2023-01-06 13:50:14 +01:00
|
|
|
[General]
|
2023-01-22 20:02:15 +01:00
|
|
|
# Request setting regulatory domain (ISO-Alpha-2). Check with `iw reg get`.
|
2023-01-22 16:13:54 +01:00
|
|
|
# Location-Aided Routing (LAR) or self-managed devices will just set
|
2024-07-24 19:47:16 +02:00
|
|
|
# the country by nearby APs which again don't expose that configuration to
|
|
|
|
# their administrator in that great detail resulting to devices within the EU
|
|
|
|
# advertising country DE.
|
|
|
|
# To check/refresh regdomain, `iw wlan0 scan | grep -E "SSID:|Country:"`
|
2023-01-22 07:11:03 +01:00
|
|
|
Country=FI
|
2023-06-25 16:58:41 +02:00
|
|
|
|
2024-07-24 19:47:16 +02:00
|
|
|
# Stop iwd from destroying and recreating the interface. I think I am having
|
|
|
|
# stability issues with systemd-networkd if I have to restart anything
|
|
|
|
# networking related by hand, which seems to be mitigated by this.
|
|
|
|
use_default_interface=true
|
2023-06-25 16:58:41 +02:00
|
|
|
|
2024-07-23 08:01:32 +02:00
|
|
|
# Build-in network configuration including DHCP client (and server when
|
|
|
|
# tethering), true if not using systemd-networkd!
|
2024-01-27 09:15:54 +01:00
|
|
|
#EnableNetworkConfiguration=false
|
2023-06-25 16:58:41 +02:00
|
|
|
|
|
|
|
# NOTE! Disable this in case of trouble connecting to network entirely, e.g.
|
|
|
|
# REALTEK devices!
|
|
|
|
#AddressRandomization=disabled
|
|
|
|
|
2023-01-27 09:51:51 +01:00
|
|
|
# Generate a different spoofed MAC address for every SSID. Some networks
|
|
|
|
# configured in /var/lib/iwd/ have a new MAC address for every connection.
|
|
|
|
AddressRandomization=network
|
2023-01-27 12:21:32 +01:00
|
|
|
# Randomize only 3 last octets of MAC. Reveals the manufacturer, but doesn't
|
2023-02-10 21:04:12 +01:00
|
|
|
# set the locally administered bit. However the range is 00:00:01 to 00:00:FE
|
2023-01-28 17:37:43 +01:00
|
|
|
# (254 possible addresses!)
|
2023-02-10 21:04:12 +01:00
|
|
|
# Helsinki City WLAN (and variations) doesn't seem to like "full" (default)
|
|
|
|
AddressRandomizationRange=nic
|
2023-01-27 09:51:51 +01:00
|
|
|
|
2024-07-23 08:01:32 +02:00
|
|
|
# Always require management frame protection. May break things especially with
|
|
|
|
# legacy networks and hardware! Switch to 1 (default) for only when supported
|
|
|
|
# by both sides (downgrade attack possible?).
|
|
|
|
ManagementFrameProtection=2
|
2024-08-11 07:50:10 +02:00
|
|
|
# It must be 1 for Lumina (ThinkPad T470) and MikroTik Chateau 5G to accept
|
|
|
|
# each other, otherwise fallback to open guest network happens.
|
|
|
|
#ManagementFrameProtection=1
|
|
|
|
# INSECURE NEVER USING MANAGEMENT FRAME PROTECTION!
|
|
|
|
#ManagementFrameProtection=0
|
2024-07-23 08:01:32 +02:00
|
|
|
|
2023-01-27 09:51:51 +01:00
|
|
|
[Network]
|
2023-01-06 13:50:14 +01:00
|
|
|
EnableIPv6=true
|
2024-04-11 09:16:21 +02:00
|
|
|
# My /etc/resolf.conf is generally ::1 127.0.0.1 127.0.0.53 and I am not
|
|
|
|
# entirely opposed to local servers. The two first are unbound, the third/this
|
2024-07-23 08:01:32 +02:00
|
|
|
# systemd-resolved. NOTE! Must be used in conjunction with
|
|
|
|
# EnableNetworkConfiguration!
|
2024-07-23 07:51:56 +02:00
|
|
|
#NameResolvingService=systemd
|
2024-07-23 08:01:32 +02:00
|
|
|
#NameResolvingService=none
|
2023-09-26 16:33:12 +02:00
|
|
|
# Default 300, lower preferred by system. Useful when WiFi is known faster
|
|
|
|
# than ethernet like having 10 Mbps switch from time before the building had
|
|
|
|
# anything faster than DSL...
|
|
|
|
#RoutePriorityOffset=0
|