other applications. Actually you have nat masquerading rules created by
> docker for other interfaces. Read /usr/share/doc/nftables/README.Debian and
> choose a convenient for you way to add rules. You may add the following
> heading and may save rules to a file that may be read by either "nft -f
> FILE.conf" or just executing it.
> 
> #!/usr/sbin/nft -f
> table inet sharedconnection {}
> flush table inet sharedconnection
> # table ip shared connection { ... } from above

I did create FILE.conf and after executing it I can connect to internet from
my phone. THANK YOU!

Now where do I put this FILE.conf? I would like for it to run everytime
I turn on my computer. Is there some standard place for it - perhaps in
/etc directory? Maybe i should create some script in /etc/init.d/
directory?

Martin

Re: How do I connect my new wifi router (Mi Router 4C)?

[Max Nikulin]

On 26/10/2023 02:20, Martin wrote:

On Wed, Oct 25, 2023 at 07:33:52PM +0700, Max Nikulin wrote:

should have something like

table ip sharedconnection {
   chain postrouting {
 type nat hook postrouting priority srcnat; policy accept;
 ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
   }
}

I did not add any masquerading rules by myself and output of command
'nft list ruleset' is showed below. It does not have anything like you
showed in section 'table ip sharedconnection'.


"sharedconnection" is an arbitrary name. It should be chosen to not 
conflict with other applications. Actually you have nat masquerading 
rules created by docker for other interfaces. Read 
/usr/share/doc/nftables/README.Debian and choose a convenient for you 
way to add rules. You may add the following heading and may save rules 
to a file that may be read by either "nft -f FILE.conf" or just 
executing it.


#!/usr/sbin/nft -f
table inet sharedconnection {}
flush table inet sharedconnection
# table ip shared connection { ... } from above

---

Upstream WiFi router does not know that packets addressed to 
192.168.231.5 (mi router) should be sent to your computer 
(192.168.0.16), so you computer should make upstream router believing 
that all packets from your phone originates from 192.168.0.16.

Re: How do I connect my new wifi router (Mi Router 4C)?

[David Wright]

On Wed 25 Oct 2023 at 11:04:59 (+0300), Anssi Saari wrote:
> Martin  writes:
> > With wifi antena I receive a (rather weak) signal that connect my
> > computer to internet. I have to use windsurfer antena booster
> > (http://members.multiweb.nl/schaaijw/windsurfer_wifi_en.pdf)
> > to get usable signal. So my computer have internet signal from
> > wifi antena - yay great thing :)
> >
> > Now I also want to connect to internet with my mobile phone!
> 
> You mean you want to use some unspecified wifi signal with your phone
> also? Share the connection to your phone and computer? The link to this
> "windsurfer" doesn't work so it's a little hard to help if you can't
> describe what you have.

I presume what's going on here is that the Internet is provided by
a wifi access point that is distant and inaccessible (say, next door).
The windsurfer is a shaped piece of aluminium foil that pops over the
aerial to make a sort of parabola. Normally, you'd put this over your
modem/router's (external) aerial to increase the signal transmitted to
parts of your house (though it decreases it in the opposite direction).
But I'm guessing that here the windsurfer is on the computer's wifi
aerial, to improve the received signal.

That's why the OP's router (which, again presumably, has no Internet
Service) is connected "backwards", so the computer is the WAN, and
the mobile phone is the sole device on the LAN.

IOW Max's reply represents a string↔of↔connected↔devices rather than
- a
- bullet
- list.

> You have some kind of mysterious internet connection from
> something. That needs to connect to the router's WAN port.

That's how I would cascade two routers: a LAN port on the main
router connects by a plumbed-in Cat5 cable to a port on the
secondary router. The latter port would be the WAN connection,
but that's broken on mine, so I have to connect the cable to
a LAN port. I guess that makes my secondary router a switch?

Cheers,
David.

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Wed, Oct 25, 2023 at 02:15:36PM +0200, Marco M. wrote:
> Am 25.10.2023 um 13:33:48 Uhr schrieb Martin:
> 
> > On Wed, Oct 25, 2023 at 08:47:03AM +0200, Marco M. wrote:
> > > 
> > > Why don't you use DHCP like your phone does?  
> > 
> > Because I used this computer before I had WiFi and phone.
> 
> Why it is a problem to change it?
> Do you really want to deal with manually addressing machines?

I only have one computer, and now this new router. Because I only have
one computer I did not feel need to use DHCP to automaticaly assing me
an IP address.

Martin

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Wed, Oct 25, 2023 at 07:33:52PM +0700, Max Nikulin wrote:
> On 25/10/2023 18:24, Martin wrote:
> > On Wed, Oct 25, 2023 at 03:17:09PM +0700, Max Nikulin wrote:
> > > 
> > > So packet forwarding should be enabled on the computer.
> 
> sysctl net.ipv4.ip_forward
> 
> almost certainly enabled since you have the docker0 network interface

You are right, it is enabled:

$ sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

> I hope, you have a DNS server running on this machine
> 
> host debian.org 192.168.231.3

I did not had dig installed but host worked, alas it showed me that I do
not have installed DNS server. So I installed dnsmasq package and
wonders happened (without me editing any config files - just installing
dnsmasq) - on my mobile phone when I connected to 192.168.31.1 address
(default router address when I look from phone) It showed now green line
from router to internet.

But unfortunatelly phone does not connect to internet yet. I guess I will
need to issue some 'sudo route' command to add path from my router to
outside world (actually I do not have idea if this is the problem).

> Check that you do not have blocking rules in firewall

I do not use firewall anymore, since I stoped using wired home phone
(dialup modem) to connect to internet with ppp protocol. Since I am now
connected to internet via my weak antena which is connected to router(A)
and then to internet I know that distant router(A) is protected enough
(after all it uses only local address that i can see 192.168.0.1).

> and that masquerading
> is enabled for your downstream link enp3s0
> 
> nft list ruleset
> 
> should have something like
> 
> table ip sharedconnection {
>   chain postrouting {
> type nat hook postrouting priority srcnat; policy accept;
> ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
>   }
> }

I did not add any masquerading rules by myself and output of command
'nft list ruleset' is showed below. It does not have anything like you
showed in section 'table ip sharedconnection'. I remember using iptables
command to make firewall and masquerading my computer while I was using
dialup modem internet connection. I do not set up use any iptable rules
manualy anymore.

So this is probably what I need to figure out how to use masquerading
and other firewall rules to enable my new router to connect to outside
internet. (I must admit that I forgot what rules should I use to enable
this setup - so I need your help)

Here is output of 'nft list ruleset' 'iptables -S' and 'iptables -L' command:
(I am not sure they provide different info, but here they are)

Thanks a lot
Martin


$ sudo nft list ruleset
# Warning: table ip nat is managed by iptables-nft, do not touch!
table ip nat {
chain DOCKER {
iifname "docker0" counter packets 0 bytes 0 return
iifname "br-7bfdce95ff27" counter packets 0 bytes 0 return
}

chain POSTROUTING {
type nat hook postrouting priority srcnat; policy accept;
oifname "wlxe8de27a5ab1c" ip saddr 10.1.1.0/24  counter packets 
192 bytes 11818 masquerade
oifname != "docker0" ip saddr 172.17.0.0/16 counter packets 0 
bytes 0 masquerade
oifname != "br-7bfdce95ff27" ip saddr 172.18.0.0/16 counter 
packets 0 bytes 0 masquerade
}

chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
fib daddr type local counter packets 7727 bytes 479748 jump 
DOCKER
}

chain OUTPUT {
type nat hook output priority dstnat; policy accept;
ip daddr != 127.0.0.0/8 fib daddr type local counter packets 3 
bytes 196 jump DOCKER
}
}
# Warning: table ip filter is managed by iptables-nft, do not touch!
table ip filter {
chain DOCKER {
}

chain DOCKER-ISOLATION-STAGE-1 {
iifname "docker0" oifname != "docker0" counter packets 0 bytes 
0 jump DOCKER-ISOLATION-STAGE-2
iifname "br-7bfdce95ff27" oifname != "br-7bfdce95ff27" counter 
packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
counter packets 27 bytes 1780 return
}

chain DOCKER-ISOLATION-STAGE-2 {
oifname "docker0" counter packets 0 bytes 0 drop
oifname "br-7bfdce95ff27" counter packets 0 bytes 0 drop
counter packets 0 bytes 0 return
}

chain FORWARD {
type filter hook forward priority filter; policy drop;
 counter packets 57740 bytes 51358193 accept
counter packets 25 bytes 1644 jump DOCKER-USER
counter packets 25 bytes 1644 jump DOCKER-ISOLATION-STAGE-1
oifname "docker0&quo

Re: How do I connect my new wifi router (Mi Router 4C)?

[Max Nikulin]

On 25/10/2023 18:24, Martin wrote:

On Wed, Oct 25, 2023 at 03:17:09PM +0700, Max Nikulin wrote:


So packet forwarding should be enabled on the computer.


sysctl net.ipv4.ip_forward

almost certainly enabled since you have the docker0 network interface


However I suspect an issue with IP addresses.

I was wrong.


2: enp3s0:  mtu 1500 qdisc fq_codel state UP 
group default qlen 1000
 link/ether e0:d5:5e:73:c9:d3 brd ff:ff:ff:ff:ff:ff
 inet 192.168.231.3/24 brd 192.168.231.255 scope global enp3s0

[...]

3: wlxe8de27a5ab1c:  mtu 1500 qdisc noqueue 
state UP group default qlen 1000
 link/ether e8:de:27:a5:ab:1c brd ff:ff:ff:ff:ff:ff
 inet 192.168.0.16/24 brd 192.168.0.255 scope global dynamic wlxe8de27a5ab1c


looks consistent from router settings you posted earlier


 IP address: 192.168.231.5
Subnet mask: 255.255.255.0
Default gateway: 192.168.231.3
DNS: 192.168.231.3


I hope, you have a DNS server running on this machine

dig debian.org @192.168.231.3

or

host debian.org 192.168.231.3

Check that you do not have blocking rules in firewall and that 
masquerading is enabled for your downstream link enp3s0


nft list ruleset

should have something like

table ip sharedconnection {
  chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
  }
}

A tool for further debugging is tcpdump or wireshark.

Re: How do I connect my new wifi router (Mi Router 4C)?

[Marco M.]

Am 25.10.2023 um 13:33:48 Uhr schrieb Martin:

> On Wed, Oct 25, 2023 at 08:47:03AM +0200, Marco M. wrote:
> > 
> > Why don't you use DHCP like your phone does?  
> 
> Because I used this computer before I had WiFi and phone.

Why it is a problem to change it?
Do you really want to deal with manually addressing machines?

