Network setup: Difference between revisions

From Rsewiki
No edit summary
 
(42 intermediate revisions by the same user not shown)
Line 1: Line 1:
Back to [[Robobot]]
Back to [[Robobot B]]
 
==WiFi network==
 
If you are at DTU and the small display shows an IP, then all is fine. Otherwise read further down.
 
====Network Manager====
 
The NetworkManager uses device UUID as part of the Wi-Fi network setup. This means that (sometimes) an SD card can not be moved from one robot to another with a functional Wi-Fi connection.
 
After 20 seconds, an attempt to solve this is activated using the commands below (the code is found in svn/robobot/setup/rename_host.bash - last half).
 
Use the last line to setup manually - or the GUI, if available.
 
See the current network settings
nmcli dev show
Network manager connection with UUID
nmcli connection
List available wifi access points
nmcli dev wifi
 
==== Connect to DTUdevice net ====
 
You can establish a new connection from the command line
sudo nmcli device wifi connect DTUdevice password <password> ifname wlan0 ipv6.method "disabled"
This should create a new system-connection file with a usable UUID.
IPv6 is disabled, as many of the IPv6 MACs seem to be the same (we cloned the SD card), and this will blacklist the connection for stealing the MAC.
 
There is a terminal-based user interface to edit a connection. First list connections:
$ nmcli con show
eg: NAME            UUID                                  TYPE      DEVICE
preconfigured      e07a0ae8-028b-4d65-806c-ec63f435df44  wifi      wlan0 
lo                  2737bad6-956f-4668-99e0-4697f4ec30a7  loopback  lo
Find the NAME of the connection to edit, e.g. 'preconfigured'
sudo nmtui edit "preconfigured"
The edit as desired.
 
Reload Network Manager to read this.
 
sudo nmcli connection reload
 
or restart the NetworkManager
 
sudo systemctl restart NetworkManager.service


Back to [[Robobot B]]
==== Home network connection ====
 
If you know the SSID and password, you can prepare the robot for another (home) network.
Use this command (replacing <SSID> and <password>):


sudo nmcli device wifi connect <SSID> password <password> ifname wlan0


=== NTP ===
If you have no network contact, then use a local link (cable) or attach a screen and keyboard.


Network time protocol, to keep clocks in sync.
== Cable connection ==
At DTU most clock sources are blocked, the clock source needs to be configured.


At DTU, edit /etc/ntp.conf or /etc/ntpsec/ntp.conf, add ntp.ait.du.dk to server pool
==== Using static IP and DNS server on Raspberry ====


sudo nano /etc/ntpsec/ntp.conf
Assign a static IP for the Raspberry:


  ...
  sudo nmcli connection add con-name eth0-manual ifname eth0 type ethernet ip4 192.168.7.7/24 ipv6.method disabled
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool ntp.ait.dtu.dk
...


Sync time (if on DTU net)
The IP for the Raspberry is 192.168.7.1 when a cable is connected and the Network manager is reloaded.


  sudo ntpdate -u ntp.ait.dtu.dk
  sudo nmcli con reload


Should work in and around DTU - see also [[NTP howto]] for more details.
==== Alternative ====


===WiFi network===
I found this method (Google AI) to use DHCP with higher priority, and then static IP if DHCP fails


====Network Manager====
sudo nmcli connection add type ethernet con-name "Wired-DHCP" ifname eth0 ipv4.method auto autoconnect yes connect.autoconnect-priority 1


Create a connection file in /etc/NetworkManager/system-connections
sudo nmcli connection add type ethernet con-name "Robobot-Static7" ifname eth0 ipv4.method manual ipv4.addresses 192.168.7.7/24 ipv4.gateway 192.168.7.1 ipv4.dns 8.8.8.8 autoconnect yes connect.autoconnect-priority 0


sudo nano /etc/NetworkManager/system-connections/DTUdevice.nmconnection
This creates 2 entries in /etc/NetworkManager/system-connections (on a default Raspberry Pi 64 Bit OS using Network Manager)


