Network setup: Difference between revisions

From Rsewiki
 
(30 intermediate revisions by the same user not shown)
Line 1: Line 1:
Back to [[Robobot]]
Back to [[Robobot B]]
Back to [[Robobot B]]


==WiFi network==


=== NTP ===
If you are at DTU and the small display shows an IP, then all is fine. Otherwise read further down.


Network Time Protocol is used to keep clocks in sync.
====Network Manager====
Raspberry Pi will start with the date and time of the last proper shutdown, and some seconds after the internet is up, it will sync the clock using NTP.


At DTU most clock sources are blocked, the clock source needs to be configured.
The NetworkManager uses device UUID as part of the Wi-Fi network setup. This means that (sometimes) an SD card can not be moved from one robot to another with a functional Wi-Fi connection.


At DTU, edit /etc/NTP.conf or /etc/ntpsec/ntp.conf and add ntp.ait.du.dk to the top of the server pool list.
After 20 seconds, an attempt to solve this is activated using the commands below (the code is found in svn/robobot/setup/rename_host.bash - last half).


sudo nano /etc/ntpsec/ntp.conf
Use the last line to setup manually - or the GUI, if available.


...
See the current network settings
  # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
  nmcli dev show
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
Network manager connection with UUID
  # more information.
  nmcli connection
pool ntp.ait.dtu.dk
List available wifi access points
  ...
  nmcli dev wifi


Sync time (if on DTU net)
==== Connect to DTUdevice net ====


  sudo ntpdate -u ntp.ait.dtu.dk
You can establish a new connection from the command line
  sudo nmcli device wifi connect DTUdevice password <password> ifname wlan0 ipv6.method "disabled"
This should create a new system-connection file with a usable UUID.
IPv6 is disabled, as many of the IPv6 MACs seem to be the same (we cloned the SD card), and this will blacklist the connection for stealing the MAC.


Should work in and around DTU - see also [[NTP howto]] for more details.
There is a terminal-based user interface to edit a connection. First list connections:
$ nmcli con show
eg: NAME            UUID                                  TYPE      DEVICE
preconfigured      e07a0ae8-028b-4d65-806c-ec63f435df44  wifi      wlan0 
lo                  2737bad6-956f-4668-99e0-4697f4ec30a7  loopback  lo
Find the NAME of the connection to edit, e.g. 'preconfigured'
sudo nmtui edit "preconfigured"
The edit as desired.


===WiFi network===
Reload Network Manager to read this.


====Network Manager====
sudo nmcli connection reload


Create a connection file in /etc/NetworkManager/system-connections
or restart the NetworkManager


This works - sometimes, but the UUID is HW dependant and you can't (always?) move a SD card to another PI, without reactivating the wifi connection.
sudo systemctl restart NetworkManager.service


Network manager connection with UUID
==== Home network connection ====
nmcli connection
List available wifi access points
nmcli dev wifi
Connect to DTUdevice net
sudo nmcli device wifi connect DTUdevice password <password> ifname wlan0
This should create a new system-connection file with a usable UUID


* The following NetworkManager stuff is doubtful
If you know the SSID and password, you can prepare the robot for another (home) network.
Use this command (replacing <SSID> and <password>):


  sudo nano /etc/NetworkManager/system-connections/DTUdevice.nmconnection
  sudo nmcli device wifi connect <SSID> password <password> ifname wlan0


Insert the following (but remember to insert the correct psk password):
If you have no network contact, then use a local link (cable) or attach a screen and keyboard.