> > Show 
> > ip a  
> 
> I posted output of that command to Max Nikulin email.
> 
> (Do not want to to post same info twice again as first email)

This is a mailing list, please keep the discussion here on the list and
do not send emails directly to subscribers. Nobody else can read them.

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Wed, Oct 25, 2023 at 08:47:03AM +0200, Marco M. wrote:
> 
> Why don't you use DHCP like your phone does?

Because I used this computer before I had WiFi and phone.

> Show 
> ip a

I posted output of that command to Max Nikulin email.

(Do not want to to post same info twice again as first email)

Martin

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Wed, Oct 25, 2023 at 03:17:09PM +0700, Max Nikulin wrote:
> On 25/10/2023 15:04, Anssi Saari wrote:
> > You have some kind of mysterious internet connection from something.
> > That needs to connect to the router's WAN port.
> 
> My guess is the following:
> 
> - Source of weak WiFi
> - WiFi booster
> - WiFi adapter in computer
> - ethernet port in computer
> - ethernet port of Mi router
> - WiFi provided by Mi router
> - WiFi adapter inside the phone
> 
> So packet forwarding should be enabled on the computer. However I suspect an
> issue with IP addresses. Martin, please, provide output of
> 
> ip address list

You are absolutely correct with your guess - although it take me
some time to understand what you are talking about - which is all my
fault.

here is result of 'ip address list' and also 'ip route' command:

$ ip address list
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
   valid_lft forever preferred_lft forever
2: enp3s0:  mtu 1500 qdisc fq_codel state UP 
group default qlen 1000
link/ether e0:d5:5e:73:c9:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.231.3/24 brd 192.168.231.255 scope global enp3s0
   valid_lft forever preferred_lft forever
inet6 fe80::e2d5:5eff:fe73:c9d3/64 scope link proto kernel_ll
   valid_lft forever preferred_lft forever
3: wlxe8de27a5ab1c:  mtu 1500 qdisc noqueue 
state UP group default qlen 1000
link/ether e8:de:27:a5:ab:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.16/24 brd 192.168.0.255 scope global dynamic wlxe8de27a5ab1c
   valid_lft 535000sec preferred_lft 535000sec
inet6 fe80::eade:27ff:fea5:ab1c/64 scope link proto kernel_ll
   valid_lft forever preferred_lft forever
4: docker0:  mtu 1500 qdisc noqueue state 
DOWN group default
link/ether 02:42:42:5b:a7:3b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
   valid_lft forever preferred_lft forever
5: br-7bfdce95ff27:  mtu 1500 qdisc noqueue 
state DOWN group default
link/ether 02:42:52:ec:22:75 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-7bfdce95ff27
   valid_lft forever preferred_lft forever
6: tun0:  mtu 1500 qdisc fq_codel 
state UNKNOWN group default qlen 500
link/none
inet 10.1.1.1/24 scope global tun0
   valid_lft forever preferred_lft forever
inet6 fe80::f84d:e9fc:4ea5:f7fa/64 scope link stable-privacy proto kernel_ll
   valid_lft forever preferred_lft forever

$ ip route
default via 192.168.0.1 dev wlxe8de27a5ab1c
10.1.1.0/24 dev tun0 proto kernel scope link src 10.1.1.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-7bfdce95ff27 proto kernel scope link src 172.18.0.1 
linkdown
192.168.0.0/24 dev wlxe8de27a5ab1c proto kernel scope link src 192.168.0.16
192.168.231.0/24 dev enp3s0 proto kernel scope link src 192.168.231.3

Re: How do I connect my new wifi router (Mi Router 4C)?

[Max Nikulin]

On 25/10/2023 15:04, Anssi Saari wrote:
You have some kind of mysterious internet connection from something. 
That needs to connect to the router's WAN port.


My guess is the following:

- Source of weak WiFi
- WiFi booster
- WiFi adapter in computer
- ethernet port in computer
- ethernet port of Mi router
- WiFi provided by Mi router
- WiFi adapter inside the phone

So packet forwarding should be enabled on the computer. However I 
suspect an issue with IP addresses. Martin, please, provide output of


ip address list

Re: How do I connect my new wifi router (Mi Router 4C)?

[Anssi Saari]

Martin  writes:

> Hello,
>
> With wifi antena I receive a (rather weak) signal that connect my
> computer to internet. I have to use windsurfer antena booster
> (http://members.multiweb.nl/schaaijw/windsurfer_wifi_en.pdf)
> to get usable signal. So my computer have internet signal from
> wifi antena - yay great thing :)
>
> Now I also want to connect to internet with my mobile phone!

You mean you want to use some unspecified wifi signal with your phone
also? Share the connection to your phone and computer? The link to this
"windsurfer" doesn't work so it's a little hard to help if you can't
describe what you have.

> As it turn out I am not so bright to make this whole setup working :(
> I pluged in new router to power and connected ethernet cable from my
> computer to router WAN connection. (I belive this is how it should be
> connected togheder)

The WAN connection is for the internet, not your computer. It says as
much in the Xiaomi manual.

> While I was seting up router as described in
> https://manuals.plus/_mi/mi-router-4c-manual
> in Step 2 (point 3) it said I do not have internet.
> So I choose to manualy set up 'Static address' for
> router as folows (my computer has IP address 192.168.231.3):
>
>  IP address: 192.168.231.5
> Subnet mask: 255.255.255.0
> Default gateway: 192.168.231.3
> DNS: 192.168.231.3
>
> After all this setup I could issue those commands on my desktop:
>
> (this is my desktop IP address - just to show it works)

So you created a LAN between your computer and the router.

> I hope someone will be able to give me some hint how to solve
> this issue and be able to connect to internet from router - and
> connected phone.

You have some kind of mysterious internet connection from
something. That needs to connect to the router's WAN port.

Re: How do I connect my new wifi router (Mi Router 4C)?

[Marco M.]

Am 25.10.2023 um 08:45:26 Uhr schrieb Martin:

> I am using /etc/network and here is whole /etc/network/interfaces
> file:
> 
> auto lo
> iface lo inet loopback
> 
> auto enp3s0
> iface enp3s0 inet static
>   address 192.168.231.3
>   netmask 255.255.255.0

Why don't you use DHCP like your phone does?

Show 
ip a

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Wed, Oct 25, 2023 at 07:24:10AM +0200, Marco M. wrote:
> 
> Please specify the EXACT model names and the exact wiring of your
> devices.

There is no other name than 'Mi Router 4C' made by Xiaomi.
2 links that I provided are for exact model I have.
(here they are again:
https://www.mi.com/global/product/mi-router-4c/
https://manuals.plus/_mi/mi-router-4c-manual)


The wiring is as folow:
a) power cable goes from wall to the far right socket
   (when looking from front of modem)
b) ethernet cable is connected from my desktop to far left scoket of router.
   (there are also 2 middle ethernet cable sockets which i do not use
   my guess is they are for connecting other devices -like desktop- to
   subnetwork that wifi router uses which is 192.168.31.X - my phone is
   geting adress from this subnetwork when connected to wifi router)

> Please also tell us if you use NetworkManager or /etc/network for
> configuration.

I am using /etc/network and here is whole /etc/network/interfaces file:

auto lo
iface lo inet loopback

auto enp3s0
iface enp3s0 inet static
  address 192.168.231.3
  netmask 255.255.255.0

# auto wlxe8de27a5ab1c
iface wlxe8de27a5ab1c inet dhcp
 wpa-ssid Thomson
 wpa-psk mybigsecret

Martin

Re: How do I connect my new wifi router (Mi Router 4C)?

[Martin]

On Wed, Oct 25, 2023 at 06:52:09AM +0200, Geert Stappers wrote:
> On Wed, Oct 25, 2023 at 06:15:00AM +0200, Martin wrote:
> > I tried lot of setup and none worked.
> 
> And also missed https://lists.debian.org/debian-user/2023/10/msg00684.html
> and https://lists.debian.org/debian-user/2023/10/msg00685.html
> and https://lists.debian.org/debian-user/2023/10/msg00688.html
> and https://lists.debian.org/debian-user/2023/10/msg00690.html

Now I am very, very embarased.

When I first posted this message i got the error message back that it
cculd not be delivered. So I send more same message but did not receive
any response from mailing list. This is when I started looking at
browser on the link
https://lists.debian.org/debian-user/2023/10/threads.html but could not
find my message there (note that it shows only first page of 2 pages of
emails) I did not realize that this list have 2 pages, I always looked
only on the first page. And so I tried to use my different email
addresses that I had and post same message again few times. I also did
not receive any message back from mailing list that i send (some of
addresses were not subscribed to mailing list). Finaly I made a post
from this address and got the message back as posted in mailing list.
I guess it all boils down that I did not realized that 
https://lists.debian.org/debian-user/2023/10/threads.html page
have 2 pages, I was always looking at first page :(

Now I will hide under the rock and be ashamed.

But I really do need some advice about the problem I described in
(lot of the) messages I posted.

Martin

Re: How do I connect my new wifi router (Mi Router 4C)?

[Marco M.]

Am 25.10.2023 um 06:15:00 Uhr schrieb Martin:

> As it turn out I am not so bright to make this whole setup working :(
> I pluged in new router to power and connected ethernet cable from my
> computer to router WAN connection. (I belive this is how it should be
> connected togheder)

Please specify the EXACT model names and the exact wiring of your
devices.

Please also tell us if you use NetworkManager or /etc/network for
configuration.

Re: How do I connect my new wifi router (Mi Router 4C)?

[Geert Stappers]

On Wed, Oct 25, 2023 at 06:15:00AM +0200, Martin wrote:
> Hello,
> 
snip
> 
> I tried lot of setup and none worked.

And also missed https://lists.debian.org/debian-user/2023/10/msg00684.html
and https://lists.debian.org/debian-user/2023/10/msg00685.html
and https://lists.debian.org/debian-user/2023/10/msg00688.html
and https://lists.debian.org/debian-user/2023/10/msg00690.html
 


It is not how it works



Groeten
Geert Stappers
-- 
Silence is hard to parse

How do I connect my new wifi router (Mi Router 4C)?

[Martin]

Hello,

With wifi antena I receive a (rather weak) signal that connect my
computer to internet. I have to use windsurfer antena booster
(http://members.multiweb.nl/schaaijw/windsurfer_wifi_en.pdf)
to get usable signal. So my computer have internet signal from
wifi antena - yay great thing :)

Now I also want to connect to internet with my mobile phone!
So I got a wifi router (Mi Router 4C made by Xiaomi)
(web site https://www.mi.com/global/product/mi-router-4c/
documentation https://manuals.plus/_mi/mi-router-4c-manual)

As it turn out I am not so bright to make this whole setup working :(
I pluged in new router to power and connected ethernet cable from my
computer to router WAN connection. (I belive this is how it should be
connected togheder)

>From now I had some partial successes and whole lot of problems.
I will describe what I tried later, but I would like to ask you now
How do I proceed from now on to set up router?


