Network setup: Difference between revisions

From Rsewiki
 
(36 intermediate revisions by the same user not shown)
Line 1: Line 1:
Back to [[Robobot]]
Back to [[Robobot B]]


Back to [[Robobot B]]
==WiFi network==


If you are at DTU and the small display shows an IP, then all is fine. Otherwise read further down.


=== NTP ===
====Network Manager====


Network time protocol, to keep clocks in sync.
The NetworkManager uses device UUID as part of the Wi-Fi network setup. This means that (sometimes) an SD card can not be moved from one robot to another with a functional Wi-Fi connection.
At DTU most clock sources are blocked, the clock source needs to be configured.


At DTU, edit /etc/ntp.conf or /etc/ntpsec/ntp.conf, add ntp.ait.du.dk to server pool
After 20 seconds, an attempt to solve this is activated using the commands below (the code is found in svn/robobot/setup/rename_host.bash - last half).


sudo nano /etc/ntpsec/ntp.conf
Use the last line to setup manually - or the GUI, if available.


...
See the current network settings
  # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
  nmcli dev show
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
Network manager connection with UUID
  # more information.
  nmcli connection
pool ntp.ait.dtu.dk
List available wifi access points
  ...
  nmcli dev wifi


Sync time (if on DTU net)
==== Connect to DTUdevice net ====


  sudo ntpdate -u ntp.ait.dtu.dk
You can establish a new connection from the command line
  sudo nmcli device wifi connect DTUdevice password <password> ifname wlan0 ipv6.method "disabled"
This should create a new system-connection file with a usable UUID.
IPv6 is disabled, as many of the IPv6 MACs seem to be the same (we cloned the SD card), and this will blacklist the connection for stealing the MAC.


Should work in and around DTU - see also [[NTP howto]] for more details.
There is a terminal-based user interface to edit a connection. First list connections:
$ nmcli con show
eg: NAME            UUID                                  TYPE      DEVICE
preconfigured      e07a0ae8-028b-4d65-806c-ec63f435df44  wifi      wlan0 
lo                  2737bad6-956f-4668-99e0-4697f4ec30a7  loopback  lo
Find the NAME of the connection to edit, e.g. 'preconfigured'
sudo nmtui edit "preconfigured"
The edit as desired.


===WiFi network===
Reload Network Manager to read this.


====Network Manager====
sudo nmcli connection reload


Create a connection file in /etc/NetworkManager/system-connections
or restart the NetworkManager


  sudo nano /etc/NetworkManager/system-connections/DTUdevice.nmconnection
  sudo systemctl restart NetworkManager.service


Insert the following (but remember to insert the correct psk password):
==== Home network connection ====


[connection]
If you know the SSID and password, you can prepare the robot for another (home) network.
id=DTUdevice
Use this command (replacing <SSID> and <password>):
uuid=c5e1b602-c694-4bf4-a398-cdce468568d6
type=wifi
interface-name=wlan0
[wifi]
mode=infrastructure
ssid=DTUdevice
[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=<password, ask or find in course material>
[ipv4]
method=auto
[ipv6]
addr-gen-mode=default
method=auto
[proxy]


All robots are allowed on the DTUdevice network, but only with a few ports open.
sudo nmcli device wifi connect <SSID> password <password> ifname wlan0


You can use the same template for other networks with a passphrase (PSK) key; just replace the ID with the SSID and change the PSK password.
If you have no network contact, then use a local link (cable) or attach a screen and keyboard.