Insert the following (but remember to insert the correct psk password):
/etc/NetworkManager/system-connections/Wired-DHCP.nmconnection


  [connection]
  [connection]
  id=DTUdevice
  id=Wired-DHCP
  uuid=c5e1b602-c694-4bf4-a398-cdce468568d6
  uuid=339844b1-cee4-4a43-a3f1-a5de05f3cb70
  type=wifi
  type=ethernet
  interface-name=wlan0
autoconnect-priority=1
  interface-name=eth0
[ethernet]
[ipv4]
method=auto
   
   
  [wifi]
  [ipv6]
  mode=infrastructure
  addr-gen-mode=default
  ssid=DTUdevice
  method=auto
   
   
  [wifi-security]
  [proxy]
  auth-alg=open
 
  key-mgmt=wpa-psk
''Note! the UUID should be different''
  psk=<password, ask or find in course material>
 
/etc/NetworkManager/system-connections/Robobot-Static7.nmconnection
 
[connection]
  id=Robobot-Static7
uuid=2a91ef05-3666-4293-a793-330c3b49cdd4
type=ethernet
  interface-name=eth0
  [ethernet]
   
   
  [ipv4]
  [ipv4]
  method=auto
address1=192.168.7.7/24,192.168.7.1
dns=8.8.8.8;
  method=manual
   
   
  [ipv6]
  [ipv6]
Line 60: Line 118:
  [proxy]
  [proxy]


All robots are allowed on the DTUdevice network, but only with a few ports open.
''Note2! To default to static IP can take 2-4 minutes after detecting the cable! (at least 2 times 60 second timeout is needed)''


You can use the same template for other networks with a passphrase (PSK) key; just replace the ID with the SSID and change the PSK password.
On your laptop you can do the same, but probably more efficient, set to manual IP v4.
This can be done using your GUI tools, or on Linux:


sudo ip eth0 192.168.7.22


=== Check IP and SSID ===
Note! ''eth0'' may be different, as modern hardware often has a more complex name, as ''eno1'' or ''enp108s0''.


When the Pi has rebooted, connect to it using SSH once again. Check that the Pi is connected to WiFi
Note2! If the robot has 192.168.7.7, then you should use something else for your laptop, e.g. 192.168.7.22.
ifconfig
Under '''wlan0''' confirm that the Pi has received an IP (inet addr) and note down the first three sections of the IP - they are most likely '''10.197.21x.xxx'''


To see which SSID you are connected to, use
Then ssh to the robot
iwconfig
or
nmcli -o


The MAC address ('HWaddr' or 'ether') of the Pi should also be noted down - this probably starts with '''B8:27:EB:xx:xx:xx''' make sure to get all of it.
ssh local@192.168.7.7


===Find IP of robot (Linux)===
==== Install DNS server on Raspberry ====


In case the Pi gets a new IP address after reboot, you can search for it using the MAC address and '''nmap'''. If '''nmap''' is not installed, start by installing it
This section may be deprecated, use the alternative method above with fallback to static IP.
sudo apt-get install nmap
To search for the Pi using the MAC address in terminal type
nmap -sP 10.16.175.0/24 | awk '/^Nmap/{ip=$NF}/B8:27:EB:23:A0:F5/{print ip}'
where '''10.16.175''' is the first three sections of the IP you noted down and '''B8:27:EB:23:A0:F5''' is the MAC address of the Pi. This should return the IP of the Pi.


NB! the MAC can hold letters, they should probably be capital.
Allow the connected PC to get an IP automatically; install DNSMASQ


==== If you don't know the MAC address====
sudo apt install dnsmasq


Use the first part, to get a list of active IP on the net:
Configure the use by editing /etc/dnsmasq.conf
  nmap -sP 10.16.175.0/24


The name of the robot should be included in the list, but it can take a while for the network to detect the name.
sudo nano /etc/dnsmasq.conf


==== WPA ====
Uncomment and change two lines. It is to be used on ETH0 only and in the IP range 192.168.7.50 to 192.168.7.99.
*Old - do not use