I tried lot of setup and none worked. Here I will describe one that
i hope should work - but does not :(

While I was seting up router as described in
https://manuals.plus/_mi/mi-router-4c-manual
in Step 2 (point 3) it said I do not have internet.
So I choose to manualy set up 'Static address' for
router as folows (my computer has IP address 192.168.231.3):

 IP address: 192.168.231.5
Subnet mask: 255.255.255.0
Default gateway: 192.168.231.3
DNS: 192.168.231.3

After all this setup I could issue those commands on my desktop:

(this is my desktop IP address - just to show it works)
boza@redmoon:~/work
$ ping 192.168.231.3
PING 192.168.231.3 (192.168.231.3) 56(84) bytes of data.
64 bytes from 192.168.231.3: icmp_seq=1 ttl=64 time=0.074 ms
64 bytes from 192.168.231.3: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=3 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=4 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=5 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=6 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=7 ttl=64 time=0.058 ms
^C
 --- 192.168.231.3 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6123ms
rtt min/avg/max/mdev = 0.048/0.057/0.074/0.008 ms

(this is new router IP address)
boza@redmoon:~/work
$ ping 192.168.231.5
PING 192.168.231.5 (192.168.231.5) 56(84) bytes of data.
64 bytes from 192.168.231.5: icmp_seq=1 ttl=64 time=0.445 ms
64 bytes from 192.168.231.5: icmp_seq=2 ttl=64 time=0.381 ms
64 bytes from 192.168.231.5: icmp_seq=3 ttl=64 time=0.384 ms
64 bytes from 192.168.231.5: icmp_seq=4 ttl=64 time=0.360 ms
64 bytes from 192.168.231.5: icmp_seq=5 ttl=64 time=0.376 ms
64 bytes from 192.168.231.5: icmp_seq=6 ttl=64 time=0.403 ms
^C
 --- 192.168.231.5 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5107ms
rtt min/avg/max/mdev = 0.360/0.391/0.445/0.027 ms


So ping work as expected but when i look on my mobile phone and
connect wirelesly to router and on phone I look with browser at
address 192.168.31.1 (this is addres router is using when i look
from phone) it show me that I can connet from mobile phone to router
(with green line on the picture it shows) but I can not connect
to internet (it shows red line from router to internet)

I hope someone will be able to give me some hint how to solve
this issue and be able to connect to internet from router - and
connected phone.

Martin

How do I connect my new wifi router (Mi Router 4C)?

[Fero Dali]

Hello,

With wifi antenna I receive a (rather weak) signal that connect my
computer to internet. I have to use windsurfer antenna booster
(http://members.multiweb.nl/schaaijw/windsurfer_wifi_en.pdf)
to get usable signal. So my computer have internet signal from
wifi antenna - yay great thing :)

Now I also want to connect to internet with my mobile phone!
So I got a wifi router (Mi Router 4C made by Xiaomi)
(web site https://www.mi.com/global/product/mi-router-4c/
documentation https://manuals.plus/_mi/mi-router-4c-manual)

As it turn out I am not so bright to make this whole setup working :(
I pluged in new router to power and connected ethernet cable from my
computer to router WAN connection. (I believe this is how it should be
connected togheder)

>From now I had some partial successes and whole lot of problems.
I will describe what I tried later, but I would like to ask you now
How do I proceed from now on to set up router?


I tried lot of setup and none worked. Here I will describe one that
i hope should work - but does not :(

While I was setting up router as described in
https://manuals.plus/_mi/mi-router-4c-manual
in Step 2 (point 3) it said I do not have internet.
So I choose to manualy set up 'Static address' for
router as follows (my computer has IP address 192.168.231.3):

 IP address: 192.168.231.5
Subnet mask: 255.255.255.0
Default gateway: 192.168.231.3
DNS: 192.168.231.3

After all this setup I could issue those commands on my desktop:

(this is my desktop IP address - just to show it works)
boza@redmoon:~/work
$ ping 192.168.231.3
PING 192.168.231.3 (192.168.231.3) 56(84) bytes of data.
64 bytes from 192.168.231.3: icmp_seq=1 ttl=64 time=0.074 ms
64 bytes from 192.168.231.3: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=3 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=4 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=5 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=6 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=7 ttl=64 time=0.058 ms
^C
--- 192.168.231.3 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6123ms
rtt min/avg/max/mdev = 0.048/0.057/0.074/0.008 ms

(this is new router IP address)
boza@redmoon:~/work
$ ping 192.168.231.5
PING 192.168.231.5 (192.168.231.5) 56(84) bytes of data.
64 bytes from 192.168.231.5: icmp_seq=1 ttl=64 time=0.445 ms
64 bytes from 192.168.231.5: icmp_seq=2 ttl=64 time=0.381 ms
64 bytes from 192.168.231.5: icmp_seq=3 ttl=64 time=0.384 ms
64 bytes from 192.168.231.5: icmp_seq=4 ttl=64 time=0.360 ms
64 bytes from 192.168.231.5: icmp_seq=5 ttl=64 time=0.376 ms
64 bytes from 192.168.231.5: icmp_seq=6 ttl=64 time=0.403 ms
^C
--- 192.168.231.5 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5107ms
rtt min/avg/max/mdev = 0.360/0.391/0.445/0.027 ms


So ping work as expected but when i look on my mobile phone and
connect wirelesly to router and on phone I look with browser at
address 192.168.31.1 -this is addres router is using when i look
from phone- it show me that I can connect from mobile phone to router
(with green line on the picture it shows) but I can not connect
to internet (it shows red line from router to internet)

I hope someone will be able to give me some hint how to solve
this issue and be able to connect to internet from router - and
connected phone.

Martin

How do I connect my new wifi router (Mi Router 4C)?

[Martin]

Hello,

With wifi antena I receive a (rather weak) signal that connect my
computer to internet. I have to use windsurfer antena booster
(http://members.multiweb.nl/schaaijw/windsurfer_wifi_en.pdf)
to get usable signal. So my computer have internet signal from
wifi antena - yay great thing :)

Now I also want to connect to internet with my mobile phone!
So I got a wifi router (Mi Router 4C made by Xiaomi)
(web site https://www.mi.com/global/product/mi-router-4c/
documentation https://manuals.plus/_mi/mi-router-4c-manual)

As it turn out I am not so bright to make this whole setup working :(
I pluged in new router to power and connected ethernet cable from my
computer to router WAN connection. (I belive this is how it should be
connected togheder)

>From now I had some partial successes and whole lot of problems.
I will describe what I tried later, but I would like to ask you now
How do I proceed from now on to set up router?


I tried lot of setup and none worked. Here I will describe one that
i hope should work - but does not :(

While I was seting up router as described in
https://manuals.plus/_mi/mi-router-4c-manual
in Step 2 (point 3) it said I do not have internet.
So I choose to manualy set up 'Static address' for
router as folows (my computer has IP address 192.168.231.3):

 IP address: 192.168.231.5
Subnet mask: 255.255.255.0
Default gateway: 192.168.231.3
DNS: 192.168.231.3

After all this setup I could issue those commands on my desktop:

(this is my desktop IP address - just to show it works)
boza@redmoon:~/work
$ ping 192.168.231.3
PING 192.168.231.3 (192.168.231.3) 56(84) bytes of data.
64 bytes from 192.168.231.3: icmp_seq=1 ttl=64 time=0.074 ms
64 bytes from 192.168.231.3: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=3 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=4 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=5 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=6 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=7 ttl=64 time=0.058 ms
^C
--- 192.168.231.3 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6123ms
rtt min/avg/max/mdev = 0.048/0.057/0.074/0.008 ms

(this is new router IP address)
boza@redmoon:~/work
$ ping 192.168.231.5
PING 192.168.231.5 (192.168.231.5) 56(84) bytes of data.
64 bytes from 192.168.231.5: icmp_seq=1 ttl=64 time=0.445 ms
64 bytes from 192.168.231.5: icmp_seq=2 ttl=64 time=0.381 ms
64 bytes from 192.168.231.5: icmp_seq=3 ttl=64 time=0.384 ms
64 bytes from 192.168.231.5: icmp_seq=4 ttl=64 time=0.360 ms
64 bytes from 192.168.231.5: icmp_seq=5 ttl=64 time=0.376 ms
64 bytes from 192.168.231.5: icmp_seq=6 ttl=64 time=0.403 ms
^C
--- 192.168.231.5 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5107ms
rtt min/avg/max/mdev = 0.360/0.391/0.445/0.027 ms


So ping work as expected but when i look on my mobile phone and
connect wirelesly to router and on phone I look with browser at
address 192.168.31.1 (this is addres router is using when i look
from phone) it show me that I can connet from mobile phone to router
(with green line on the picture it shows) but I can not connect
to internet (it shows red line from router to internet)

I hope someone will be able to give me some hint how to solve
this issue and be able to connect to internet from router - and
connected phone.

Martin

How do I connect my new wifi router (Mi Router 4C)?

[Martin]

Hello,

With wifi antena I receive a (rather weak) signal that connect my
computer to internet. I have to use windsurfer antena booster
(http://members.multiweb.nl/schaaijw/windsurfer_wifi_en.pdf)
to get usable signal. So my computer have internet signal from
wifi antena - yay great thing :)

Now I also want to connect to internet with my mobile phone!
So I got a wifi router (Mi Router 4C made by Xiaomi)
(web site https://www.mi.com/global/product/mi-router-4c/
documentation https://manuals.plus/_mi/mi-router-4c-manual)

As it turn out I am not so bright to make this whole setup working :(
I pluged in new router to power and connected ethernet cable from my
computer to router WAN connection. (I belive this is how it should be
connected togheder)

>From now I had some partial successes and whole lot of problems.
I will describe what I tried later, but I would like to ask you now
How do I proceed from now on to set up router?