== Cable connection ==


==== Using static IP and DNS server on Raspberry ====


==== WPA ====
Assign a static IP for the Raspberry:
*Old - do not use


* NO! we now use "DTUdevice"
sudo nmcli connection add con-name eth0-manual ifname eth0 type ethernet ip4 192.168.7.7/24 ipv6.method disabled
* @todo


The IP for the Raspberry is 192.168.7.1 when a cable is connected and the Network manager is reloaded.


sudo nmcli con reload


Replace password/passphrase with an encrypted version.
==== Install DNS server on Raspberry ====


The '''wpa_passphrase''' generated function works to generate an encrypted passphrase:
Allow the connected PC to get an IP automatically; install DNSMASQ
(copied from Raspberry Pi forum, (thanks to 'rpdom')).


  rpdom@raspberrypi:~ $ wpa_passphrase MYSSID MYPASSPHRASE
  sudo apt install dnsmasq
network={
ssid="MYSSID"
#psk="MYPASSPHRASE"
psk=ENCRYPTED_PSK_IS_HERE
}
rpdom@raspberrypi:~ $ sudo nmcli con add con-name MYSSID \
                            type wifi ssid MYSSID \
                            wifi-sec.key-mgmt wpa-psk \
                            wifi-sec.psk ENCRYPTED_PSK_IS_HERE
Connection 'MYSSID' (ed602d46-0a2b-4094-a2c3-79652a47d612) successfully added.
sudo nmcli con up MYSSID


Or, if the connection is already established, then edit the relevant file and copy in the ENCRYPTED_PSK_IS_HERE to replace the clear text passphrase.
Configure the use by editing /etc/dnsmasq.conf


  cd /etc/NetworkManager/system-connections
  sudo nano /etc/dnsmasq.conf
ls
sudo nano MYSSID.nmconnection


===== 802 secure wifi =====
Uncomment and change two lines. It is to be used on ETH0 only and in the IP range 192.168.7.50 to 192.168.7.99.


When connecting to Eduroam (or other with 802 security) you will eventually have to type in your username and password in the wpa_supplicant.conf-file. For your password not to be visible, generate a hash code for it
# DNS requests only on
# specified interface
interface=eth0
# range of addresses available for lease and optionally
# a lease time
dhcp-range=192.168.7.50,192.168.7.99,255.255.255.0,12h


echo -n YOUR_COOPERATE_MAIL_PASSWORD | iconv -t utf16le | openssl md5
Restart the dnsmasq


Copy the generated hash code (YOUR_COOPERATE_MAIL_PASSWORD_HASH) and clear the terminal window and the command history.
sudo service dnsmasq restart


clear
To see the status of the dnsmasq service use:
history -c


A connection using 802 security could be generated with
journalctl -b0 -u dnsmasq.service


nmcli connection add \
After this, when you plug in a cable to a PC, then, after some seconds, both the robot and the PC should have an IP in the range 192.168.7.x. And the robot should display the new IP 192.168.7.7.
  type wifi \
  connection.id NICKNAME \
  wifi.ssid SSID \
  wifi.mode infrastructure \
  wifi-sec.key-mgmt wpa-eap \
  802-1x.eap peap \
  802-1x.identity YOUR_COOPERATE_MAIL \
  802-1x.phase2-auth mschapv2 \
  802-1x.password hash:YOUR_COOPERATE_MAIL_PASSWORD_HASH
sudo nmcli con up NICKNAME


Replace the UPPER case words as appropriate.
You can now access the robot using
ssh local@192.168.7.7


Or, if the connection is already established, replace the password as above (in /etc/NetworkManager/system-connections).
==== Local link ====


I don't know if the '''YOUR_COOPERATE_MAIL_PASSWORD_HASH''' encryption works this way.
Note: This method failed in most cases


==== WPA ====
If wifi is too slow or unavailable, a local link using a network cable could be the solution.


''''No longer active''''
Many PCs will assign a local link IP like 168.254.x.x, and the Robot will do the same. The robot IP will be displayed on the small display but may be obscured if a Wi-Fi IP is available.


