Signup for our newsletter to get notified about sales and new products. Add any text here or remove it.
No products in the cart.
iwd (iNet wireless daemon) is a wireless daemon for Linux written by Intel. The core goal of the project is to optimize resource utilization by not depending on any external libraries and instead utilizing features provided by the Linux Kernel to the maximum extent possible.
iwd can work in standalone mode or in combination with comprehensive network managers like ConnMan, systemd-networkd and NetworkManager.
Install the iwd package.
The iwd package provides the client program iwctl, the daemon iwd and the Wi-Fi monitoring tool iwmon.
Start/enable iwd.service so it can be controlled using the iwctl command.
To get an interactive prompt do:
The interactive prompt is then displayed with a prefix of [iwd]#. Tip:
iwctl device wlan0 show
To list all available commands:
First, if you do not know your wireless device name, list all Wi-Fi devices:
[iwd]# device list
Then, to scan for networks:
[iwd]# station device scan
You can then list all available networks:
[iwd]# station device get-networks
Finally, to connect to a network:
[iwd]# station device connect SSID
Tip: The user interface supports autocomplete, by typing station and TabTab, the available devices are displayed, type the first letters of the device and Tab to complete. The same way, type connect and TabTab in order to have the list of available networks displayed. Then, type the first letters of the chosen network followed by Tab in order to complete the command.
If a passphrase is required, you will be prompted to enter it. Alternatively, you can supply it as a command line argument:
$ iwctl --passphrase passphrase station device connect SSID
PMK generation failed. Ensure Crypto Engine is properly configured
If your network is configured such that you can connect to it by pressing a button (Wikipedia:Wi-Fi Protected Setup), check first that your network device is also capable of using this setup procedure.
[iwd]# wsc list
Then, provided that your device appeared in the above list,
[iwd]# wsc device push-button
and push the button on your router. The procedure works also if the button was pushed beforehand, less than 2 minutes earlier.
If your network requires to validate a PIN number to connect that way, check the help command output to see how to provide the right options to the wsc command.
To disconnect from a network:
[iwd]# station device disconnect
To display the details of a WiFi device, like MAC address:
[iwd]# device device show
To display the connection state, including the connected network of a Wi-Fi device:
[iwd]# station device show
To list networks you have connected to previously:
[iwd]# known-networks list
To forget a known network:
[iwd]# known-networks SSID forget
By default, iwd stores the network configuration in the directory /var/lib/iwd. The configuration file is named as network.type, where network is the network SSID and .type is the network type, either .open, .wep, .psk or .8021x. The file is used to store the encrypted PreSharedKey and optionally the cleartext Passphrase and can also be created by the user without invoking iwctl. The file can be used for other configuration pertaining to that network SSID as well. For more settings, see iwd.network(5).
A minimal example file to connect to a WPA-PSK or WPA2-PSK secured network with SSID “spaceship” and passphrase “test1234”:
Note: The SSID of the network is used as a filename only when it contains only alphanumeric characters or one of - _. If it contains any other characters, the name will instead be an =-character followed by the hex-encoded version of the SSID.
To calculate the pre-shared key from the passphrase, one of these two methods can be used:
The pre-shared key will be appended to the file at the first connect:
For connecting to a EAP-PWD protected enterprise access point you need to create a file called: essid.8021x in the folder /var/lib/iwd with the following content:
If you do not want autoconnect to the AP you can set the option to False and connect manually to the access point via iwctl. The same applies to the password, if you do not want to store it plaintext leave the option out of the file and just connect to the enterprise AP.
Like EAP-PWD, you also need to create a essid.8021x in the folder. Before you proceed to write the configuration file, this is also a good time to find out which CA certificate your organization uses. For MSCHAPv2 to work you also need to install ppp. Please see MS-CHAPv2 for more infos. This is an example configuration file that uses MSCHAPv2 password authentication:
Tip: If you are planning on using eduroam, see also #Eduroam.