I tried lot of setup and none worked. Here I will describe one that
i hope should work - but does not :(

While I was seting up router as described in
https://manuals.plus/_mi/mi-router-4c-manual
in Step 2 (point 3) it said I do not have internet.
So I choose to manualy set up 'Static address' for
router as folows (my computer has IP address 192.168.231.3):

 IP address: 192.168.231.5
Subnet mask: 255.255.255.0
Default gateway: 192.168.231.3
DNS: 192.168.231.3

After all this setup I could issue those commands on my desktop:

(this is my desktop IP address - just to show it works)
boza@redmoon:~/work
$ ping 192.168.231.3
PING 192.168.231.3 (192.168.231.3) 56(84) bytes of data.
64 bytes from 192.168.231.3: icmp_seq=1 ttl=64 time=0.074 ms
64 bytes from 192.168.231.3: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=3 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=4 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=5 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=6 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=7 ttl=64 time=0.058 ms
^C
--- 192.168.231.3 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6123ms
rtt min/avg/max/mdev = 0.048/0.057/0.074/0.008 ms

(this is new router IP address)
boza@redmoon:~/work
$ ping 192.168.231.5
PING 192.168.231.5 (192.168.231.5) 56(84) bytes of data.
64 bytes from 192.168.231.5: icmp_seq=1 ttl=64 time=0.445 ms
64 bytes from 192.168.231.5: icmp_seq=2 ttl=64 time=0.381 ms
64 bytes from 192.168.231.5: icmp_seq=3 ttl=64 time=0.384 ms
64 bytes from 192.168.231.5: icmp_seq=4 ttl=64 time=0.360 ms
64 bytes from 192.168.231.5: icmp_seq=5 ttl=64 time=0.376 ms
64 bytes from 192.168.231.5: icmp_seq=6 ttl=64 time=0.403 ms
^C
--- 192.168.231.5 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5107ms
rtt min/avg/max/mdev = 0.360/0.391/0.445/0.027 ms


So ping work as expected but when i look on my mobile phone and
connect wirelesly to router and on phone I look with browser at
address 192.168.31.1 (this is addres router is using when i look
from phone) it show me that I can connet from mobile phone to router
(with green line on the picture it shows) but I can not connect
to internet (it shows red line from router to internet)

I hope someone will be able to give me some hint how to solve
this issue and be able to connect to internet from router - and
connected phone.

Martin

How do I connect my new wifi router (Mi Router 4C)?

[Martin]

Hello,

With wifi antena I receive a (rather weak) signal that connect my
computer to internet. I have to use windsurfer antena booster
(http://members.multiweb.nl/schaaijw/windsurfer_wifi_en.pdf)
to get usable signal. So my computer have internet signal from
wifi antena - yay great thing :)

Now I also want to connect to internet with my mobile phone!
So I got a wifi router (Mi Router 4C made by Xiaomi)
(web site https://www.mi.com/global/product/mi-router-4c/
documentation https://manuals.plus/_mi/mi-router-4c-manual)

As it turn out I am not so bright to make this whole setup working :(
I pluged in new router to power and connected ethernet cable from my
computer to router WAN connection. (I belive this is how it should be
connected togheder)

>From now I had some partial successes and whole lot of problems.
I will describe what I tried later, but I would like to ask you now
How do I proceed from now on to set up router?


I tried lot of setup and none worked. Here I will describe one that
i hope should work - but does not :(

While I was seting up router as described in
https://manuals.plus/_mi/mi-router-4c-manual
in Step 2 (point 3) it said I do not have internet.
So I choose to manualy set up 'Static address' for
router as folows (my computer has IP address 192.168.231.3):

 IP address: 192.168.231.5
Subnet mask: 255.255.255.0
Default gateway: 192.168.231.3
DNS: 192.168.231.3

After all this setup I could issue those commands on my desktop:

(this is my desktop IP address - just to show it works)
boza@redmoon:~/work
$ ping 192.168.231.3
PING 192.168.231.3 (192.168.231.3) 56(84) bytes of data.
64 bytes from 192.168.231.3: icmp_seq=1 ttl=64 time=0.074 ms
64 bytes from 192.168.231.3: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=3 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=4 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=5 ttl=64 time=0.058 ms
64 bytes from 192.168.231.3: icmp_seq=6 ttl=64 time=0.048 ms
64 bytes from 192.168.231.3: icmp_seq=7 ttl=64 time=0.058 ms
^C
--- 192.168.231.3 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6123ms
rtt min/avg/max/mdev = 0.048/0.057/0.074/0.008 ms

(this is new router IP address)
boza@redmoon:~/work
$ ping 192.168.231.5
PING 192.168.231.5 (192.168.231.5) 56(84) bytes of data.
64 bytes from 192.168.231.5: icmp_seq=1 ttl=64 time=0.445 ms
64 bytes from 192.168.231.5: icmp_seq=2 ttl=64 time=0.381 ms
64 bytes from 192.168.231.5: icmp_seq=3 ttl=64 time=0.384 ms
64 bytes from 192.168.231.5: icmp_seq=4 ttl=64 time=0.360 ms
64 bytes from 192.168.231.5: icmp_seq=5 ttl=64 time=0.376 ms
64 bytes from 192.168.231.5: icmp_seq=6 ttl=64 time=0.403 ms
^C
--- 192.168.231.5 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5107ms
rtt min/avg/max/mdev = 0.360/0.391/0.445/0.027 ms


So ping work as expected but when i look on my mobile phone and
connect wirelesly to router and on phone I look with browser at
address 192.168.31.1 (this is addres router is using when i look
from phone) it show me that I can connet from mobile phone to router
(with green line on the picture it shows) but I can not connect
to internet (it shows red line from router to internet)

I hope someone will be able to give me some hint how to solve
this issue and be able to connect to internet from router - and
connected phone.

Martin

Re: VM using Debian cloud image does not connect to virtual network.

[Cristian Capsuna]

Hello,

I have found the solution to this and want to drop it here in case
someone finds this and has the same problem. The solution is described in
this

section of the Debian documentation.

Kind regards,
Cristian Căpșună


On Wed, 16 Aug 2023 at 07:35, Michael Kjörling <2695bd53d...@ewoof.net>
wrote:

> On 16 Aug 2023 07:26 +0100, from cristian.caps...@gmail.com (Cristian
> Capsuna):
> > Also I really like your website design. I've got it as a personal
> goal
> > to create one for myself at some point.
>
> Thank you. It's a ready-made Wordpress theme (Lovecraft) which I have
> tweaked with some custom CSS, so for most of the design I can't claim
> credit.
>
> --
> Michael Kjörling  https://michael.kjorling.se
> “Remember when, on the Internet, nobody cared that you were a dog?”
>
>

Re: VM using Debian cloud image does not connect to virtual network.

[Cristian Capsuna]

Hi Michael,

Thank you very much for taking the time to respond to my e-mail.

I will give the posts a read and try to adapt them to my issue. Will
get back with feedback thereafter.

Also I really like your website design. I've got it as a personal goal
to create one for myself at some point.

Kind regards,
Cristian Căpșună


On Tue, 15 Aug 2023 at 21:27, Michael Kjörling <2695bd53d...@ewoof.net>
wrote:

> On 15 Aug 2023 21:12 +0100, from cristian.caps...@gmail.com (Cristian
> Capsuna):
> > This is my first message to the community
>
> Welcome.
>
>
> > Finally, what is my problem? I have many problems but what you kind
> > folk might be able to help me with is the lack of network connectivity of
> > this VM machine created using a Debian cloud image. I have not done any
> of
> > the cloud-init stuff. I am trying to keep the number of mechanisms I need
> > to learn and set-up low.
> >
> > I have tried using the below images:
> >
> >- debian-12-genericcloud-amd64-20230802-1460
> >- debian-12-generic-amd64-20230802-1460
>
> I haven't tried specifically with the "cloud" images, but I've done
> something very similar to what it seems like you're doing (minus the
> Ansible portion, at least so far) with the standard installation
> DVD/USB images. Getting guest network connectivity with KVM is
> slightly convoluted, but this blog post of mine might perhaps help you
> get unstuck:
>
>
> https://michael.kjorling.se/blog/2022/linux-kvm-host-nftables-guest-networking/
>
> I was running Debian 11 when I wrote it but am fairly certain I didn't
> need to make any adjustments when upgrading to Debian 12.
>
> You may also be interested in
>
> https://michael.kjorling.se/debian-12-bookworm-preseed/
>
> I hope that this will help you get unstuck.
>
> --
> Michael Kjörling  https://michael.kjorling.se
> “Remember when, on the Internet, nobody cared that you were a dog?”
>
>

Re: VM using Debian cloud image does not connect to virtual network.

[Michael Kjörling]

On 15 Aug 2023 21:12 +0100, from cristian.caps...@gmail.com (Cristian Capsuna):
> This is my first message to the community

Welcome.


> Finally, what is my problem? I have many problems but what you kind
> folk might be able to help me with is the lack of network connectivity of
> this VM machine created using a Debian cloud image. I have not done any of
> the cloud-init stuff. I am trying to keep the number of mechanisms I need
> to learn and set-up low.
> 
> I have tried using the below images:
> 
>- debian-12-genericcloud-amd64-20230802-1460
>- debian-12-generic-amd64-20230802-1460

I haven't tried specifically with the "cloud" images, but I've done
something very similar to what it seems like you're doing (minus the
Ansible portion, at least so far) with the standard installation
DVD/USB images. Getting guest network connectivity with KVM is
slightly convoluted, but this blog post of mine might perhaps help you
get unstuck:

https://michael.kjorling.se/blog/2022/linux-kvm-host-nftables-guest-networking/

I was running Debian 11 when I wrote it but am fairly certain I didn't
need to make any adjustments when upgrading to Debian 12.

You may also be interested in

https://michael.kjorling.se/debian-12-bookworm-preseed/

I hope that this will help you get unstuck.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

VM using Debian cloud image does not connect to virtual network.

[Cristian Capsuna]

Hello,

This is my first message to the community so if I am doing something
wrong please assume I am ignorant and not disobedient with respect to the
community rules.

I am also a novice with respect to this wonderful operating system.
That being said, what am I trying to do? I am trying to create an Ansible
playbook that sets up a QEMU/KVM libvirt VM running Debian 12 (without the
Desktop stuff) so that I may experiment with open source tools. The
computer I am trying to do all this stuff from is also running Debian 12( I
like new stuff ) but with the Desktop stuff on.

I did this successfully initially using a Fedora 38 qcow2 image. With
some of the recent news about Red Hat I decided that it is maybe best if
the continuous existence and support of my chosen flavor of Linux/GNU is
not dependent on a corporation.

Finally, what is my problem? I have many problems but what you kind
folk might be able to help me with is the lack of network connectivity of
this VM machine created using a Debian cloud image. I have not done any of
the cloud-init stuff. I am trying to keep the number of mechanisms I need
to learn and set-up low.

I have tried using the below images:

   - debian-12-genericcloud-amd64-20230802-1460
   - debian-12-generic-amd64-20230802-1460

I have also tried adding interface settings to /etc/network/interfaces
to try and make the interface connect and get an ipv4. I tried bringing the
interface up (it is down by default) with ip link set dev  up.
No ipv4 is obtained. After a bit of digging I found that the cloud images
also don't have networking.service (not sure exactly what that implies).