[connection]
== Cable connection ==
id=DTUdevice
uuid=c5e1b602-c694-4bf4-a398-cdce468568d6
type=wifi
interface-name=wlan0
[wifi]
mode=infrastructure
ssid=DTUdevice
[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=<password, ask or find in course material>
[ipv4]
method=auto
[ipv6]
addr-gen-mode=default
method=auto
[proxy]


All robots are allowed on the DTUdevice network, but only with a few ports open.
==== Using static IP and DNS server on Raspberry ====


You can use the same template for other networks with a passphrase (PSK) key; just replace the ID with the SSID and change the PSK password.
Assign a static IP for the Raspberry:


=== Check IP and SSID ===
sudo nmcli connection add con-name eth0-manual ifname eth0 type ethernet ip4 192.168.7.7/24 ipv6.method disabled


When the Pi has rebooted, connect to it using SSH once again. Check that the Pi is connected to WiFi
The IP for the Raspberry is 192.168.7.1 when a cable is connected and the Network manager is reloaded.
ifconfig
Under '''wlan0''' confirm that the Pi has received an IP (inet addr) and note down the first three sections of the IP - they are most likely '''10.197.21x.xxx'''


To see which SSID you are connected to, use
  sudo nmcli con reload
iwconfig
or
  nmcli -o


The MAC address ('HWaddr' or 'ether') of the Pi should also be noted down - this probably starts with '''B8:27:EB:xx:xx:xx''' make sure to get all of it.
==== Install DNS server on Raspberry ====


===Find IP of robot (Linux)===
Allow the connected PC to get an IP automatically; install DNSMASQ


In case the Pi gets a new IP address after reboot, you can search for it using the MAC address and '''nmap'''. If '''nmap''' is not installed, start by installing it
  sudo apt install dnsmasq
  sudo apt-get install nmap
To search for the Pi using the MAC address in terminal type
nmap -sP 10.16.175.0/24 | awk '/^Nmap/{ip=$NF}/B8:27:EB:23:A0:F5/{print ip}'
where '''10.16.175''' is the first three sections of the IP you noted down and '''B8:27:EB:23:A0:F5''' is the MAC address of the Pi. This should return the IP of the Pi.


NB! the MAC can hold letters, they should probably be capital.
Configure the use by editing /etc/dnsmasq.conf


==== If you don't know the MAC address====
sudo nano /etc/dnsmasq.conf


Use the first part, to get a list of active IP on the net:
Uncomment and change two lines. It is to be used on ETH0 only and in the IP range 192.168.7.50 to 192.168.7.99.
  nmap -sP 10.16.175.0/24


The name of the robot should be included in the list, but it can take a while for the network to detect the name.
# DNS requests only on
# specified interface
interface=eth0
# range of addresses available for lease and optionally
# a lease time
dhcp-range=192.168.7.50,192.168.7.99,255.255.255.0,12h


== Depricated ==
Restart the dnsmasq


*Old - do not use
sudo service dnsmasq restart


==== WPA ====
To see the status of the dnsmasq service use:


Replace password/passphrase with an encrypted version.
journalctl -b0 -u dnsmasq.service


The '''wpa_passphrase''' generated function works to generate an encrypted passphrase:
After this, when you plug in a cable to a PC, then, after some seconds, both the robot and the PC should have an IP in the range 192.168.7.x. And the robot should display the new IP 192.168.7.7.
(copied from Raspberry Pi forum, (thanks to 'rpdom')).


rpdom@raspberrypi:~ $ wpa_passphrase MYSSID MYPASSPHRASE
You can now access the robot using
network={
  ssh local@192.168.7.7
ssid="MYSSID"
#psk="MYPASSPHRASE"
psk=ENCRYPTED_PSK_IS_HERE
}
  rpdom@raspberrypi:~ $ sudo nmcli con add con-name MYSSID \
                            type wifi ssid MYSSID \
                            wifi-sec.key-mgmt wpa-psk \
                            wifi-sec.psk ENCRYPTED_PSK_IS_HERE
Connection 'MYSSID' (ed602d46-0a2b-4094-a2c3-79652a47d612) successfully added.
sudo nmcli con up MYSSID


Or, if the connection is already established, then edit the relevant file and copy in the ENCRYPTED_PSK_IS_HERE to replace the clear text passphrase.
==== Local link ====


cd /etc/NetworkManager/system-connections
Note: This method failed in most cases
ls
sudo nano MYSSID.nmconnection


===== 802 secure wifi =====
If wifi is too slow or unavailable, a local link using a network cable could be the solution.