Now open wpa_supplicant.conf
To prepare this behaviour, log in to the Raspberry using wifi (or attach a screen and keyboard) and make a preferred local-link cabled connection:
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf


If you added an wifi access point, it probably looks something like this
sudo nmcli con mod "Wired connection 1" ipv4.method link-local ipv6.method disabled


network={
This should then be the behaviour after a reboot. "Wired connection 1" needs to be spelt this way; see the valid names using:
        ssid="device"
        key_mgmt=NONE
}


or using typical security with a password
nmcli connection


network={
Reload Network manager
        ssid="tdc432"
        psk="secret_password"
        key_mgmt=WPA-PSK
        id_str=home
}


You can add any number of the "network" groups for all the networks you get across
sudo nmcli connection reload
If you don't like the network password to be visible, see guide below.


====Private network====
== Check IP and SSID ==


Generate encrypted key with
When the Pi has rebooted, connect to it using SSH once again. Check that the Pi is connected to WiFi
ifconfig
Under '''wlan0''' confirm that the Pi has received an IP (inet addr) and note down the first three sections of the IP - they are most likely '''10.197.21x.xxx'''


  wpa_passphrase mySSID secret776
To see which SSID you are connected to, use
  iwconfig
or
nmcli -o


if the desired SSID is "mySSID" and the password is "secret776", then copy the result into /etc/wpa_supplicant/wpa_supplicant.conf (except the line with the password in clear text).
The MAC address ('HWaddr' or 'ether') of the Pi should also be noted down - this probably starts with '''B8:27:EB:xx:xx:xx''' make sure to get all of it.


network={
===Find IP of robot (Linux)===
        ssid="mySSID"
        #psk="secret776"
        psk=812439e952156aea9983f3df5a389cf3f9c2e9f30ae2624eaad1551612a6ef71
}


====Eduroam or DTU secure====
In case the Pi gets a new IP address after reboot, you can search for it using the MAC address and '''nmap'''. If '''nmap''' is not installed, start by installing it
sudo apt-get install nmap
To search for the Pi using the MAC address in terminal type
nmap -sP 10.197.218.0/20 | awk '/^Nmap/{ip=$NF}/B8:27:EB:23:A0:F5/{print ip}'
where '''10.197.218''' is the first three sections of the IP you noted down, 20 is the number of fixed bits (out of 32), and '''B8:27:EB:23:A0:F5''' is the MAC address of the Pi. This should return the IP of the Pi.


When connecting to Eduroam you will eventually have to type in your username and password in the wpa_supplicant.conf-file. In order for your password not to be visible, generate a hash-code for it
NB! the MAC can hold letters, they should probably be capital.


echo -n password_here | iconv -t utf16le | openssl md5
==== If you don't know the IP address====


Copy the hash-code and then clear the terminal window and the command history
Use the first part to get a list of active IPs on the net:
  nmap -sP 10.197.218.0/24


clear
The robot's name should be included in the list, but the network may take a while to detect it.
history -c


Now open wpa_supplicant.conf
== NTP ==
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
Add or replace the following (You need at least one network group)
country=DK
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
ctrl_interface_group=0
update_config=1
network={
        ssid="eduroam"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        phase2="auth=MSCHAPV2"
        identity="username"
        password=hash:your_hash_code
}
network={
        ssid="DTUsecure"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        phase2="auth=MSCHAPV2"
        identity="username"
        password=hash:your_hash_code
}
Replace '''username''' with your username on Eduroam, i.e. your student number and replace '''your_hash_code''' with the hash-code you generated in the previous step.


Reboot the Raspberry Pi
Network Time Protocol is used to keep clocks in sync.
sudo reboot
Raspberry Pi will start with the date and time of the last proper shutdown, and some seconds after the internet is up, it will sync the clock using NTP.
or
sudo /etc/init.d/networking restart


=== Check IP and SSID ===
NTP need to be installed, i.e. 'sudo apt install ntp' if not done already.