At this point my 4 neurons are screaming in agony hence I have come
seeking assistance. Hope someone has some suggestions about how I may solve
this mystery.

Kind regards,
Cristian Căpșună

Re: [OT] connect to Amazon AWS service

[Jeffrey Walton]

On Fri, Jul 28, 2023 at 12:01 PM Haines Brown  wrote:
>
> Sorry for a quetion not directly related to Debian, but where else
> to turn?
>
> I've used an on line validation servce to which I submit code. It
> terminated with the note that it has now become a web service on the
> Amazon EC2 Web Service. I registered for this cloud sercice, but have
> no idea how to access an instance created by someone else.

https://news.ycombinator.com/item?id=29685927

Jeff

Re: [OT] connect to Amazon AWS service

[Steve Sobol]

On 2023-07-28 08:46, Haines Brown wrote:

Sorry for a quetion not directly related to Debian, but where else
to turn?

I've used an on line validation servce to which I submit code. It
terminated with the note that it has now become a web service on the
Amazon EC2 Web Service. I registered for this cloud sercice, but have
no idea how to access an instance created by someone else.


I'm not sure what you're asking. You don't have access to anyone else's 
AWS resources unless someone gives you access to theirs.

Re: [OT] connect to Amazon AWS service

[James H. H. Lampert]

On 7/28/23 8:46 AM, Haines Brown wrote:

I've used an on line validation servce to which I submit code. It
terminated with the note that it has now become a web service on the
Amazon EC2 Web Service. I registered for this cloud sercice, but have
no idea how to access an instance created by someone else.


Just because a service is hosted on an Amazon EC2 instance doesn't mean 
that having an account on AWS is necessary for access to it. Neither 
does it mean that having an account on AWS will automatically get you 
access to it. We offer a SAAS version of our CRM application, hosted on 
AWS; having an AWS account is neither a necessary condition for access 
to the product, nor a sufficient condition.


You probably need to contact the owner of the service for instructions 
on how to proceed.


--
JHHL

[OT] connect to Amazon AWS service

[Haines Brown]

Sorry for a quetion not directly related to Debian, but where else 
to turn?

I've used an on line validation servce to which I submit code. It 
terminated with the note that it has now become a web service on the 
Amazon EC2 Web Service. I registered for this cloud sercice, but have 
no idea how to access an instance created by someone else.

-- 

 Haines Brown 

Re: Re: Re: Can't connect bluetooth headset after resent update (testing)

[Олександр Скоропад]

> Checked but no luck. I can pair headset but can't use it(

Another thread here reported following
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997862=no=no=norelated
> to bug #997862 which seemed to work for me, that is,installing a package
> libspa-0.2-bluetooth.and I found on the PA devel mailing listBug#993011:
> pulseaudio-module-bluetooth: no longer detects bluetooth headphones
> do you have libspa-0.2-bluetooth installed?
>

This solution worked for me! Thanks a lot

Re: Re: Can't connect bluetooth headset after resent update (testing)

[Олександр Скоропад]

Checked but no luck. I can pair headset but can't use it(

Re: Can't connect bluetooth headset after resent update (testing)

[deloptes]

Олександр Скоропад wrote:

> Unfortunately not my case, because libpulse-mainloop-glib0 already
> installed

try 

backup and deleting
~/.pulse
/var/lib/bluetooth/
reboot
pair

regards

-- 
FCD6 3719 0FFB F1BF 38EA 4727 5348 5F1F DCFE BCB0

Re: Can't connect bluetooth headset after resent update (testing)

[Олександр Скоропад]

Unfortunately not my case, because libpulse-mainloop-glib0 already installed

Re: Can't connect bluetooth headset after resent update (testing)

[deloptes]

Олександр Скоропад wrote:

> Nov 1 16:09:10 Skoropad bluetoothd[1204]:
> src/service.c:btd_service_connect() a2dp-sink profile connect failed for
> 00:16:94:42:30:F4: Protocol not available I've found that there were
> similar error with previous versions of pipewire and apt history shows
> that there was pipewire update couple of days before issue (I don't use
> headset everyday), so maybe it's related to this isue

I had this recently too. One package was missing. I think it was 
libpulse-mainloop-glib0:amd64

-- 
FCD6 3719 0FFB F1BF 38EA 4727 5348 5F1F DCFE BCB0

Can't connect bluetooth headset after resent update (testing)

[Олександр Скоропад]

In bluetooth log there is only one line:

Nov 1 16:09:10 Skoropad bluetoothd[1204]: src/service.c:btd_service_connect() 
a2dp-sink profile connect failed for 00:16:94:42:30:F4: Protocol not available
I've found that there were similar error with previous versions of pipewire and 
apt history shows that there was pipewire update couple of days before issue (I 
don't use headset everyday), so maybe it's related to this isue

Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)

[Andrei POPESCU]

On Jo, 30 sep 21, 13:24:46, David Wright wrote:
> 
> Nor I, but I certainly intend to try it out, and have read through
> that Arch wiki page. It (iwd) is in buster, but then, so is wicd,
> and I've been using wicd/wpa_supplicant for some years with no need
> to change. I'm somewhat surprised that there's been no reply from
> an iwd user.

Following some post on -devel I tried using iwd with Network Manager[1], 
purely as a replacement for wpasupplicant.

The connection was less stable for me so I went back to wpasupplicant. I 
might try it again if I ever upgrade this laptop to bullseye.

[1] as far as I recall the method is pretty simple and well documented 
on the 'net.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)

[Anssi Saari]

Stella Ashburne  writes:

> Yes, I was referring to using the old script update-resolv-conf with OpenVPN.
>
>> I never got that to do the right thing with any
>> reliability.
>>
> Please explain what you meant by your statement.
>
> I've been using update-resolv-conf with OpenVPN without problems for
> the past four to five years. The dozen or two commercial VPN providers
> insist that I use update-resolv-conf to prevent DNS and data leaks.

If it works for you, great. My problem was that I usually ended up with
the VPN's DNS and my router in resolv.conf so DNS leak was
automatic. Also it didn't always remove the VPN DNS from resolv.conf
when the VPN went down, with the end result that nothing could be
resolved and openvpn couldn't reconnect. I think I mangled the script a
little which helped but update-systemd-resolved just works. For me.

> ? With systemd-resolved you can use update-systemd-resolved
>> which actually seems to work.
>>
> Would you like to share with me how to invoke/launch systemd-resolved
> and update-systemd-resolved in combination with OpenVPN please? Do I
> need to install packages in order to have systemd-resolved and
> update-systemd-resolved?

Systemd-resolved is part of systemd and it's invoked as usual by
systemctl, the service name is systemd-resolved.service. It also has the
benefit that you can configure interface specific DNS so you can still
use a local DNS for local names. Brilliant feature if you use VPNs but
still want to use your LAN too.

Systemd-resolved's usual config is to use it as stub resolver so you
have nameserver 127.0.0.53 in /etc/resolv.conf and actual resolving
config can be shown by resolvectl status. It definitely doesn't make
life simpler but for me it works.

update-systemd-resolved is in Debian package
openvpn-systemd-resolved. To use it with openvpn and systemd-resolved it
just needs a few options in openvpn's config like this:

script-security 2
up /etc/openvpn/update-systemd-resolved
up-restart 
down /etc/openvpn/update-systemd-resolved
down-pre

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[riveravaldez]

On 9/30/21, Stella Ashburne  wrote:
> Hi
>
> Thanks for sharing your experience with me.

Hi, Stella, you're most welcome. :)

>> Sent: Thursday, September 30, 2021 at 2:38 PM
>> From: "riveravaldez" 
>> To: debian-user@lists.debian.org
>> Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 -
>> Connection status show OK but unable to surf the net)
>>
>>
>> Hi, my case was similar, while in Debian I use just
>> /etc/network/interfaces
>> file or NM, in a Dell laptop with Arch I was using Wicd until it got more
>> or less abandoned and out of official repositories (like in Debian,
>> IIRC),
>
> You're right. Before writing this reply, I checked for the latest version of
> wicd on packages.debian.org and the latter returned zero results.

I used Wicd for a long time, always flawlessly, simple and lightweight.
But sadly it seems like last version is from 2016[1] and «wicd depends
on python2 and is unmaintained.»[2] I don't know of any port to python3.

>> so, following Arch wiki instructions, I changed Wicd for the
>> systemd-networkd+iwd combo, and the Wi-Fi connections are working
>> fine (previously, wpa_supplicant gave me some persistent problems...).
>> So, I can say that it's a pretty functional and simple tool for the task.
>> Meaning, it works.
>>
> According to some tutorials that I found on the internet, it's advisable to
> remove/uninstall wpa_supplicant before using iwd due to potential
> conflicts.

Indeed. You must first remove wpa_supplicant. They perform, more or less,
the same function, I guess.

> As for your statement "..I changed Wicd for the systemd-networkd+iwd
> combo...", how did you do it? Could you share how you used systemd-networkd
> with iwd please? I'm still learning Linux, you know and I appreciate all the
> help that everyone here is willing to give.

Sure, but I did this in an Arch system, so, I'm not sure the steps would be
the same -probably not. I followed the detailed instructions you can read (more
or less, in that order) at:

https://wiki.archlinux.org/title/Network_configuration
https://wiki.archlinux.org/title/Network_configuration/Wireless
https://wiki.archlinux.org/title/Systemd-networkd
https://wiki.archlinux.org/title/Iwd

«The systemd package is part of the default Arch installation and contains all
needed files to operate a wired network. Wireless adapters, covered
later in this
article, can be set up by services, such as wpa_supplicant or iwd.»

So, IIRC, just be sure to don't have N-M, Wicd, etc., installed.

In Debian I just use the /etc/network/interfaces file or N-M, but
probably it would
be best for you to check these:

https://www.debian.org/doc/manuals/debian-reference/ch05.en.html
https://wiki.debian.org/NetworkConfiguration
https://wiki.debian.org/WiFi
https://wiki.debian.org/SystemdNetworkd
https://wiki.debian.org/NetworkManager/iwd

Sorry I can't provide nothing succinct and useful/straightforward.

Best regards!

[1] https://launchpad.net/wicd
[2] https://wiki.archlinux.org/title/Wicd

Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)

[David Wright]

On Thu 30 Sep 2021 at 14:46:50 (-0400), Greg Wooledge wrote:
> On Thu, Sep 30, 2021 at 01:30:20PM -0500, David Wright wrote:
> > 192.168.1.1 looks like the d-i ran a DHCP client to get an address
> > for your PC, and that the DHCP server that responded was probably
> > your router, address 192.168.1.1, and so the d-i figured that your
> > router would be able to resolve DNS.
> 
> The DHCP server actually sends nameserver addresses to the DHCP client.
> In the case of a home router, the nameserver address will typically
> be the router's internal IP address, which is often 192.168.1.1.
> 
> It's *not* d-i deciding to try using the router as a nameserver on a whim.