When connecting to Eduroam (or other with 802 security) you will eventually have to type in your username and password in the wpa_supplicant.conf-file. For your password not to be visible, generate a hash code for it
Many PCs will assign a local link IP like 168.254.x.x, and the Robot will do the same. The robot IP will be displayed on the small display but may be obscured if a Wi-Fi IP is available.


echo -n YOUR_COOPERATE_MAIL_PASSWORD | iconv -t utf16le | openssl md5
To prepare this behaviour, log in to the Raspberry using wifi (or attach a screen and keyboard) and make a preferred local-link cabled connection:


Copy the generated hash code (YOUR_COOPERATE_MAIL_PASSWORD_HASH) and clear the terminal window and the command history.
sudo nmcli con mod "Wired connection 1" ipv4.method link-local ipv6.method disabled


clear
This should then be the behaviour after a reboot. "Wired connection 1" needs to be spelt this way; see the valid names using:
history -c


A connection using 802 security could be generated with
nmcli connection


nmcli connection add \
Reload Network manager
  type wifi \
  connection.id NICKNAME \
  wifi.ssid SSID \
  wifi.mode infrastructure \
  wifi-sec.key-mgmt wpa-eap \
  802-1x.eap peap \
  802-1x.identity YOUR_COOPERATE_MAIL \
  802-1x.phase2-auth mschapv2 \
  802-1x.password hash:YOUR_COOPERATE_MAIL_PASSWORD_HASH
sudo nmcli con up NICKNAME


Replace the UPPER case words as appropriate.
sudo nmcli connection reload


Or, if the connection is already established, replace the password as above (in /etc/NetworkManager/system-connections).
== Check IP and SSID ==


I don't know if the '''YOUR_COOPERATE_MAIL_PASSWORD_HASH''' encryption works this way.
When the Pi has rebooted, connect to it using SSH once again. Check that the Pi is connected to WiFi
ifconfig
Under '''wlan0''' confirm that the Pi has received an IP (inet addr) and note down the first three sections of the IP - they are most likely '''10.197.21x.xxx'''


==== WPA ====
To see which SSID you are connected to, use
iwconfig
or
nmcli -o


''''No longer active''''
The MAC address ('HWaddr' or 'ether') of the Pi should also be noted down - this probably starts with '''B8:27:EB:xx:xx:xx''' make sure to get all of it.


Now open wpa_supplicant.conf
===Find IP of robot (Linux)===
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf


If you added an wifi access point, it probably looks something like this
In case the Pi gets a new IP address after reboot, you can search for it using the MAC address and '''nmap'''. If '''nmap''' is not installed, start by installing it
sudo apt-get install nmap
To search for the Pi using the MAC address in terminal type
nmap -sP 10.197.218.0/20 | awk '/^Nmap/{ip=$NF}/B8:27:EB:23:A0:F5/{print ip}'
where '''10.197.218''' is the first three sections of the IP you noted down, 20 is the number of fixed bits (out of 32), and '''B8:27:EB:23:A0:F5''' is the MAC address of the Pi. This should return the IP of the Pi.


network={
NB! the MAC can hold letters, they should probably be capital.
        ssid="device"
        key_mgmt=NONE
}


or using typical security with a password
==== If you don't know the IP address====


network={
Use the first part to get a list of active IPs on the net:
        ssid="tdc432"
  nmap -sP 10.197.218.0/24
        psk="secret_password"
        key_mgmt=WPA-PSK
        id_str=home
}


You can add any number of the "network" groups for all the networks you get across
The robot's name should be included in the list, but the network may take a while to detect it.
If you don't like the network password to be visible, see guide below.