Like EAP-PWD, you also need to create a essid.8021x in the folder. Before you proceed to write the configuration file, this is also a good time to find out which CA certificate your organization uses. This is an example configuration file that uses PAP password authentication:
Eduroam offers a configuration assistant tool (CAT), which unfortunately does not support iwd. However, the installer, which you can download by clicking on the download button then selecting your university, is just a Python script. It is easy to extract the necessary configuration options, including the certificate and server domain mask.
The following table contains a mapping of iwd configuration options to eduroam CAT install script variables.
More example tests can be found in the test cases of the upstream repository.
File /etc/iwd/main.conf can be used for main configuration. See iwd.config(5).
Create / edit file /var/lib/iwd/network.type. Add the following section to it:
/var/lib/iwd/spaceship.psk (for example)
By default when iwd is in disconnected state, it periodically scans for available networks. To disable periodic scan (so as to always scan manually), create / edit file /etc/iwd/main.conf and add the following section to it:
Since version 0.19, iwd can assign IP address(es) and set up routes using a built-in DHCP client or with static configuration. It is a good alternative to standalone DHCP clients.
To activate iwd’s network configuration feature, create/edit /etc/iwd/main.conf and add the following section to it:
There is also ability to set route metric with RoutePriorityOffset:
Since version 1.10, iwd supports IPv6, but it is disabled by default. To enable it, add the following to the configuration file:
This setting is required whether you want to use DHCPv6 or static IPv6 configuration. It can also be set on a per-network basis.
Add the following section to /var/lib/iwd/network.type file. For example:
At the moment, iwd supports two DNS managers—systemd-resolved and resolvconf.
Add the following section to /etc/iwd/main.conf for systemd-resolved:
Note: If not specified, systemd-resolved is used as default.
By default iwd D-Bus interface allows any console user to connect to iwd daemon and modify the settings, even if that user is not a root user.
If you do not want to allow console user to modify the settings but allow reading the status information, then create a D-Bus configuration file as follows.
<!-- prevent local users from changing iwd settings, but allow
reading status information. overrides some part of
<!-- This configuration file specifies the required security policies
for iNet Wireless Daemon to work. -->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
<allow send_destination="net.connman.iwd" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll" />
<allow send_destination="net.connman.iwd" send_interface="org.freedesktop.DBus.Properties" send_member="Get" />
<allow send_destination="net.connman.iwd" send_interface="org.freedesktop.DBus.ObjectManager" send_member="GetManagedObjects" />
<allow send_destination="net.connman.iwd" send_interface="net.connman.iwd.Device" send_member="RegisterSignalLevelAgent" />
<allow send_destination="net.connman.iwd" send_interface="net.connman.iwd.Device" send_member="UnregisterSignalLevelAgent" />
Tip: Remove <allow> lines above to deny reading the status information as well.
This can be useful, if you have trouble setting up MSCHAPv2 or TTLS. You can set the following environment variable via a drop-in snippet:
Check the iwd logs afterwards by running journalctl -u iwd.service as root.
journalctl -u iwd.service
On some machines, it is reported that iwd.service has to be restarted to work after boot. See FS#63912 and thread 251432. This probably occurs because the Linux kernel and services start too early and iwd starts before wireless network card powers on. As a workaround, extend the unit to add a delay:
Then reload the systemd manager configuration.
A low entropy pool can cause connection problems in particular noticeable after reboot. See Random number generation for suggestions to increase the entropy pool.
Since version 1.0, iwd disables predictable renaming of wireless device. It installs the following systemd network link configuration file which prevents udev from renaming the interface to wlp#s#:
As a result the wireless link name wlan# is kept after boot. This resolved a race condition between iwd and udev on interface renaming as explained in iwd udev interface renaming.
If this results in issues try masking it with:
# ln -s /dev/null /etc/systemd/network/80-iwd.link
Clients may not receive an IP address via DHCP when connecting to iwd in AP mode. It is therefore necessary to enable network configuration by iwd on managed interfaces:
The mentioned file has to be created if it does not already exist.
Powered by BetterDocs
Username or email address *
Lost your password?