For as long as I’ve used Linux, I’ve always used NetworkManager to manage internet connections. I tried other things like wicd and connman as well over the years, and while wicd was hit or miss, I did like connman. But I’m a creature of habit, so I always fell back to NetworkManager. I’ve stopped using nm-applet long ago, though, because it’s really not needed when you can use some convenient scripts to display network info in your status bar and connect/disconnect through dmenu.
That said, creature of habit or not, I’m always open to finding “better tools for the job”, especially if it means having one less layer of abstraction on my system. It so happens that ifupdown is one such tool. If all you need is some basic wired and/or wireless connections, ifupdown is most definitely what should be used. While it can also handle more complex setups (such as vpn connections if I’m not mistaken), I’ve never used them so I’m not qualified to talk about it.
What follows is a simple guide on how to setup ifupdown and /etc/network/interfaces for basic wired and wireless connections.
## Wired Connections
On any freshly installed debian system, with the netinstall ISO and no DE selected at tasksel, your wired connection will already be properly setup in /etc/network/interfaces. If your install is brand new, then you can either skip to the ‘Wireless’ or ‘Ifup/Ifdown Commands’ sections bellow (or, you can continue reading for education’s sake).
If you want to convert to ifupdown, or just test it, first stop and disable whatever service you use for network connections. It’s also a good idea to verify that ifupdown is already installed (with apt list --installed | grep ifupdown). It most definitely should be, but it doesn’t hurt to check. Once that is done, it’s very simple.
- If you don’t know your interface name, run the
find /sys/class/netcommand. Your wired connection’s interface will start with ‘enp’ in most cases (Ex: enp1s0). - Open, with root privileges, the /etc/network/interfaces file. This is what the file needs to look like, so edit it as required, replacing interface with your interface name:
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug interface
iface interface inet dhcp
And that’s it. Remove the “allow-hotplug” line if you do not want to automatically connect at boot.
## Wireless Networks
- As with wired connections, if you’re unsure of your interface’s name, simply type the
find /sys/class/netcommand. Your interface should normally start with ‘wlp’ (Ex: wlp1s0). - Install the wpasupplicant package if it is not already, as it is required for wpa/wpa2. With WEP connections being insecure and a nightmare for privacy, I will not go through them in this guide. Use WEP at your own risks.
- Open, with root privileges, the /etc/network/interfaces file. This is what the file needs to look like for basic wireless networking (assuming there’s also a wired connection present) to work, edit as required, replacing “MYSSID”, “MYPASSWORD” and interface with the proper names/password:
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug interface
iface interface inet dhcp
# Wireless interface
allow-hotplug interface
iface interface inet dhcp
wpa-ssid "MYSSID"
wpa-psk "MYPASSWORD"
- Note that your SSID and password may or may not need to be in double quotes. Try with double quotes first, and if it doesn’t work, try without (removing them in password first).
- Remove the “auto lo” line if you do not want the network to start automatically at boot.
- Having your wifi password in plain text in /etc/network/interfaces may present a risk, as anyone who can read that file can access that information. There are a few measures you can take to prevent any potential issue, such as:
- Restrict permissions of /etc/network/interfaces to prevent psk disclosure with the
chmod 0600 /etc/network/interfacescommand.
- Create a separate file for your wireless connection, saving it as: /etc/network/interfaces.d/interface.
- More methods (such as wpa_passphrase) can be found here: https://wiki.debian.org/WiFi/HowToUse#wpa_supplicant
- Restrict permissions of /etc/network/interfaces to prevent psk disclosure with the
Since I only use wifi on my old laptop, and I’m not even connected to the internet half of the time, I’m content with the chmod solution, but for a daily driver, I highly recommend you lock it down further.
## Ifup/Ifdown Commands
Now that /etc/network/interfaces is properly set, connecting and disconnecting networks is very straightforward.
- Connect:
sudoordoas ifup interface - Disconnect:
sudoordoas ifdown interface
## Convenience
You may find it inconvenient to always type a password when connecting/disconnecting. You might even find it inconvenient to always type the command as well. You have a few choices to make it a bit more convenient.
One way would be to create keybindings that would call both commands, and another would be to create a simple dmenu script, which can then be tied to a keybinding. I’ll highlight the second way, but in either cases, it will involve adding a rule in doas.conf or the sudoers file to allow using the ifup and ifdown commands without entering a password. As always, make sure you consider the inherent risks associated with doing that.
Script #1: A simple wired or wireless connection (but not both), using either doas or sudo. As always, sub interface for your interface’s name:
#!/bin/sh
CHOICE=$(printf '%s\n' "Up" "Down" | dmenu -p Network)
case "$CHOICE" in
Up) sudo or doas /usr/sbin/ifup interface ;;
Down) sudo or doas /usr/sbin/ifdown interface ;;
esac
Script #2: Both wired and wireless networks together
#!/bin/sh
CHOICE=$(printf '%s\n' "Wired-Up" "Wired-Down" "Wifi-Up" "Wifi-Down" | dmenu -p Networks)
case "$CHOICE" in
Wired-Up) sudo or doas /usr/sbin/ifup wired-interface ;;
Wired-Down) sudo or doas /usr/sbin/ifdown wired-interface ;;
Wifi-Up) sudo or doas /usr/sbin/ifup wifi-interface ;;
Wifi-Down) sudo or doas /usr/sbin/ifdown wifi-interface ;;
esac
Next, give your specific user permission to execute those commands without a password.
If using sudo:
- Create a new file with
visudo -f /etc/sudoers.d/mysudo - Add the line: username ALL=(ALL) NOPASSWD:/usr/sbin/ifup,/usr/sbin/ifdown
- Replace username with your user name
- Save and exit
If using doas (highly recommended):
- Open /etc/doas.conf
- Add the appropriate lines depending on what commands are called in the script:
permit nopass username as root cmd /usr/sbin/ifup args wired-interface
permit nopass username as root cmd /usr/sbin/ifdown args wired-interface
permit nopass username as root cmd /usr/sbin/ifup args wifi-interface
permit nopass username as root cmd /usr/sbin/ifdown args wifi-interface - Substitute with your user name, *-interface with the proper interface name
VoilĂ .
LeCorbeau's Vault 