1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
# Note: The lines starting with # are ignored. To enable any of the
# configuration options below, remove # from the beginning of a respective line.
# this file is not distributed upstream as of iwd 1.0 version
# It is picked from last version in which is distributed
# Please read iwd.config(5), iwd.network(5), iwctl(1), iwmon(1) before setting
# these parameters below
[EAP]
mtu=1400
[EAPoL]
max_4way_handshake_time=5
[General]
#
# Enable network configuration. Setting this option to 'True' enables iwd to
# configure the network interfaces with the IP addresses. There are two types
# IP addressing supported by iwd: static and dynamic. The static IP addresses
# are configured through the network configuration files located in
# '/var/lib/iwd/' directory. For more information on the static configuration
# options refer to the wiki page (https://iwd.wiki.kernel.org/ipconfiguration).
# If no static IP configuration has been provided for a network, iwd will
# attempt to obtain the dynamic addresses from the network through the built-in
# DHCP client.
#
# The network configuration feature is disabled by default.
#
# enable_network_config=False
#
# Indicate a DNS resolution method used by the system. This configuration option
# must be used in conjunction with 'enable_network_config'. The currently
# supported methods include: systemd-resolved and the resolv.conf based options
# (such as openresolv, etc).
# The following configuration 'dns_resolve_method' options are supported:
# systemd
# resolvconf
#
# If not specified, 'systemd' is used as default.
#
# dns_resolve_method=resolvconf
#
#
# Enable/Disable sending EAPoL packets over NL80211. Enabled by default if
# kernel support is available. Doing so sends all EAPoL traffic over directly
# to the supplicant process (iwd) instead of putting these on the Ethernet
# device. Since only the supplicant can usually make sense / decrypt these
# packets, enabling this option can save some CPU cycles on your system and
# avoids certain long-standing race conditions.
#
# Note, iwmon cannot currently spy on unicast packets sent over netlink, so
# if you need to capture EAPoL packets (e.g. for debugging) then this option
# should be set to False.
control_port_over_nl80211=True
#
# Set the threshold RSSI for roaming (default -70)
roam_rssi_threshold=-70
#
# Do not allow iwd to destroy / recreate wireless interfaces at startup,
# including default interfaces. Enable this behavior if your wireless card
# driver is buggy or does not allow such an operation, or if you do not want
# iwd to manage netdevs for another reason. For most users with an upstream
# driver it should be safe to omit/disable this setting.
# use_default_interface=true
#
# Explicitly enforce/disable management frame protection
#
# 0 - Disable management frame protection
# 1 - Set management frame protection capable (default)
# 2 - Management frame protection required
#
# management_frame_protection=1
#
# Enable/disable ANQP queries. The way IWD does ANQP queries is dependent on
# a recent kernel patch (available in Kernel 5.3). If your kernel does not have
# this functionality this should be disabled (default). Some drivers also do a
# terrible job of sending public action frames (freezing or crashes) which is
# another reason why this has been turned off by default. All aside, if you want
# to connect to Hotspot 2.0 networks ANQP is most likely going to be required
# (you may be able to pre-provision to avoid ANQP).
#
# disable_anqp=true
#
# Control the behavior of MAC address randomization by setting the
# mac_randomize option. iwd supports the following options:
# "default" - Lets the kernel assign a mac address from the permanent mac
# address store when the interface is created by iwd. Alternatively,
# if the 'use_default_interface' is set to true, then the mac address is
# not touched.
# "once" - MAC address is randomized once when iwd starts. If
# 'use_default_interface' is set to true, only the interface(s) managed
# by iwd will be randomized.
#
# One can control which part of the address is randomized using
# mac_randomize_bytes option. iwd supports the following options:
# "nic" - Randomize only the NIC specific octets (last 3 octets). Note that
# the randomization range is limited to 00:00:01 to 00:00:FE. The permanent
# mac address of the card is used for the initial 3 octets.
# "full" - Randomize the full 6 octets. The locally-administered bit will
# be set.
#
# mac_randomize=default
# mac_randomize_bytes=full
[Scan]
#
# Disable periodic scan. Setting this option to 'true' will prevent iwd from
# issuing the periodic scans for the available networks while disconnected.
# The behavior of the user-initiated scans isn't affected.
# The periodic scan is enabled by default.
#
# disable_periodic_scan=false
#
#
# Disable roaming scan. Setting this option to 'true' will prevent iwd from
# issuing the roaming scans for the available networks while connected.
# The behavior of the user-initiated scans isn't affected.
# The roaming scan is enabled by default.
#
# disable_roaming_scan=false
#
#
# Disable MAC address randomization. Setting this option to 'true' will prevent
# the capable network adapters from randomizing MAC addresses during the active
# scans for networks, thus decreasing user privacy.
# The MAC address randomization is enabled by default.
#
# disable_mac_address_randomization=false
#
[Blacklist]
#
# Configure BSS blacklist time/multipler/max. If a connection to a BSS fails for
# whatever reason we can avoid connecting to this BSS in the future by
# blacklisting it. These three options configure how long a BSS is blacklisted
# for.
#
# bss_blacklist_time - The initial timeout for a blacklisted BSS in
# seconds (default 60)
# bss_blacklist_multiplier - What bss_blacklist_time is multiplied by after
# future unsuccessful connection attempts in
# seconds (default 30)
# bss_blacklist_max_time - The maximum time a BSS can be blacklisted for in
# seconds (default 86400)
#
# bss_blacklist_time=60
# bss_blacklist_multiplier=30
# bss_blacklist_max_time=86400
[Rank]
#
# Manually specify a 5G ranking factor. 5G networks are already preferred but
# only in terms of calculated data rate, which is RSSI dependent. This means it
# is still possible for IWD to prefer a 2.4GHz AP in the right conditions.
# This ranking provides a way to further weight the ranking towards 5G if
# required. Also, a lower 5G factor could be used to weight 2.4GHz if that is
# desired. The default is 1.0, which does not affect the calculated ranking.
#
# rank_5g_factor=1.0
|