When the Pi has rebooted, connect to it using SSH once again. Check that the Pi is connected to WiFi
At DTU most clock sources are blocked, the clock source needs to be configured.
ifconfig
Under '''wlan0''' confirm that the Pi has received an IP (inet addr) and note down the first three sections of the IP - they are most likely '''10.16.175.xxx'''


To see which SSID you are connected to use
At DTU, edit /etc/NTP.conf or /etc/ntpsec/ntp.conf and add ntp.ait.du.dk to the top of the server pool list.
iwconfig


The MAC address ('HWaddr' or 'ether') of the Pi should also be noted down - this probably starts with '''B8:27:EB:xx:xx:xx''' make sure to get all of it.
sudo nano /etc/ntpsec/ntp.conf


===Find IP of robot (Linux)===
...
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool ntp.ait.dtu.dk
...


In case the Pi gets a new IP address after reboot, you can search for it using the MAC address and '''nmap'''. If '''nmap''' is not installed, start by installing it
Sync time (if on DTU net)
sudo apt-get install nmap
To search for the Pi using the MAC address in terminal type
nmap -sP 10.16.175.0/24 | awk '/^Nmap/{ip=$NF}/B8:27:EB:23:A0:F5/{print ip}'
where '''10.16.175''' is the first three sections of the IP you noted down and '''B8:27:EB:23:A0:F5''' is the MAC address of the Pi. This should return the IP of the Pi.


NB! the MAC can hold letters, they should probably be capital.
sudo ntpdate -u ntp.ait.dtu.dk


==== If you don't know the MAC address====
Should work in and around DTU - see also [[NTP howto]] for more details.


Use the first part, to get a list of active IP on the net:
You can also check the status of the ntp service:
  nmap -sP 10.16.175.0/24


The name of the robot should be included in the list, but it can take a while for the network to detect the name.
sudo systemctl status ntp.service

Latest revision as of 17:37, 27 March 2025

Back to Robobot B

WiFi network

If you are at DTU and the small display shows an IP, then all is fine. Otherwise read further down.

Network Manager

The NetworkManager uses device UUID as part of the Wi-Fi network setup. This means that (sometimes) an SD card can not be moved from one robot to another with a functional Wi-Fi connection.

After 20 seconds, an attempt to solve this is activated using the commands below (the code is found in svn/robobot/setup/rename_host.bash - last half).

Use the last line to setup manually - or the GUI, if available.

See the current network settings 

nmcli dev show

Network manager connection with UUID 

nmcli connection

List available wifi access points 

nmcli dev wifi

Connect to DTUdevice net

You can establish a new connection from the command line 

sudo nmcli device wifi connect DTUdevice password <password> ifname wlan0 ipv6.method "disabled"

This should create a new system-connection file with a usable UUID. IPv6 is disabled, as many of the IPv6 MACs seem to be the same (we cloned the SD card), and this will blacklist the connection for stealing the MAC.

There is a terminal-based user interface to edit a connection. First list connections: 

$ nmcli con show
eg: NAME            UUID                                  TYPE      DEVICE 
preconfigured       e07a0ae8-028b-4d65-806c-ec63f435df44  wifi      wlan0  
lo                  2737bad6-956f-4668-99e0-4697f4ec30a7  loopback  lo

Find the NAME of the connection to edit, e.g. 'preconfigured' 

sudo nmtui edit "preconfigured"

The edit as desired.

Reload Network Manager to read this. 

sudo nmcli connection reload

or restart the NetworkManager 

sudo systemctl restart NetworkManager.service

Home network connection

If you know the SSID and password, you can prepare the robot for another (home) network. Use this command (replacing <SSID> and <password>): 

sudo nmcli device wifi connect <SSID> password <password> ifname wlan0

If you have no network contact, then use a local link (cable) or attach a screen and keyboard.

Cable connection

Using static IP and DNS server on Raspberry

Assign a static IP for the Raspberry: 

sudo nmcli connection add con-name eth0-manual ifname eth0 type ethernet ip4 192.168.7.7/24 ipv6.method disabled

The IP for the Raspberry is 192.168.7.1 when a cable is connected and the Network manager is reloaded. 

sudo nmcli con reload

Install DNS server on Raspberry

Allow the connected PC to get an IP automatically; install DNSMASQ 

sudo apt install dnsmasq

Configure the use by editing /etc/dnsmasq.conf 

sudo nano /etc/dnsmasq.conf

Uncomment and change two lines. It is to be used on ETH0 only and in the IP range 192.168.7.50 to 192.168.7.99. 

