From 728e9278b68474f63e8949dcdaaf493ff214ef29 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Mon, 4 Aug 2025 09:24:45 +0300 Subject: [PATCH] iwd: comment out mostly everything --- etc/iwd/main.conf | 9 +++++---- var/lib/iwd/openwireless.org.open | 6 +++--- var/lib/iwd/private-cafe-sample.psk | 6 +++--- var/lib/iwd/private-home-sample.psk | 4 ++-- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/etc/iwd/main.conf b/etc/iwd/main.conf index cf75194a..7a42b4d2 100644 --- a/etc/iwd/main.conf +++ b/etc/iwd/main.conf @@ -14,6 +14,7 @@ use_default_interface=true # Build-in network configuration including DHCP client (and server when # tethering), true if not using systemd-networkd! +#EnableNetworkConfiguration=true #EnableNetworkConfiguration=false # NOTE! Disable this in case of trouble connecting to network entirely! @@ -22,17 +23,17 @@ use_default_interface=true # Generate a different spoofed MAC address for every SSID. Some networks # configured in /var/lib/iwd/ have a new MAC address for every connection. -AddressRandomization=network +#AddressRandomization=network # Randomize only 3 last octets of MAC. Reveals the manufacturer, but doesn't # set the locally administered bit. However the range is 00:00:01 to 00:00:FE # (254 possible addresses!) # Helsinki City WLAN (and variations) doesn't seem to like "full" (default) -AddressRandomizationRange=nic +#AddressRandomizationRange=nic # Always require management frame protection. May break things especially with # legacy networks and hardware! Switch to 1 (default) for only when supported # by both sides (downgrade attack possible?). -ManagementFrameProtection=2 +#ManagementFrameProtection=2 # It must be 1 for Lumina (ThinkPad T470) and MikroTik Chateau 5G to accept # each other, otherwise fallback to open guest network happens. #ManagementFrameProtection=1 @@ -46,7 +47,7 @@ EnableIPv6=true # systemd-resolved. NOTE! Must be used in conjunction with # EnableNetworkConfiguration! #NameResolvingService=systemd -#NameResolvingService=none +NameResolvingService=none # Default 300, lower preferred by system. Useful when WiFi is known faster # than ethernet like having 10 Mbps switch from time before the building had # anything faster than DSL... diff --git a/var/lib/iwd/openwireless.org.open b/var/lib/iwd/openwireless.org.open index d2067617..9701d80f 100644 --- a/var/lib/iwd/openwireless.org.open +++ b/var/lib/iwd/openwireless.org.open @@ -1,9 +1,9 @@ -[Settings] +#[Settings] #AlwaysRandomizeAddress=true # Disables connections without Management Frame Protection (and TKIP) -TransitionDisable=true +#TransitionDisable=true # Requires WiFi Enhanced Open (OWE) -DisabledTransitionModes=open +#DisabledTransitionModes=open [IPv4] DNS=127.0.0.1 127.0.0.53 diff --git a/var/lib/iwd/private-cafe-sample.psk b/var/lib/iwd/private-cafe-sample.psk index b5bb3de3..43f8c681 100644 --- a/var/lib/iwd/private-cafe-sample.psk +++ b/var/lib/iwd/private-cafe-sample.psk @@ -1,10 +1,10 @@ # This SSID is "private-cafe-sample", it comes from the filename -[Settings] +#[Settings] #AlwaysRandomizeAddress=true # Disables TKIP and connections without Management Frame Protection -TransitionDisable=true +#TransitionDisable=true # Disables WPA2-{Personal,Enterprise} and requires WiFi Enhanced Open (OWE) -DisabledTransitionModes=personal,enterprise,open +#DisabledTransitionModes=personal,enterprise,open [Security] Passphrase=MySuperSecretPassphraseThatDoesNotReadHere diff --git a/var/lib/iwd/private-home-sample.psk b/var/lib/iwd/private-home-sample.psk index eeab1aef..014ffaf6 100644 --- a/var/lib/iwd/private-home-sample.psk +++ b/var/lib/iwd/private-home-sample.psk @@ -4,9 +4,9 @@ AutoConnect=true # MAC address override. Takes priority over AlwaysRandomizeAddress #AddressOverride= # Disables TKIP and connections without Management Frame Protection -TransitionDisable=true +#TransitionDisable=true # Disables WPA2-{Personal,Enterprise} and requires WiFi Enhanced Open (OWE) -DisabledTransitionModes=personal,enterprise,open +#DisabledTransitionModes=personal,enterprise,open [Security] Passphrase=MySuperSecretPassphraseThatDoesNotReadHere