netctl (简体中文)

From ArchWiki
Jump to: navigation, search

Summary
用netctl和网络配置脚本设置网络的指南。
概要
Arch Linux 中可以用netctl进行网络配置netctl同时支持有线网络和无线网络、网络漫游,简化了网络配置文件的管理. NetworkManagerWicd也是流行的替代工具。
资源
Bridge with netctl
翻译状态: 本文是英文页面 Netctl翻译,最后翻译时间:2013-07-27,点击这里可以查看翻译后英文页面的改动。

Netctl 是基于命令行的网络管理器,支持场景配置。它是 Arch 的项目,取代了原来的 netcfg

Contents

安装

netctl 软件包已经进入官方软件仓库.

netctlnetcfg相互冲突,安装 netctl 会替换掉netcfg。如果配置不正确,可能导致连接中断。

Note: 请使用systemctl --type=service确保其它可以配置网络的服务都没有运行,同时使用多个网络配置工具会导致冲突。

建议阅读

建议用户使用前阅读如下文档:

配置

netctl 可以用来检查和控制 systemd 网络配置管理服务的状态。软件提供了一些配置文件的示例以供参考。这些示例位于/etc/netctl/examples/,包括:

  • ethernet-dhcp
  • ethernet-static
  • wireless-wpa
  • wireless-wpa-static

如果使用无线网络,命令wifi-menu -o可以在/etc/netctl自动生成配置文件。

要使用示例配置,将他们从/etc/netctl/examples/复制到/etc/netctl/然后进行修改: 

# cp /etc/netctl/examples/wireless-wpa /etc/netctl/profile

创建完配置后,通过如下方法建立连接: 

# netctl start profile

如果命令出错,可以使用 journalctl -xnnetctl status <profile> 检查出错原因。修正重新设置。

Automatic operation

If you use only one profile (per interface) or want to switch profiles manually, the basic method will do. Most common examples are servers, workstations, routers etc.

If you need to switch multiple profiles frequently, use Automatic switching of profiles. Most common examples are laptops.

Basic method

With this method, you can statically start only one profile per interface. First manually check that the profile can be started successfully, then it can be enabled using 

# netctl enable profile

This will create and enable a systemd service that will start when the computer boots.

Note: The connection is only established if the profile can be started succesfully at boot time (or when the service starts). That specifically means, in case of wired connection the cable must be plugged-in, in case of wireless connection the network must be in range.
Tip: To enable static IP profile on wired interface no matter if the cable is connected or not, use SkipNoCarrier=yes in your profile.

Automatic switching of profiles

netctl provides two special services for automatic switching of profiles: netctl-auto@interface.service for wireless interfaces, and netctl-ifplugd@interface.service for wired interfaces. Using netctl-auto@interface.service, netctl profiles change as you move from range of one network into range of other network. Using netctl-ifplugd@interface.service, netctl profiles change as you plug the cable in and out.

Note: netcfg used net-auto-wireless.service and net-auto-wired.service for this purpose.

First install required packages:

  • Package wpa_actiond is required to use netctl-auto@interface.service.
  • Package ifplugd is required to use netctl-ifplugd@interface.service.

Now configure all profiles that netctl-auto@interface.service or netctl-ifplugd@interface.service can start. If you want some profile not to be started automatically by these services, you have to explicitly add ExcludeAuto=yes to that profile. You can use Priority= to set priority of some profile when multiple profiles are available. See netctl.profile(5) for details.

Warning: Automatic selection of a WPA-enabled profile by netctl-auto is not possible with option Security=wpa-config, please use Security=wpa-configsection instead.

Once your profiles are set and verified to be working, simply enable these services with 

# systemctl enable netctl-auto@interface.service 
# systemctl enable netctl-ifplugd@interface.service
Warning: If any of the profiles contain errors, such as an empty Key= variable, the unit will fail to load at boot.
Warning: This method conflicts with the basic method. If you have previously enabled a profile through netctl, run 
# netctl disable profile
to prevent the profile from starting twice at boot.