# DNS requests only on
# specified interface
interface=eth0
# range of addresses available for lease and optionally
# a lease time
dhcp-range=192.168.7.50,192.168.7.99,255.255.255.0,12h

Restart the dnsmasq 

sudo service dnsmasq restart

To see the status of the dnsmasq service use: 

journalctl -b0 -u dnsmasq.service

After this, when you plug in a cable to a PC, then, after some seconds, both the robot and the PC should have an IP in the range 192.168.7.x. And the robot should display the new IP 192.168.7.7.

You can now access the robot using 

ssh local@192.168.7.7

Local link

Note: This method failed in most cases

If wifi is too slow or unavailable, a local link using a network cable could be the solution.

Many PCs will assign a local link IP like 168.254.x.x, and the Robot will do the same. The robot IP will be displayed on the small display but may be obscured if a Wi-Fi IP is available.

To prepare this behaviour, log in to the Raspberry using wifi (or attach a screen and keyboard) and make a preferred local-link cabled connection: 

sudo nmcli con mod "Wired connection 1" ipv4.method link-local ipv6.method disabled

This should then be the behaviour after a reboot. "Wired connection 1" needs to be spelt this way; see the valid names using: 

nmcli connection

Reload Network manager 

sudo nmcli connection reload

Check IP and SSID

When the Pi has rebooted, connect to it using SSH once again. Check that the Pi is connected to WiFi 

ifconfig

Under wlan0 confirm that the Pi has received an IP (inet addr) and note down the first three sections of the IP - they are most likely 10.197.21x.xxx

To see which SSID you are connected to, use 

iwconfig

or 

nmcli -o

The MAC address ('HWaddr' or 'ether') of the Pi should also be noted down - this probably starts with B8:27:EB:xx:xx:xx make sure to get all of it.

Find IP of robot (Linux)

In case the Pi gets a new IP address after reboot, you can search for it using the MAC address and nmap. If nmap is not installed, start by installing it 

sudo apt-get install nmap

To search for the Pi using the MAC address in terminal type 

nmap -sP 10.197.218.0/20 | awk '/^Nmap/{ip=$NF}/B8:27:EB:23:A0:F5/{print ip}'

where 10.197.218 is the first three sections of the IP you noted down, 20 is the number of fixed bits (out of 32), and B8:27:EB:23:A0:F5 is the MAC address of the Pi. This should return the IP of the Pi.

NB! the MAC can hold letters, they should probably be capital.

If you don't know the IP address

Use the first part to get a list of active IPs on the net: 

 nmap -sP 10.197.218.0/24

The robot's name should be included in the list, but the network may take a while to detect it.

NTP

Network Time Protocol is used to keep clocks in sync. Raspberry Pi will start with the date and time of the last proper shutdown, and some seconds after the internet is up, it will sync the clock using NTP.

NTP need to be installed, i.e. 'sudo apt install ntp' if not done already.

At DTU most clock sources are blocked, the clock source needs to be configured.

At DTU, edit /etc/NTP.conf or /etc/ntpsec/ntp.conf and add ntp.ait.du.dk to the top of the server pool list. 

sudo nano /etc/ntpsec/ntp.conf

...
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool ntp.ait.dtu.dk
...

Sync time (if on DTU net) 

sudo ntpdate -u ntp.ait.dtu.dk

Should work in and around DTU - see also NTP howto for more details.

You can also check the status of the ntp service: 

sudo systemctl status ntp.service
Retrieved from "https://rsewiki.electro.dtu.dk/index.php?title=Network_setup&oldid=8048"