====Private network====
== NTP ==


Generate encrypted key with
Network Time Protocol is used to keep clocks in sync.
Raspberry Pi will start with the date and time of the last proper shutdown, and some seconds after the internet is up, it will sync the clock using NTP.


wpa_passphrase mySSID secret776
NTP need to be installed, i.e. 'sudo apt install ntp' if not done already.


if the desired SSID is "mySSID" and the password is "secret776", then copy the result into /etc/wpa_supplicant/wpa_supplicant.conf (except the line with the password in clear text).
At DTU most clock sources are blocked, the clock source needs to be configured.


network={
At DTU, edit /etc/NTP.conf or /etc/ntpsec/ntp.conf and add ntp.ait.du.dk to the top of the server pool list.
        ssid="mySSID"
        #psk="secret776"
        psk=812439e952156aea9983f3df5a389cf3f9c2e9f30ae2624eaad1551612a6ef71
}


====Eduroam or DTU secure====
sudo nano /etc/ntpsec/ntp.conf


When connecting to Eduroam you will eventually have to type in your username and password in the wpa_supplicant.conf-file. In order for your password not to be visible, generate a hash-code for it
...
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool ntp.ait.dtu.dk
...


echo -n password_here | iconv -t utf16le | openssl md5
Sync time (if on DTU net)


Copy the hash-code and then clear the terminal window and the command history
sudo ntpdate -u ntp.ait.dtu.dk


clear
Should work in and around DTU - see also [[NTP howto]] for more details.
history -c


Now open wpa_supplicant.conf
You can also check the status of the ntp service:
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
Add or replace the following (You need at least one network group)
country=DK
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
ctrl_interface_group=0
update_config=1
network={
        ssid="eduroam"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        phase2="auth=MSCHAPV2"
        identity="username"
        password=hash:your_hash_code
}
network={
        ssid="DTUsecure"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        phase2="auth=MSCHAPV2"
        identity="username"
        password=hash:your_hash_code
}
Replace '''username''' with your username on Eduroam, i.e. your student number and replace '''your_hash_code''' with the hash-code you generated in the previous step.


Reboot the Raspberry Pi
  sudo systemctl status ntp.service
  sudo reboot
or
sudo /etc/init.d/networking restart

Latest revision as of 17:37, 27 March 2025

Back to Robobot B

WiFi network

If you are at DTU and the small display shows an IP, then all is fine. Otherwise read further down.

Network Manager

The NetworkManager uses device UUID as part of the Wi-Fi network setup. This means that (sometimes) an SD card can not be moved from one robot to another with a functional Wi-Fi connection.

After 20 seconds, an attempt to solve this is activated using the commands below (the code is found in svn/robobot/setup/rename_host.bash - last half).

Use the last line to setup manually - or the GUI, if available.

See the current network settings 

nmcli dev show

Network manager connection with UUID 

nmcli connection

List available wifi access points 

nmcli dev wifi

Connect to DTUdevice net

You can establish a new connection from the command line 

sudo nmcli device wifi connect DTUdevice password <password> ifname wlan0 ipv6.method "disabled"

This should create a new system-connection file with a usable UUID. IPv6 is disabled, as many of the IPv6 MACs seem to be the same (we cloned the SD card), and this will blacklist the connection for stealing the MAC.

There is a terminal-based user interface to edit a connection. First list connections: 

$ nmcli con show
eg: NAME            UUID                                  TYPE      DEVICE 
preconfigured       e07a0ae8-028b-4d65-806c-ec63f435df44  wifi      wlan0  
lo                  2737bad6-956f-4668-99e0-4697f4ec30a7  loopback  lo

Find the NAME of the connection to edit, e.g. 'preconfigured' 

sudo nmtui edit "preconfigured"

The edit as desired.

Reload Network Manager to read this. 

sudo nmcli connection reload

or restart the NetworkManager 

sudo systemctl restart NetworkManager.service

Home network connection

If you know the SSID and password, you can prepare the robot for another (home) network. Use this command (replacing <SSID> and <password>): 

sudo nmcli device wifi connect <SSID> password <password> ifname wlan0

If you have no network contact, then use a local link (cable) or attach a screen and keyboard.