Yes, badly expressed personification, I'm afraid. …
Though it does appear that the syslog also expresses this less than clearly:

  netcfg[5552]: WARNING **: Started DHCP client; PID is 5581
  udhcpc: Got IP 192.168.1.14 (using enp3s0) and routing through 192.168.1.1
  netcfg[5552]: DEBUG: Reading domain name returned via DHCP
→
  netcfg[5552]: DEBUG: Reading nameservers from /etc/resolv.conf
  netcfg[5552]: DEBUG: Read nameserver 192.168.1.1

Might one assume that the nameservers are written into
/etc/resolv.conf by the DHCP client at →, so that they
can immediately be read again in order to attempt (and
fail) to ascertain the hostname from the nameserver.

Cheers,
David.

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[David Wright]

On Thu 30 Sep 2021 at 14:11:51 (-0400), Lee wrote:
> On 9/30/21, Stella Ashburne  wrote:
> >> Sent: Thursday, September 30, 2021 at 11:48 PM
> >> From: to...@de
> >> On Thu, Sep 30, 2021 at 10:14:05AM -0400, Henning Follmann wrote:
> >>
> >> [...]
> >>
> >> > What baffels me is though, at what length someone would go to not use
> >> > the default
> >> > methods to connect  via wifi. Especially when they showed limited
> >> > experience
> >> > in networking in the first place.
> >>
> >> This remark was, IMO, unnecessary: after all, that's how we learn around
> >> here,
> >> don't we?
> >>
> >> At least that's how I learn.
> >>
> > Bingo. I couldn't agree with you more.
> 
> Seriously!!?  My wireless is slow, so I've been sort of following this
> thread in case something useful (to me :-) gets mentioned, but all the
> learning being done seems to be of the negative "this doesn't work"
> flavour,,
> 
> Why not stick with standard procedure and follow
>   https://wiki.debian.org/WiFi/HowToUse
> 
> That at least seems to be a better bet for getting a working wireless
> connection that you can then improve upon later.

 "it's also possible to nearly base your entire networking stack on
  one codebase with IWD alone. It's an all-in-one wireless client,
  wireless daemon, and even a DHCP client optionally! At its best, your
  entire networking stack can be as minimal as IWD + systemd-resolved,
  and this works wonderfully for many scenarios. It has virtually zero
  dependencies and uses modern kernel features as often as
  possible. Anecdotal reports suggest that it's much faster to connect
  to networks than wpa_supplicant, and has better roaming support,
  among other perceived improvements."

I like the idea of better roaming support. But even at home, I want a
connection method that occasionally "goes to sleep" and means crossing
the house to sort it out.

 'If "EnableNetworkConfiguration=true" is set, you'll also need to
  configure IWD's name resolving service. It supports systemd-resolved
  and resolvconf.'

Currently I run resolvconf. As I wrote elsewhere, I've not delved into
how systemd has disturbed things.

Anyway, AIUI this wiki page seems to assume that you're converting a
running WiFi from wpa_supplicant to iwd, rather than setting up iwd
from scratch. So it (again, seems to) lack too many troubleshooting
methods for those doing the latter on a new installation.

Cheers,
David.

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Brian]

On Thu 30 Sep 2021 at 19:33:45 +0200, to...@tuxteam.de wrote:

> On Thu, Sep 30, 2021 at 12:23:45PM -0400, Henning Follmann wrote:
> > On Thu, Sep 30, 2021 at 05:48:19PM +0200, to...@tuxteam.de wrote:
> 
> [...]
> 
> > > At least that's how I learn.
> > > 
> > 
> > That is not me.
> 
> People tend to be different. That makes things... interesting.

That's the bit where advising a user is folloed by

  How do I copy and paste?

or

  What's a terminal?

Interesting? Ever done user-support?
 
> > I will not encourage anyone to set themselves up for failure.
> > I might be unpolished, and you expressed before that I am rude.
> 
> Wait a sec. If I did that (if you say so I take it at face value)
> please, accept my apologies.
> 
> > However I think most people benefit from a realistic point
> > of their own capabilities.
> > I just do not think throwing somebody from a ship in the middle
> > of the ocean and thinking he/she will learn to swim. I rather send
> > them to the kiddie pool, no matter how offended they are.
> > 
> > And it is not the case that I do not want them to learn. Quite the
> > opposite is true.
> 
> I I wouldn't propose "throwing somebody from a ship". But if
> someone wants to jump, I'd tell them what they can expect
> instead of just telling them "don't do it". And have a lifebuoy
> at hand.

Passenger: I've had enough. I am going to jump.
tomas: Can you swim?
Passenger: No.
tomas: You will drown, but I will throw you a lifebuoy.
Passenger: Will that help?
tomas: Not really. We are in Artic waters. You will succumb to
   hypothermia within minites.
Passenger: Can you help to alleviate that?
tomas: Hold on 10 minutes; I'll get you a duvet.
Passenger: That is very civil of you. Will it keep me alive?
tomas: For a time. But I'll be cold tonight! Don't forget; it's
   my duvet.
Passenge: Does the duvet have the Debian logo on it?
tomas: No, just roses.
Passenge: Do you think you could get one with a petunia pattern?
tomas: This boat does not support such patterns.
Passenge: When I sailed with the Gentoo line they ofered all
  flower patterns.
tomas: The packages they offer to users are different.
Passenger: I wish I had used the default method to connect via
   WiFi to my Debian machine. I am doomed!

[Splash.]

[ tomas wonders whether a more proactive stance could have put
the situation on a more even keel.]

[Exit stage left and right.]

-- 
Brian.

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[tomas]

On Thu, Sep 30, 2021 at 02:05:50PM -0400, Henning Follmann wrote:

[...]

> No apology necessary.

OK, thanks.

> I know I am opinionated and right in your
> face (and a reverse snob as my wife regularly points out).
> But I am also a big boy, I can take it if you yell back at me.

Still I try hard to not call people "rude". I may characterise
a message as rude, yes, but not the person behind it.

It doesn't work out always, alas :-)

Cheers
 - t


signature.asc
Description: Digital signature

Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)

[Greg Wooledge]

On Thu, Sep 30, 2021 at 01:30:20PM -0500, David Wright wrote:
> 192.168.1.1 looks like the d-i ran a DHCP client to get an address
> for your PC, and that the DHCP server that responded was probably
> your router, address 192.168.1.1, and so the d-i figured that your
> router would be able to resolve DNS.

The DHCP server actually sends nameserver addresses to the DHCP client.
In the case of a home router, the nameserver address will typically
be the router's internal IP address, which is often 192.168.1.1.

It's *not* d-i deciding to try using the router as a nameserver on a whim.

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[David Wright]

On Thu 30 Sep 2021 at 15:55:54 (+0200), Stella Ashburne wrote:
> > Sent: Thursday, September 30, 2021 at 1:22 PM
> > From: "David Wright" 

> > > [Security]
> > > PreSharedKey=a long string of alphanumeric characters
> > > Passphrase=aquickbrownfoxjumpsoverthelazydog
> > 
> > I take it that you edited in the passphrase, and iwd wrote
> > the PreSharedKey into the file itself?
> > 
> Yes, before I submitted my post to lists.debian.org, I changed my passphrase 
> to aquickbrownfoxjumpsoverthelazydog

I expected that. I was only confirming that you didn't write the PSK,
but only the passphrase. iwd then fills it in. Speaking of which, I'm
not sure what is meant (in the wiki) by "connect" in "The pre-shared
key will be appended to the file at the first connect". Does this mean
when one commands iwctl, or when the SSID is seen.

> > > [IPv4]
> > > Address=192.168.30.115
> > > Netmask=255.255.255.0
> > > Gateway=192.168.30.1
> > > Broadcast=192.168.30.255
> > > DNS=8.8.8.8
> > 
> > Where did you get the number 115 from?
> > 
> My dear David, I plucked it out of thin air. Mea culpa, mea maxima culpa?? I 
> could have just typed 130 instead of 115.

In which case, is the 30 made up. We just don't know whether the PC is
on the same network as the router yet. And I don't have experience of
setting up a static network without the router's cooperation on
choosing addresses.

> > It's claimed that iwd can do DHCP itself. For this, you'd drop
> > the [IPv4] paragraph above, and instead put
> > 
> > [General]
> > EnableNetworkConfiguration=true
> > into /etc/iwd/main.conf (create if necessary).
> >
> Yes, I think ArchLinux's wiki mentions that starting with iwd's version 0.9, 
> the latter can do DHCP...
> 
> > > Please note that I have disabled IPv6 by adding the line
> > > 
> > > GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"
> > > 
> > > to /etc/default/grub
> > 
> > It's claimed that iwd only configures IPv6 if you have
> > 
> > [Network]
> > EnableIPv6=true
> > 
> > in /etc/iwd/main.conf.
> > 
> That's absolutely correct. In fact according to the same ArchLinux's wiki, 
> with iwd, support for IPv6 is disabled by default.
> 

Cheers,
David.

Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)

[David Wright]

On Thu 30 Sep 2021 at 15:17:03 (+0200), Stella Ashburne wrote:
> > Sent: Thursday, September 30, 2021 at 1:38 PM
> > From: "David Wright" 
> >
> > My usual strategy is to let the Debian installer set the dns server to
> > IP address of the router, and configure the router to query 8.8.8.8/1.1.1.1.
> > It's not ideal if you have a router that doesn't "belong" to you,
> > ie that you can't configure yourself.
> >
> In the past I used to let the Debian installer set the DNS resolver for me. 
> But you know what? When I did that, I found out that Debian added 192.163.1.1 
> as one of the DNS resolvers. This was and is a No!No! for me because of 
> possible DNS leaks when I used a commercial VPN provider.

Is 192.163.1.1 a typo for 192.168.1.1? Or do you really mean that you
were using a resolver at Texas Instruments? Let's assume the former.

192.168.1.1 looks like the d-i ran a DHCP client to get an address
for your PC, and that the DHCP server that responded was probably
your router, address 192.168.1.1, and so the d-i figured that your
router would be able to resolve DNS. If it couldn't, it would pass
the request through to whichever resolvers were set up in the router
(by you). This is all standard practice. As I said, you are free to
override it, and I gave one possible hack. (Hack because I haven't
tried to keep up with the proper commands since it was mingled with
systemd, and sprouted resolvctl.)

The idea behind resolvconf is that when you connect to a different
network (say, in a hotel), or to a VPN, it can update the resolver
addresses in /etc/resolv.conf to suit, and reverse them when you
disconnect. If you only ever want a fixed set of DNS resolvers,
then I don't think you need resolvconf at all. Some people even
make /etc/resolv.conf immutable.