* NO! we now use "DTUdevice"
# DNS requests only on
* @todo
# specified interface
interface=eth0
# range of addresses available for lease and optionally
# a lease time
dhcp-range=192.168.7.50,192.168.7.99,255.255.255.0,12h


Restart the dnsmasq


sudo service dnsmasq restart


Replace password/passphrase with an encrypted version.
To see the status of the dnsmasq service use:


The '''wpa_passphrase''' generated function works to generate an encrypted passphrase:
journalctl -b0 -u dnsmasq.service
(copied from Raspberry Pi forum, (thanks to 'rpdom')).


rpdom@raspberrypi:~ $ wpa_passphrase MYSSID MYPASSPHRASE
After this, when you plug in a cable to a PC, then, after some seconds, both the robot and the PC should have an IP in the range 192.168.7.x. And the robot should display the new IP 192.168.7.7.
network={
ssid="MYSSID"
#psk="MYPASSPHRASE"
psk=ENCRYPTED_PSK_IS_HERE
}
rpdom@raspberrypi:~ $ sudo nmcli con add con-name MYSSID \
                            type wifi ssid MYSSID \
                            wifi-sec.key-mgmt wpa-psk \
                            wifi-sec.psk ENCRYPTED_PSK_IS_HERE
Connection 'MYSSID' (ed602d46-0a2b-4094-a2c3-79652a47d612) successfully added.
sudo nmcli con up MYSSID


Or, if the connection is already established, then edit the relevant file and copy in the ENCRYPTED_PSK_IS_HERE to replace the clear text passphrase.
You can now access the robot using
ssh local@192.168.7.7


cd /etc/NetworkManager/system-connections
==== Local link ====
ls
sudo nano MYSSID.nmconnection


===== 802 secure wifi =====
Note: This method failed in most cases


When connecting to Eduroam (or other with 802 security) you will eventually have to type in your username and password in the wpa_supplicant.conf-file. For your password not to be visible, generate a hash code for it
If wifi is too slow or unavailable, a local link using a network cable could be the solution.


echo -n YOUR_COOPERATE_MAIL_PASSWORD | iconv -t utf16le | openssl md5
Many PCs will assign a local link IP like 168.254.x.x, and the Robot will do the same. The robot IP will be displayed on the small display but may be obscured if a Wi-Fi IP is available.


Copy the generated hash code (YOUR_COOPERATE_MAIL_PASSWORD_HASH) and clear the terminal window and the command history.
To prepare this behaviour, log in to the Raspberry using wifi (or attach a screen and keyboard) and make a preferred local-link cabled connection:


  clear
  sudo nmcli con mod "Wired connection 1" ipv4.method link-local ipv6.method disabled
history -c


A connection using 802 security could be generated with
This should then be the behaviour after a reboot. "Wired connection 1" needs to be spelt this way; see the valid names using:


  nmcli connection add \
  nmcli connection
  type wifi \
  connection.id NICKNAME \
  wifi.ssid SSID \
  wifi.mode infrastructure \
  wifi-sec.key-mgmt wpa-eap \
  802-1x.eap peap \
  802-1x.identity YOUR_COOPERATE_MAIL \
  802-1x.phase2-auth mschapv2 \
  802-1x.password hash:YOUR_COOPERATE_MAIL_PASSWORD_HASH
sudo nmcli con up NICKNAME


Replace the UPPER case words as appropriate.
Reload Network manager


Or, if the connection is already established, replace the password as above (in /etc/NetworkManager/system-connections).
sudo nmcli connection reload


I don't know if the '''YOUR_COOPERATE_MAIL_PASSWORD_HASH''' encryption works this way.
== Check IP and SSID ==


==== WPA ====
When the Pi has rebooted, connect to it using SSH once again. Check that the Pi is connected to WiFi
ifconfig
Under '''wlan0''' confirm that the Pi has received an IP (inet addr) and note down the first three sections of the IP - they are most likely '''10.197.21x.xxx'''


''''No longer active''''
To see which SSID you are connected to, use
iwconfig
or
nmcli -o