Cable connection

Using static IP and DNS server on Raspberry

Assign a static IP for the Raspberry: 

sudo nmcli connection add con-name eth0-manual ifname eth0 type ethernet ip4 192.168.7.7/24 ipv6.method disabled

The IP for the Raspberry is 192.168.7.1 when a cable is connected and the Network manager is reloaded. 

sudo nmcli con reload

Install DNS server on Raspberry

Allow the connected PC to get an IP automatically; install DNSMASQ 

sudo apt install dnsmasq

Configure the use by editing /etc/dnsmasq.conf 

sudo nano /etc/dnsmasq.conf

Uncomment and change two lines. It is to be used on ETH0 only and in the IP range 192.168.7.50 to 192.168.7.99. 

# DNS requests only on
# specified interface
interface=eth0
# range of addresses available for lease and optionally
# a lease time
dhcp-range=192.168.7.50,192.168.7.99,255.255.255.0,12h

Restart the dnsmasq 

sudo service dnsmasq restart

To see the status of the dnsmasq service use: 

journalctl -b0 -u dnsmasq.service

After this, when you plug in a cable to a PC, then, after some seconds, both the robot and the PC should have an IP in the range 192.168.7.x. And the robot should display the new IP 192.168.7.7.

You can now access the robot using 

ssh local@192.168.7.7

Local link

Note: This method failed in most cases

If wifi is too slow or unavailable, a local link using a network cable could be the solution.

Many PCs will assign a local link IP like 168.254.x.x, and the Robot will do the same. The robot IP will be displayed on the small display but may be obscured if a Wi-Fi IP is available.

To prepare this behaviour, log in to the Raspberry using wifi (or attach a screen and keyboard) and make a preferred local-link cabled connection: 

sudo nmcli con mod "Wired connection 1" ipv4.method link-local ipv6.method disabled

This should then be the behaviour after a reboot. "Wired connection 1" needs to be spelt this way; see the valid names using: 

nmcli connection

Reload Network manager 

sudo nmcli connection reload

Check IP and SSID

When the Pi has rebooted, connect to it using SSH once again. Check that the Pi is connected to WiFi 

ifconfig

Under wlan0 confirm that the Pi has received an IP (inet addr) and note down the first three sections of the IP - they are most likely 10.197.21x.xxx

To see which SSID you are connected to, use 

iwconfig

or 

nmcli -o

The MAC address ('HWaddr' or 'ether') of the Pi should also be noted down - this probably starts with B8:27:EB:xx:xx:xx make sure to get all of it.

Find IP of robot (Linux)

In case the Pi gets a new IP address after reboot, you can search for it using the MAC address and nmap. If nmap is not installed, start by installing it 

sudo apt-get install nmap

To search for the Pi using the MAC address in terminal type 

nmap -sP 10.197.218.0/20 | awk '/^Nmap/{ip=$NF}/B8:27:EB:23:A0:F5/{print ip}'

where 10.197.218 is the first three sections of the IP you noted down, 20 is the number of fixed bits (out of 32), and B8:27:EB:23:A0:F5 is the MAC address of the Pi. This should return the IP of the Pi.

NB! the MAC can hold letters, they should probably be capital.

If you don't know the IP address

Use the first part to get a list of active IPs on the net: 

 nmap -sP 10.197.218.0/24

The robot's name should be included in the list, but the network may take a while to detect it.

NTP

Network Time Protocol is used to keep clocks in sync. Raspberry Pi will start with the date and time of the last proper shutdown, and some seconds after the internet is up, it will sync the clock using NTP.

NTP need to be installed, i.e. 'sudo apt install ntp' if not done already.

At DTU most clock sources are blocked, the clock source needs to be configured.

At DTU, edit /etc/NTP.conf or /etc/ntpsec/ntp.conf and add ntp.ait.du.dk to the top of the server pool list. 

sudo nano /etc/ntpsec/ntp.conf

...
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool ntp.ait.dtu.dk
...

Sync time (if on DTU net) 

sudo ntpdate -u ntp.ait.dtu.dk

Should work in and around DTU - see also NTP howto for more details.

You can also check the status of the ntp service: 

sudo systemctl status ntp.service
Retrieved from "https://rsewiki.electro.dtu.dk/index.php?title=Network_setup&oldid=8048"