Cheers,
David.

Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)

[David Wright]

On Thu 30 Sep 2021 at 07:21:04 (-0400), Greg Wooledge wrote:
> On Thu, Sep 30, 2021 at 12:38:29AM -0500, David Wright wrote:
> > My usual strategy is to let the Debian installer set the dns server to
> > IP address of the router, and configure the router to query 8.8.8.8/1.1.1.1.
> > It's not ideal if you have a router that doesn't "belong" to you,
> > ie that you can't configure yourself.
> > 
> > Resolvconf squirrels that original address away in
> > /etc/resolvconf/resolv.conf.d/original so that it can revert to it
> > after you have left other networks/VPNs etc. So I guess that, at
> > worst, you can just write in whatever you want into that file.
> > Check it is still there after the next boot, and also check
> > /etc/resolv.conf (which is a symlink) to make sure that it used it ok.
> 
> /etc/resolv.conf *can* be a symlink, or not.  Depends on what you've
> installed.
> 
> https://wiki.debian.org/resolv.conf

You snipped the last line that I quoted, which said
"I also installed the package resolvconf because I need to
use it with openvpn." Resolvconf is the subject of my paragraph.

> This page doesn't talk about iwd... partly because I'd never heard of it
> at the time I wrote most of the content on that page.  I've certainly
> never used it, and I don't know how it works, how resolvconf interacts
> with it, etc.

Nor I, but I certainly intend to try it out, and have read through
that Arch wiki page. It (iwd) is in buster, but then, so is wicd,
and I've been using wicd/wpa_supplicant for some years with no need
to change. I'm somewhat surprised that there's been no reply from
an iwd user.

> It [wiki resolv.conf] also doesn't talk about systemd-networkd, or 
> network-manager.  If
> some people out there know how those things work (in *detail*) and
> are able to contribute to the wiki page, that would be great.

I haven't used either of those, nor ConnMan, but at the moment,
I was treating resolvconf as a side dish, the main course being
to get to ping something using iwd.

Cheers,
David.

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[David Wright]

On Thu 30 Sep 2021 at 16:09:44 (+0200), Stella Ashburne wrote:
> > Sent: Thursday, September 30, 2021 at 6:06 AM
> > From: "Dan Ritter" 
> >
> > Might I suggest wicd, which people here do have experience with
> > and have used successfully?
> >
> Before writing this reply, I checked with packages.debian.org and I couldn't 
> find the package wicd in Debian's official list of packages for Debian 11. It 
> seems that it's been removed for some reasons.

It requires python2→3 conversion. Python2 is officially expired.

PS I wouldn't email Intel iwd developers. It would be a bit like
calling the Federal Reserve for help filling in a mortgage form.

Cheers,
David.

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Lee]

On 9/30/21, Stella Ashburne  wrote:
> Hi Tomas
>
>> Sent: Thursday, September 30, 2021 at 11:48 PM
>> From: to...@de
>> To: debian-user@lists.debian.org
>> Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 -
>> Connection status show OK but unable to surf the net)
>>
>> On Thu, Sep 30, 2021 at 10:14:05AM -0400, Henning Follmann wrote:
>>
>> [...]
>>
>> > What baffels me is though, at what length someone would go to not use
>> > the default
>> > methods to connect  via wifi. Especially when they showed limited
>> > experience
>> > in networking in the first place.
>>
>> This remark was, IMO, unnecessary: after all, that's how we learn around
>> here,
>> don't we?
>>
>> At least that's how I learn.
>>
> Bingo. I couldn't agree with you more.

Seriously!!?  My wireless is slow, so I've been sort of following this
thread in case something useful (to me :-) gets mentioned, but all the
learning being done seems to be of the negative "this doesn't work"
flavour,,

Why not stick with standard procedure and follow
  https://wiki.debian.org/WiFi/HowToUse

That at least seems to be a better bet for getting a working wireless
connection that you can then improve upon later.

Best Regards,
Lee

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Brian]

On Thu 30 Sep 2021 at 12:23:45 -0400, Henning Follmann wrote:

> On Thu, Sep 30, 2021 at 05:48:19PM +0200, to...@tuxteam.de wrote:
> > On Thu, Sep 30, 2021 at 10:14:05AM -0400, Henning Follmann wrote:
> > 
> > [...]
> > 
> > > What baffels me is though, at what length someone would go to not use the 
> > > default
> > > methods to connect  via wifi. Especially when they showed limited 
> > > experience
> > > in networking in the first place.
> > 
> > This remark was, IMO, unnecessary: after all, that's how we learn around 
> > here,
> > don't we?
> >
> > At least that's how I learn.
> > 
> 
> That is not me.
> I will not encourage anyone to set themselves up for failure.
> I might be unpolished, and you expressed before that I am rude.
> However I think most people benefit from a realistic point
> of their own capabilities.
> I just do not think throwing somebody from a ship in the middle
> of the ocean and thinking he/she will learn to swim. I rather send
> them to the kiddie pool, no matter how offended they are.

Someone jumping in at the deep end is eventually going to learn,
but it frequently would involve someone elses considerable time
and effort. Something to factor in when co-operation is on the
table.

Sharing knowledge and experience with a user who hasn't any clear
concept of what the shallow end is like very often doesn't lead to
a satisfactory outcome. Advising going back to basics is likely to
be of the greatest benefit to both parties.

> And it is not the case that I do not want them to learn. Quite the
> opposite is true.

This is very believable. I wouldn't doubt it.

-- 
Brian.

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Henning Follmann]

On Thu, Sep 30, 2021 at 07:33:45PM +0200, to...@tuxteam.de wrote:
> On Thu, Sep 30, 2021 at 12:23:45PM -0400, Henning Follmann wrote:
> > On Thu, Sep 30, 2021 at 05:48:19PM +0200, to...@tuxteam.de wrote:
> 
> [...]
> 
> > > At least that's how I learn.
> > > 
> > 
> > That is not me.
> 
> People tend to be different. That makes things... interesting.
> 
> > I will not encourage anyone to set themselves up for failure.
> > I might be unpolished, and you expressed before that I am rude.
> 
> Wait a sec. If I did that (if you say so I take it at face value)
> please, accept my apologies.
> 
No apology necessary. I know I am opinionated and right in your
face (and a reverse snob as my wife regularly points out).
But I am also a big boy, I can take it if you yell back at me.


-H


-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)

[Reco]

On Thu, Sep 30, 2021 at 04:06:09PM +0200, Stella Ashburne wrote:
> Based on the above description, do you think that update-resolv-conf in 
> Bullseye will leak the IP addresses of my ISP's DNS resolvers?

It's impossible to tell.
DNS is a simple L7 protocol, so DNS queries can be easily routed to any
DNS by whoever controls your network. I know because at my home LAN each
and every device uses *my* DNS regardless of what it want. I don't need
my DNS queries processed by Google and Cloudflare, and every reasonable
person caring about their actual privacy will want the same.


I had a somewhat different concern - how to prevent public/ISP DNS to
see DNS queries that apply to my employer LAN, and direct those to my
employer's DNSes. And, of course, how to direct DNS queries concerning
Internet resources at the proper place - i.e. public/ISP DNS.

I mean, if your concern is to hide your IP from yours ISP - consider
using Tor/I2P instead of some random openvpn server operated by $DEITY
knows who. If you do not trust your ISP whom you're paying to - there's
no reason to trust a random VPN provider. And both Tor and I2P are much
easier to setup than any kind of VPN client.
Even better yet - do some research on FreedomBox project. These guys did
it all for you already.


> > Back in the day I solved that problem by using a custom dnsmasq config
> > and a handful of netfilter rules, these days I just use network namespaces.
> >
> Would you like to show me how to use network namespaces to solve the
> problems when using update-resolv-conf?

The short answer is - it's not possible to do it this way.

The long answer is:
You need a "networkless environment" in any form. LXC container with lo
interface only will do.
You write your own wrapper for iproute, that creates a network interface
(I use macvlan, but YMMV) inside the container once openvpn "connection"
is established, and sets an appropriate IP/route to that interface.
You modify update-resolv-conf (or better yet - write your own) which
runs resolvconf inside the container.

That way you keep your host free from the hassle of modifying
/etc/resolv.conf and IP routing table, and keep whatever openvpn
advertises you inside the container.

It may sound a bit involved, but it's the easiest way for me to deal
with the abforementioned problem.
Before you ask - no, I won't share whatever scripts I wrote for this.
Their contents are private.

Reco

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[tomas]

On Thu, Sep 30, 2021 at 12:23:45PM -0400, Henning Follmann wrote:
> On Thu, Sep 30, 2021 at 05:48:19PM +0200, to...@tuxteam.de wrote:

[...]

> > At least that's how I learn.
> > 
> 
> That is not me.

People tend to be different. That makes things... interesting.

> I will not encourage anyone to set themselves up for failure.
> I might be unpolished, and you expressed before that I am rude.

Wait a sec. If I did that (if you say so I take it at face value)
please, accept my apologies.

> However I think most people benefit from a realistic point
> of their own capabilities.
> I just do not think throwing somebody from a ship in the middle
> of the ocean and thinking he/she will learn to swim. I rather send
> them to the kiddie pool, no matter how offended they are.
> 
> And it is not the case that I do not want them to learn. Quite the
> opposite is true.

I I wouldn't propose "throwing somebody from a ship". But if
someone wants to jump, I'd tell them what they can expect
instead of just telling them "don't do it". And have a lifebuoy
at hand.

But we are different and that's OK. I don't suggest you do
like me. I think this is the biggest asset in this list, at
least if we understand how to use it :)

Cheers
 - t


signature.asc
Description: Digital signature

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[rhkramer]

On Thursday, September 30, 2021 12:28:54 PM Stella Ashburne wrote:
> Your statement: "Be bold, go where no man has gone before"
> 
> I suppose that "man" refers to both men and women, right? (Just kidding. In
> this time and age, one has to be seen to be politically correct, yes?)

Yes, or at least to Captain Kirk and Uhura (I don't know how to spell that)! 
;-)

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Dan Ritter]

Stella Ashburne wrote: 
> Hi
> 
> Thanks for your words of encouragement.
> 
> > Sent: Thursday, September 30, 2021 at 11:39 PM
> > From: rhkra...@gmail.com
> > To: debian-user@lists.debian.org
> > Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 - 
> > Connection status show OK but unable to surf the net)
> >
> > On Thursday, September 30, 2021 10:54:17 AM Stella Ashburne wrote:
> > Yes, their email address are displayed on the project's website.
> > No, they didn't mention that any Tom, Dick and Harry are welcome to write
> > to them. Well, thank goodness your name is Stella ;-) (Sorry!) I think the 
> > implication of them having their email address on the project's website is 
> > that Tom, Dick and Harry (and even Stella) are welcome to write to
> > them, and they have the implied option of not replying for whatever reason. 
> > Be bold, go where no man has gone before ;-)
> 
> Your statement: "Be bold, go where no man has gone before"
> 
> I suppose that "man" refers to both men and women, right? (Just kidding. In 
> this time and age, one has to be seen to be politically correct, yes?)