从 netcfg 迁移的方法

netctl 使用 /etc/netctl 保存配置,而不是 /etc/network.d (netcfg保存配置的位置).

从 netcfg 迁移,请执行:

  • 禁用 netcfg 服务: # systemctl disable netcfg.service.
  • 删除 netcfg,然后安装 netctl
  • 将老的网络配置移动到新目录
  • 根据 netctl.profile(5) 修改变量名称(主要是大小写变化,例如 CONNECTION 变成 Connection).
  • For static IP configuration make sure the Address variables have a netmask after the IP (e.g. Address=('192.168.1.23/24' '192.168.1.87/24') in the example profile).
  • If you setup a wireless profile according in the wireless-wpa-configsection example, note that this overrides wpa_supplicant options defined above the brackets. For a connection to a hidden wireless network, add scan_ssid=1 to the options in the wireless-wpa-configsection; Hidden=yes does not work there.
  • 接口变量和其他变量不再需要引号(这仅仅是风格变化).
  • 为每一个配置执行netctl enable profile, last工作方式有变化,参阅 netctl.special(7).
  • 使用 netctl list / netctl start <profile> 替换 netcfg-menu. wifi-menu 依然保留。
  • Unlike netcfg, by default netctl fails to bring up a NIC when it is not connected to another powered up NIC. To solve this problem, add SkipNoCarrier=yes at the end of your /etc/netctl/profile.

密码加密(256-bit PSK)

不想用明文保存密码的用户可以使用 256 位加密 PSK,数据是通过密码和 SSID 通过标准算法生成。

  • 方法1: 使用 wifi-menu -o/etc/netctl 中生成配置文件。
  • 方法2: 下面有手动配置方法,如果密码失败,可以试试删除 Key= 中的 \"

不管使用哪种方法,都建议用 chmod 600 /etc/netctl/<config_file> 限制一般用户的访问权限。

然后用wpa_passphrase生成256位加密 PSK: 

Usage: wpa_passphrase [ssid] [passphrase]
$ wpa_passphrase archlinux freenode

在第二个终端将/etc/netctl/examples/wireless-wpa 复制到 /etc/netctl

# cp /etc/netctl/examples/wireless-wpa /etc/netctl/wireless-wpa

编辑/etc/netctl/wireless-wpa,将之前生成的Encrypted Pre-shared Key设置到Key

完成后的wireless-wpa应该类似于: 

/etc/netctl/wireless-wpa
Description='A simple WPA encrypted wireless connection using 256-bit PSK'
Interface=wlp2s2
Connection=wireless
Security=wpa
IP=dhcp
ESSID=archlinux
Key=\"64cf3ced850ecef39197bb7b7b301fc39437a6aa6c6a599d0534b16af578e04a
注意: * 请使用'''special non-quoted rules''' 设置 Key=,参阅 [https://github.com/joukewitteveen/netctl/blob/master/docs/netctl.profile.5.txt netctl.profile(5)] * 配置文件中的 Key 足够连接到 WPA-PSK 网络。也就是说,此方法仅仅将密码变得不可读,但是只要用户能够读取配置文件,就能连接到网络。请不要使用相同的密码作为网络密码。

支持

官方通知帖: https://bbs.archlinux.org/viewtopic.php?id=157670

提示和技巧

Replace 'netcfg current'

As of April 2013 there is no netctl alternative to netcfg current. If you relied on it for something, like a status bar for a tiling window manager, you can now use: 

# netctl list | awk '/*/ {print $2}'

or, when netctl-auto was used to connect: 

# wpa_cli -i interface status | sed -n 's/^id_str=//p'

Eduroam

Some universities use a system called "Eduroam" to manage their wireless networks. For this system, a WPA config-section profile with the following format is often useful: 

/etc/netctl/wlan0-eduroam
Description='Eduroam-profile for <user>'
Interface=wlan0
Connection=wireless
Security=wpa-configsection
IP=dhcp
WPAConfigSection=(
 'ssid="eduroam"'
 'proto=RSN'
 'key_mgmt=WPA-EAP'
 'pairwise=CCMP'
 'auth_alg=OPEN'
 'eap=PEAP'
 'identity="<user>"'
 'password="<password>"'
)

Bonding

From kernel documentation:

The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interfaces depends on the mode. Generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed.

