[General] # Request setting regulatory domain (ISO-Alpha-2). Check with `iw reg get`. # Location-Aided Routing (LAR) or self-managed devices will just set # the country by nearby APs which again don't expose that configuration to # their administrator in that great detail resulting to devices within the EU # advertising country DE. # To check/refresh regdomain, `iw wlan0 scan | grep -E "SSID:|Country:"` Country=FI # Stop iwd from destroying and recreating the interface. I think I am having # stability issues with systemd-networkd if I have to restart anything # networking related by hand, which seems to be mitigated by this. use_default_interface=true # Build-in network configuration including DHCP client (and server when # tethering), true if not using systemd-networkd! #EnableNetworkConfiguration=false # NOTE! Disable this in case of trouble connecting to network entirely! # But FIRST ensure firmware-iwlwifi is installed on Debian, if Intel NIC? #AddressRandomization=disabled # Generate a different spoofed MAC address for every SSID. Some networks # configured in /var/lib/iwd/ have a new MAC address for every connection. AddressRandomization=network # Randomize only 3 last octets of MAC. Reveals the manufacturer, but doesn't # set the locally administered bit. However the range is 00:00:01 to 00:00:FE # (254 possible addresses!) # Helsinki City WLAN (and variations) doesn't seem to like "full" (default) AddressRandomizationRange=nic # Always require management frame protection. May break things especially with # legacy networks and hardware! Switch to 1 (default) for only when supported # by both sides (downgrade attack possible?). ManagementFrameProtection=2 # It must be 1 for Lumina (ThinkPad T470) and MikroTik Chateau 5G to accept # each other, otherwise fallback to open guest network happens. #ManagementFrameProtection=1 # INSECURE NEVER USING MANAGEMENT FRAME PROTECTION! #ManagementFrameProtection=0 [Network] EnableIPv6=true # My /etc/resolf.conf is generally ::1 127.0.0.1 127.0.0.53 and I am not # entirely opposed to local servers. The two first are unbound, the third/this # systemd-resolved. NOTE! Must be used in conjunction with # EnableNetworkConfiguration! #NameResolvingService=systemd #NameResolvingService=none # Default 300, lower preferred by system. Useful when WiFi is known faster # than ethernet like having 10 Mbps switch from time before the building had # anything faster than DSL... #RoutePriorityOffset=0