Updated in 1987 by Star Trek: The Next Generation

"Space: the final frontier. These are the voyages of the
starship Enterprise. Its continuing mission: to explore strange
new worlds, to seek out new life and new civilizations, to
boldly go where no one has gone before."

-dsr-

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Dan Ritter]

Stella Ashburne wrote: 
> Hi Dan
> 
> > Sent: Thursday, September 30, 2021 at 11:15 PM
> > From: "Dan Ritter" 
> > To: "Stella Ashburne" 
> > Cc: debian-user@lists.debian.org
> > Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 - 
> > Connection status show OK but unable to surf the net)
> >
> >
> > Try
> >
> > ip link show
> >
> > and look for the name of a device which could be your wifi NIC.
> >
> Nope, ip link show does not show up any device which is my wifi NIC


Then the kernel is not recognizing it. Can you spot it in either
lspci 

or 

lsusb

and tell us the hardware?

-dsr-

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Stella Ashburne]

Hi

Thanks for your words of encouragement.

> Sent: Thursday, September 30, 2021 at 11:39 PM
> From: rhkra...@gmail.com
> To: debian-user@lists.debian.org
> Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 - 
> Connection status show OK but unable to surf the net)
>
> On Thursday, September 30, 2021 10:54:17 AM Stella Ashburne wrote:
> Yes, their email address are displayed on the project's website.
> No, they didn't mention that any Tom, Dick and Harry are welcome to write
> to them. Well, thank goodness your name is Stella ;-) (Sorry!) I think the 
> implication of them having their email address on the project's website is 
> that Tom, Dick and Harry (and even Stella) are welcome to write to
> them, and they have the implied option of not replying for whatever reason. 
> Be bold, go where no man has gone before ;-)

Your statement: "Be bold, go where no man has gone before"

I suppose that "man" refers to both men and women, right? (Just kidding. In 
this time and age, one has to be seen to be politically correct, yes?)

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Henning Follmann]

On Thu, Sep 30, 2021 at 05:48:19PM +0200, to...@tuxteam.de wrote:
> On Thu, Sep 30, 2021 at 10:14:05AM -0400, Henning Follmann wrote:
> 
> [...]
> 
> > What baffels me is though, at what length someone would go to not use the 
> > default
> > methods to connect  via wifi. Especially when they showed limited experience
> > in networking in the first place.
> 
> This remark was, IMO, unnecessary: after all, that's how we learn around here,
> don't we?
>
> At least that's how I learn.
> 

That is not me.
I will not encourage anyone to set themselves up for failure.
I might be unpolished, and you expressed before that I am rude.
However I think most people benefit from a realistic point
of their own capabilities.
I just do not think throwing somebody from a ship in the middle
of the ocean and thinking he/she will learn to swim. I rather send
them to the kiddie pool, no matter how offended they are.

And it is not the case that I do not want them to learn. Quite the
opposite is true.

-H

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Stella Ashburne]

Hi Tomas

> Sent: Thursday, September 30, 2021 at 11:48 PM
> From: to...@tuxteam.de
> To: debian-user@lists.debian.org
> Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 - 
> Connection status show OK but unable to surf the net)
>
> On Thu, Sep 30, 2021 at 10:14:05AM -0400, Henning Follmann wrote:
>
> [...]
>
> > What baffels me is though, at what length someone would go to not use the 
> > default
> > methods to connect  via wifi. Especially when they showed limited experience
> > in networking in the first place.
>
> This remark was, IMO, unnecessary: after all, that's how we learn around here,
> don't we?
>
> At least that's how I learn.
>
Bingo. I couldn't agree with you more.

The main objective of having a mailing list for Debian users is so that we, as 
a community of like-minded individuals, are able to share our knowledge and 
experience.

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Stella Ashburne]

Hi Dan

> Sent: Thursday, September 30, 2021 at 11:15 PM
> From: "Dan Ritter" 
> To: "Stella Ashburne" 
> Cc: debian-user@lists.debian.org
> Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 - 
> Connection status show OK but unable to surf the net)
>
>
> Try
>
> ip link show
>
> and look for the name of a device which could be your wifi NIC.
>
Nope, ip link show does not show up any device which is my wifi NIC

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Henning Follmann]

On Thu, Sep 30, 2021 at 04:54:17PM +0200, Stella Ashburne wrote:
> Hi Henning
> 
> > Sent: Thursday, September 30, 2021 at 10:14 PM
> > From: "Henning Follmann" 
> > To: debian-user@lists.debian.org
> > Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 - 
> > Connection status show OK but unable to surf the net)
> >
> >
> > That depends. How did you get their e-mail address?
> > Was it from the project webpage? Do they encourage anybody to
> > send them direct mail?
> > Them yes.
> >
> Yes, their email address are displayed on the project's website.

Wow, we do live in a different reality.
I checked the page https://git.kernel.org/pub/scm/network/wireless/iwd.git/
I do not see any of their e-mail address displayed there.

So you followed the link to the mailing list and scraped the e-mails from there?

> 
> No, they didn't mention that any Tom, Dick and Harry are welcome to write to 
> them.

I didn't think so.

> 
> > What baffels me is though, at what length someone would go to not use the 
> > default
> > methods to connect  via wifi. Especially when they showed limited experience
> > in networking in the first place.
> >
> Pray thee, what are the default methods that you speak of?

Well,
again the first thing I would check is the debian documentation.
Lets look at the  "The Debian Administrator's Handbook" section 8.2
https://www.debian.org/doc/manuals/debian-handbook/sect.network-config.en.html

And here we find - quote:

"NOTE NetworkManager
If Network Manager is particularly recommended in roaming setups (see Section 
8.2.5, “Automatic Network Configuration for Roaming Users”), it is also 
perfectly usable as the default network management tool. You can create “System 
connections” that are used as soon as the computer boots either manually with a 
.ini-like file in /etc/NetworkManager/system-connections/ or through a 
graphical tool (nm-connection-editor). If you were using ifupdown, just 
remember to deactivate the entries in /etc/network/interfaces that you want 
Network Manager to handle."





> 
> My OS is plain Debian 11 with just lxqt-core and lightdm installed. I'm tired 
> of using Gnome.

again network-manager does not need GNOME.
It works perfectly fine whithout any DE and comes with a cli frontend (nmcli).


next choice through /e/n/i

> 
> Indeed, I've very limited networking and that's why I'm motivated to learn 
> how to use iwd to surf the net.
>

right, sigh, you are willing to learn what you already decided on. Please 
consider smaller steps.
Install your debian initially just by following the predesigned way. Learn how 
to use it,
gain knowledge and confidence from there, then venture to more challenging 
topics.
I think you will be much happier this way.

-H

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[tomas]

On Thu, Sep 30, 2021 at 10:14:05AM -0400, Henning Follmann wrote:

[...]

> What baffels me is though, at what length someone would go to not use the 
> default
> methods to connect  via wifi. Especially when they showed limited experience
> in networking in the first place.

This remark was, IMO, unnecessary: after all, that's how we learn around here,
don't we?

At least that's how I learn.

Cheers
 - t


signature.asc
Description: Digital signature

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[rhkramer]

On Thursday, September 30, 2021 10:54:17 AM Stella Ashburne wrote:
> Yes, their email address are displayed on the project's website.
> 
> No, they didn't mention that any Tom, Dick and Harry are welcome to write
> to them.

Well, thank goodness your name is Stella ;-)  (Sorry!)  

I think the implication of them having their email address on the project's 
website is that Tom, Dick and Harry (and even Stella) are welcome to write to 
them, and they have the implied option of not replying for whatever reason.

Be bold, go where no man has gone before ;-)

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Dan Ritter]

Stella Ashburne wrote: 
> Oh dear! Oh dear!
> 
> After a reboot, I typed the following word at the command prompt:
> 
> iwctl
> 
> Next, I typed
> 
> station wlan0 show
> 
> The output was: No device found

Try 

ip link show

and look for the name of a device which could be your wifi NIC.

-dsr-

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Stella Ashburne]

Hi Henning

> Sent: Thursday, September 30, 2021 at 10:14 PM
> From: "Henning Follmann" 
> To: debian-user@lists.debian.org
> Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 - 
> Connection status show OK but unable to surf the net)
>
>
> That depends. How did you get their e-mail address?
> Was it from the project webpage? Do they encourage anybody to
> send them direct mail?
> Them yes.
>
Yes, their email address are displayed on the project's website.

No, they didn't mention that any Tom, Dick and Harry are welcome to write to 
them.

> What baffels me is though, at what length someone would go to not use the 
> default
> methods to connect  via wifi. Especially when they showed limited experience
> in networking in the first place.
>
Pray thee, what are the default methods that you speak of?

My OS is plain Debian 11 with just lxqt-core and lightdm installed. I'm tired 
of using Gnome.

Indeed, I've very limited networking and that's why I'm motivated to learn how 
to use iwd to surf the net.

Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)

[Stella Ashburne]

Oh dear! Oh dear!

> Sent: Thursday, September 30, 2021 at 1:22 PM
> From: "David Wright" 
> To: debian-user@lists.debian.org
> Subject: Re: iwd: Using iwd to connect to a wireless network (Part 1 - 
> Connection status show OK but unable to surf the net)
>
> > [IPv4]
> > Address=192.168.30.115
> > Netmask=255.255.255.0
> > Gateway=192.168.30.1
> > Broadcast=192.168.30.255
> > DNS=8.8.8.8
>
>
> It's claimed that iwd can do DHCP itself. For this, you'd drop
> the [IPv4] paragraph above, and instead put
>
> [General]
> EnableNetworkConfiguration=true
>
> into /etc/iwd/main.conf (create if necessary).
>
Per your suggestion, I created a file main.conf in /etc/iwd/ and typed in the 
words:

[General]
EnableNetworkConfiguration=true

and saved it.

Next I removed the following lines from /var/lib/iwd/whitecollar.psk as you 
have suggested:

[IPv4]
Address=192.168.30.115
Netmask=255.255.255.0
Gateway=192.168.30.1
Broadcast=192.168.30.255
DNS=8.8.8.8

and saved the changes.

After a reboot, I typed the following word at the command prompt:

iwctl

Next, I typed

station wlan0 show

The output was: No device found