Now open wpa_supplicant.conf
The MAC address ('HWaddr' or 'ether') of the Pi should also be noted down - this probably starts with '''B8:27:EB:xx:xx:xx''' make sure to get all of it.
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf


If you added an wifi access point, it probably looks something like this
===Find IP of robot (Linux)===


  network={
In case the Pi gets a new IP address after reboot, you can search for it using the MAC address and '''nmap'''. If '''nmap''' is not installed, start by installing it
        ssid="device"
  sudo apt-get install nmap
        key_mgmt=NONE
To search for the Pi using the MAC address in terminal type
}
nmap -sP 10.197.218.0/20 | awk '/^Nmap/{ip=$NF}/B8:27:EB:23:A0:F5/{print ip}'
where '''10.197.218''' is the first three sections of the IP you noted down, 20 is the number of fixed bits (out of 32), and '''B8:27:EB:23:A0:F5''' is the MAC address of the Pi. This should return the IP of the Pi.


or using typical security with a password
NB! the MAC can hold letters, they should probably be capital.


network={
==== If you don't know the IP address====
        ssid="tdc432"
        psk="secret_password"
        key_mgmt=WPA-PSK
        id_str=home
}


You can add any number of the "network" groups for all the networks you get across
Use the first part to get a list of active IPs on the net:
If you don't like the network password to be visible, see guide below.
  nmap -sP 10.197.218.0/24


====Private network====
The robot's name should be included in the list, but the network may take a while to detect it.


Generate encrypted key with
== NTP ==


wpa_passphrase mySSID secret776
Depreciated. The Raspberry default time sync now works, also at DTU.


if the desired SSID is "mySSID" and the password is "secret776", then copy the result into /etc/wpa_supplicant/wpa_supplicant.conf (except the line with the password in clear text).
Network Time Protocol is used to keep clocks in sync.
Raspberry Pi will start with the date and time of the last proper shutdown, and a few seconds after the network is up, it will sync the clock using NTP.


network={
NTP need to be installed, i.e. 'sudo apt install ntp' if not done already.
        ssid="mySSID"
        #psk="secret776"
        psk=812439e952156aea9983f3df5a389cf3f9c2e9f30ae2624eaad1551612a6ef71
}


====Eduroam or DTU secure====
At DTU, most clock sources are blocked; the clock source needs to be configured.


When connecting to Eduroam you will eventually have to type in your username and password in the wpa_supplicant.conf-file. In order for your password not to be visible, generate a hash-code for it
At DTU, edit /etc/NTP.conf or /etc/ntpsec/ntp.conf and add ntp.ait.du.dk to the top of the server pool list.


  echo -n password_here | iconv -t utf16le | openssl md5
  sudo nano /etc/ntpsec/ntp.conf


Copy the hash-code and then clear the terminal window and the command history
...
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool ntp.ait.dtu.dk
...


  clear
Sync time (if on DTU net)
history -c
 
  sudo ntpdate -u ntp.ait.dtu.dk
 
Should work in and around DTU - see also [[NTP howto]] for more details.


Now open wpa_supplicant.conf
You can also check the status of the ntp service:
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
Add or replace the following (You need at least one network group)
country=DK
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
ctrl_interface_group=0
update_config=1
network={
        ssid="eduroam"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        phase2="auth=MSCHAPV2"
        identity="username"
        password=hash:your_hash_code
}
network={
        ssid="DTUsecure"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        phase2="auth=MSCHAPV2"
        identity="username"
        password=hash:your_hash_code
}
Replace '''username''' with your username on Eduroam, i.e. your student number and replace '''your_hash_code''' with the hash-code you generated in the previous step.


Reboot the Raspberry Pi
  sudo systemctl status ntp.service
  sudo reboot
or
sudo /etc/init.d/networking restart

Latest revision as of 12:26, 18 December 2025

Back to Robobot B

WiFi network

If you are at DTU and the small display shows an IP, then all is fine. Otherwise read further down.