Load balancing

To use bonding with netctl, additional package from official repositories is required: ifenslave.

复制 /etc/netctl/examples/bonding/etc/netctl/bonding 并进行编辑,举例来说,像下面这样: 

/etc/netctl/bonding
Description='Bond Interface'
 Interface='bond0'
 BindsToInterfaces=('eth0' 'eth1')
 IP=dhcp
 IP6=stateless

现在你可以禁用和停止旧的网络配置,然后设置自动启动 bonding:

禁用旧的配置文件: 

 # netctl stop ethernet
 # netctl disable ethernet

启用并启动 bonding: 

 # netctl start bonding
 # netctl enable bonding
注意: 要改变绑定模式(默认值是轮询),例如,用于active backup:

创建 /etc/modprobe.d/bonding.conf

/etc/modprobe.d/bonding.conf
options bonding mode=active-backup
options bonding miimon=100
更多关于不同绑定策略(以及其它驱动程序设置)的信息,参见 Linux Ethernet Bonding Driver HOWTOThe Linux Foundation: bonding

查看状态和绑定模式: 

$ cat /proc/net/bonding/bond0

有线 -> 无线故障切换

当有线网络断开时,使用 bonding 切换到无线网络,这种方法也会在探测这两种网络连接,并在至少一种已连接时启动 dhcpcd。

你将需要官方源中的 netctlifplugdifenslavewpa_supplicant

首先配置 bonding 驱动程序使用 active-backup 模式: 

/etc/modprobe.d/bonding.conf
options bonding mode=active-backup
options bonding miimon=100
options bonding primary=eth0
options bonding max_bonds=0

设置`max-bonds`可以避免"Interface bond0 already exists" 错误。

然后,配置一份 netctl 配置文件,使用这两个硬件接口: 

/etc/netctl/failover
Description='A wired connection with failover to wireless'
Interface='bond0'
Connection=bond
BindsToInterface=('eth0' 'wlan0')
IP='no'
SkipNoCarrier='no'

启动时启用配置文件。 

# netctl enable failover

将 wpa_supplicant 配置为关联一个已知网络,可以通过 netctl profile (记得设置 IP='no'), 长期运行的 wpa_supplicant 服务或者 wpa_cli 命令实现。具体方法请访问 wpa_supplicant 页面。

创建 ifplugd 操作,自动为绑定的接口进行 DHCP 分配: 

/etc/ifplugd/bond_dhcp.action
#!/bin/sh

case "$2" in
  up)
    systemctl start "dhcpcd@$1.service" && exit 0
    ;;
  down)
    systemctl stop "dhcpcd@$1.service" && exit 0
    ;;
  *)
    echo "Wrong arguments" > /dev/stderr
    ;;
esac
exit 1

并使它可执行 

# chmod +x /etc/ifplugd/bond_dhcp.action

然后创建 systemd 服务,启动 bond0 上的 ifplugd: 

/etc/systemd/system/net-auto-bonded@.service
[Unit]
Description=Provides automatic dhcp resolution for bonded failover connection
Requires=netctl@failover.service
After=netctl@failover.service

[Service]
ExecStart=/usr/bin/ifplugd -i %i -r /etc/ifplugd/bond_dhcp.action -fIns

[Install]
WantedBy=multi-user.target

启用 net-auto-bonded 服务并重启: 

# systemctl enable net-auto-bonded@bond0.service
# reboot

如果有线连接和无线连接位于同一个网络,现在你可以断开重连有线网络而不会断网。甚至大多数情况下,播放流媒体音乐都不会有间断!

Retrieved from "https://wiki.archlinux.org/index.php?title=Netctl_(简体中文)&oldid=272293"