Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Using iwd as networkmanager backend

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
mm3100
Posts: 336
Joined: 2020-10-21 21:39
Has thanked: 8 times
Been thanked: 13 times

Using iwd as networkmanager backend

#1 Post by mm3100 »

Hello,
I was having some trouble using wpa_supplicant so I changed networkmanagers backend to iwd. So far it seems to be working great, and I am no longer getting any error or warning messages. I am using it on buster, so I know it is just experimental, but it seems to be working well for me, so far at least.

My question here is if anyone knows of any security concerns right now iwd has in buster or is it just as fine as wpa_supplicant in that regard?

trinidad
Posts: 290
Joined: 2016-08-04 14:58
Been thanked: 14 times

Re: Using iwd as networkmanager backend

#2 Post by trinidad »

https://security-tracker.debian.org/tra ... 2020-17497

Looks like this is all right now.

TC
You can't believe your eyes if your imagination is out of focus.

Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: Using iwd as networkmanager backend

#3 Post by Deb-fan »

Have an interest in this too. Mind putting up a how-to, tute or linking to the resource outlining setting it up ?

For now content with networkd + wpa_supplicant (at the moment using wicd-gtk for convenience) but iwd looks cool too. I don't know of any reason not to use it, errr .. well at least nothing based on something substantial, two things concern me with it though, compared to wpa_supplicant couldn't have been as well tested. Also think it's one of the Intel brain children and with all this side-channel madness, my trust level and confidence in Intel is at an all time low ... From what I understand about the thing it communicates more directly with the Linux kernel to handle the encryption and whatever networking functions.

Brings point 1 back to mind, hasn't, can't have received as much real life testing as wpa_supplicant. Still have seen favorable mention by people using it and still seems interesting.
Most powerful FREE tech-support tool on the planet * HERE. *

mm3100
Posts: 336
Joined: 2020-10-21 21:39
Has thanked: 8 times
Been thanked: 13 times

Re: Using iwd as networkmanager backend

#4 Post by mm3100 »

I am not sure if it wise to use iwd on debian 10 right now, as it is outdated. But you can always try it out and compare internet speed between wpa_supplicant and iwd. While wpa_supplicant was throwing me some errors and warning I had stable connection, and was around 15% faster then on iwd. That is at least for my case, it could be opposite for you.

If you want to use iwd on buster or later it is really simple, https://wiki.debian.org/NetworkManager/iwd.

Basically you need to install iwd, https://packages.debian.org/buster/iwd, then go to /etc/NetworkManager/NetworkManager.conf and add

Code: Select all

[device]
wifi.backend=iwd
Then you need to stop wpa_supplicant service and restart NetworkManager

Code: Select all

systemctl disable wpa_supplicant.service 
systemctl restart NetworkManager.service
And it should start NetworkManager using iwd as backend. As how to revert, just comment out those lines from NetworkManager.conf, enable and start wpa_supplicant.service and restart NetworkManager.service.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Using iwd as networkmanager backend

#5 Post by Head_on_a_Stick »

trinidad wrote:Looks like this is all right now
Have you actually checked your link? The version in buster is still vulnerable.

@OP: the buster package is a pre-release and I had a few problems with it auto-connecting so I backported the version from sid:

https://software.opensuse.org//download ... ackage=iwd

^ That version isn't vulnerable to CVE-2020-17497.
deadbang

Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: Using iwd as networkmanager backend

#6 Post by Deb-fan »

Thanks M3100 and definitely thanks for posting that info Head_on. Whenever chasing any newish tech do think it's a good idea to use the latest available for it.
Most powerful FREE tech-support tool on the planet * HERE. *

trinidad
Posts: 290
Joined: 2016-08-04 14:58
Been thanked: 14 times

Re: Using iwd as networkmanager backend

#7 Post by trinidad »

The version in buster is still vulnerable.
Sorry. Of course I read the page. It was just a bad choice of words. I was responding to the OP:
anyone knows of any security concerns right now iwd has in buster


What I meant was: Looks like this is the only vulnerability. (all that's out there)

TC
You can't believe your eyes if your imagination is out of focus.

Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: Using iwd as networkmanager backend

#8 Post by Deb-fan »

Which btw, m3100 you posted a dang good reason for not going with iwd yourself, it must work well enough or you wouldn't keep using it but having tested and discovering you're taking a 15% transfer speed hit, that type of thing would drive me nuts just knowing. Would say maybe start a help request and post the details in this or other tech-forums trying to find a solution for whatever issues with wpa_supplicant or keep exploring other networking options.

Again ... I'm not at all one of the tinfoil hat paranoid nixers so often seen but when dealing with something like wireless encryption, yeah, goes without saying that'd have to be something any computer users pay more attention to and the use of an unproven, at least a much lesser proven option isn't something I'd consider advisable. That's only a pointless 2 cents ...

Ps, oops, also missed the obvious, at very least maybe try the newer version Head_on was nice enough to backport and share. Hopefully those speed issues will prove corrected ? Guess if nobody ever uses iwd, it can't get tested nor proven.
Most powerful FREE tech-support tool on the planet * HERE. *

mm3100
Posts: 336
Joined: 2020-10-21 21:39
Has thanked: 8 times
Been thanked: 13 times

Re: Using iwd as networkmanager backend

#9 Post by mm3100 »

I was reading about iwd on some other forums and some of them said they got speed boost while others lost on performance. That test was just for my particular device and setup, it is probably 'corrected' in newer versions too.

I am currently not using iwd because of that vulnerability and bandwidth hit, since I don't like to use backports, will just stick to wpa_supplicant for now. Only problems I had with wpa_supplicant were odd error messages and rare random disconnects so I am happy with that, it is not like I am doing any online gaming these days anyway so it is not causing me any real trouble.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Using iwd as networkmanager backend

#10 Post by Head_on_a_Stick »

mm3100 wrote:I was reading about iwd on some other forums and some of them said they got speed boost while others lost on performance.
There shouldn't be any difference in performance at all, iwd is just an network association tool.

Trilby over at the Arch forums made some interesting observations about this: https://bbs.archlinux.org/viewtopic.php ... 4#p1916054 (btw @rsmarples is the dhcpcd developer).
mm3100 wrote:Only problems I had with wpa_supplicant were odd error messages and rare random disconnects
More likely related to the driver than wpa_supplicant but difficult to say for sure without seeing the logs.
deadbang

Post Reply