Network Manager

The NetworkManager uses device UUID as part of the Wi-Fi network setup. This means that (sometimes) an SD card can not be moved from one robot to another with a functional Wi-Fi connection.

After 20 seconds, an attempt to solve this is activated using the commands below (the code is found in svn/robobot/setup/rename_host.bash - last half).

Use the last line to setup manually - or the GUI, if available.

See the current network settings 

nmcli dev show

Network manager connection with UUID 

nmcli connection

List available wifi access points 

nmcli dev wifi

Connect to DTUdevice net

You can establish a new connection from the command line 

sudo nmcli device wifi connect DTUdevice password <password> ifname wlan0 ipv6.method "disabled"

This should create a new system-connection file with a usable UUID. IPv6 is disabled, as many of the IPv6 MACs seem to be the same (we cloned the SD card), and this will blacklist the connection for stealing the MAC.

There is a terminal-based user interface to edit a connection. First list connections: 

$ nmcli con show
eg: NAME            UUID                                  TYPE      DEVICE 
preconfigured       e07a0ae8-028b-4d65-806c-ec63f435df44  wifi      wlan0  
lo                  2737bad6-956f-4668-99e0-4697f4ec30a7  loopback  lo

Find the NAME of the connection to edit, e.g. 'preconfigured' 

sudo nmtui edit "preconfigured"

The edit as desired.

Reload Network Manager to read this. 

sudo nmcli connection reload

or restart the NetworkManager 

sudo systemctl restart NetworkManager.service

Home network connection

If you know the SSID and password, you can prepare the robot for another (home) network. Use this command (replacing <SSID> and <password>): 

sudo nmcli device wifi connect <SSID> password <password> ifname wlan0

If you have no network contact, then use a local link (cable) or attach a screen and keyboard.

Cable connection

Using static IP and DNS server on Raspberry

Assign a static IP for the Raspberry: 

sudo nmcli connection add con-name eth0-manual ifname eth0 type ethernet ip4 192.168.7.7/24 ipv6.method disabled

The IP for the Raspberry is 192.168.7.1 when a cable is connected and the Network manager is reloaded. 

sudo nmcli con reload

Alternative

I found this method (Google AI) to use DHCP with higher priority, and then static IP if DHCP fails 

sudo nmcli connection add type ethernet con-name "Wired-DHCP" ifname eth0 ipv4.method auto autoconnect yes connect.autoconnect-priority 1

sudo nmcli connection add type ethernet con-name "Robobot-Static7" ifname eth0 ipv4.method manual ipv4.addresses 192.168.7.7/24 ipv4.gateway 192.168.7.1 ipv4.dns 8.8.8.8 autoconnect yes connect.autoconnect-priority 0

This creates 2 entries in /etc/NetworkManager/system-connections (on a default Raspberry Pi 64 Bit OS using Network Manager)

/etc/NetworkManager/system-connections/Wired-DHCP.nmconnection 

[connection]
id=Wired-DHCP
uuid=339844b1-cee4-4a43-a3f1-a5de05f3cb70
type=ethernet
autoconnect-priority=1
interface-name=eth0

[ethernet]

[ipv4]
method=auto

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

Note! the UUID should be different

/etc/NetworkManager/system-connections/Robobot-Static7.nmconnection 

[connection]
id=Robobot-Static7
uuid=2a91ef05-3666-4293-a793-330c3b49cdd4
type=ethernet
interface-name=eth0

[ethernet] 

[ipv4]
address1=192.168.7.7/24,192.168.7.1
dns=8.8.8.8;
method=manual

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

Note2! To default to static IP can take 2-4 minutes after detecting the cable! (at least 2 times 60 second timeout is needed)

On your laptop you can do the same, but probably more efficient, set to manual IP v4. This can be done using your GUI tools, or on Linux: 

sudo ip eth0 192.168.7.22

Note! eth0 may be different, as modern hardware often has a more complex name, as eno1 or enp108s0.

Note2! If the robot has 192.168.7.7, then you should use something else for your laptop, e.g. 192.168.7.22.

Then ssh to the robot 

ssh local@192.168.7.7

Install DNS server on Raspberry

This section may be deprecated, use the alternative method above with fallback to static IP.

Allow the connected PC to get an IP automatically; install DNSMASQ 

sudo apt install dnsmasq

Configure the use by editing /etc/dnsmasq.conf 

sudo nano /etc/dnsmasq.conf

Uncomment and change two lines. It is to be used on ETH0 only and in the IP range 192.168.7.50 to 192.168.7.99. 

# DNS requests only on
# specified interface
interface=eth0
# range of addresses available for lease and optionally
# a lease time
dhcp-range=192.168.7.50,192.168.7.99,255.255.255.0,12h

Restart the dnsmasq 

sudo service dnsmasq restart

To see the status of the dnsmasq service use: 

journalctl -b0 -u dnsmasq.service

After this, when you plug in a cable to a PC, then, after some seconds, both the robot and the PC should have an IP in the range 192.168.7.x. And the robot should display the new IP 192.168.7.7.

You can now access the robot using 

ssh local@192.168.7.7

Local link

Note: This method failed in most cases

If wifi is too slow or unavailable, a local link using a network cable could be the solution.

Many PCs will assign a local link IP like 168.254.x.x, and the Robot will do the same. The robot IP will be displayed on the small display but may be obscured if a Wi-Fi IP is available.

To prepare this behaviour, log in to the Raspberry using wifi (or attach a screen and keyboard) and make a preferred local-link cabled connection: 

sudo nmcli con mod "Wired connection 1" ipv4.method link-local ipv6.method disabled

This should then be the behaviour after a reboot. "Wired connection 1" needs to be spelt this way; see the valid names using: 

nmcli connection

Reload Network manager 

sudo nmcli connection reload

Check IP and SSID

When the Pi has rebooted, connect to it using SSH once again. Check that the Pi is connected to WiFi 

ifconfig

Under wlan0 confirm that the Pi has received an IP (inet addr) and note down the first three sections of the IP - they are most likely 10.197.21x.xxx

To see which SSID you are connected to, use 

iwconfig

or 

nmcli -o

The MAC address ('HWaddr' or 'ether') of the Pi should also be noted down - this probably starts with B8:27:EB:xx:xx:xx make sure to get all of it.

Find IP of robot (Linux)

In case the Pi gets a new IP address after reboot, you can search for it using the MAC address and nmap. If nmap is not installed, start by installing it 

sudo apt-get install nmap

To search for the Pi using the MAC address in terminal type 

nmap -sP 10.197.218.0/20 | awk '/^Nmap/{ip=$NF}/B8:27:EB:23:A0:F5/{print ip}'

where 10.197.218 is the first three sections of the IP you noted down, 20 is the number of fixed bits (out of 32), and B8:27:EB:23:A0:F5 is the MAC address of the Pi. This should return the IP of the Pi.

NB! the MAC can hold letters, they should probably be capital.

If you don't know the IP address

Use the first part to get a list of active IPs on the net: 

 nmap -sP 10.197.218.0/24

The robot's name should be included in the list, but the network may take a while to detect it.

NTP

Depreciated. The Raspberry default time sync now works, also at DTU.

Network Time Protocol is used to keep clocks in sync. Raspberry Pi will start with the date and time of the last proper shutdown, and a few seconds after the network is up, it will sync the clock using NTP.

NTP need to be installed, i.e. 'sudo apt install ntp' if not done already.

At DTU, most clock sources are blocked; the clock source needs to be configured.

At DTU, edit /etc/NTP.conf or /etc/ntpsec/ntp.conf and add ntp.ait.du.dk to the top of the server pool list. 

sudo nano /etc/ntpsec/ntp.conf

...
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool ntp.ait.dtu.dk
...

Sync time (if on DTU net) 

sudo ntpdate -u ntp.ait.dtu.dk

Should work in and around DTU - see also NTP howto for more details.

You can also check the status of the ntp service: 

sudo systemctl status ntp.service
Retrieved from "https://rsewiki.electro.dtu.dk/index.php?title=Network_setup&oldid=8417"