5.1. Configuring the Network
5.1.1. On the Desktop with NetworkManager
In a typical desktop installation, you’ll have NetworkManager already installed and it can be controlled and configured through GNOME’s control center and through the top-right menu as shown in Figure 5.1, “Network Configuration Screen”.
Figure 5.1. Network Configuration Screen
The default network configuration relies on DHCP to obtain an IP address, DNS server, and gateway, but you can use the gear icon in the lower-right corner to alter the configuration in many ways (for example: set the MAC address, switch to a static setup, enable or disable IPv6, and add additional routes). You can create profiles to save multiple wired network configurations and easily switch between them. For wireless networks, their settings are automatically tied to their public identifier (SSID).
NetworkManager also handles connections by mobile broadband (Wireless Wide Area Network WWAN) and by modems using point-to-point protocol over ethernet (PPPoE). Last but not least, it provides integration with many types of virtual private networks (VPN) through dedicated plugins: SSH, OpenVPN, Cisco’s VPNC, PPTP, Strongswan. Check out the network-manager-* packages; most of them are not installed by default. Note that you need the packages suffixed with -gnome to be able to configure them through the graphical user interface.
5.1.2. On the Command Line with Ifupdown
Alternatively, when you prefer not to use (or don’t have access to) a graphical desktop, you can configure the network with the already-installed ifupdown package, which includes the ifup and ifdown tools. These tools read definitions from the /etc/network/interfaces configuration file and are at the heart of the /etc/init.d/networking init script that configures the network at boot time.
Each network device managed by ifupdown can be deconfigured at any time with ifdown network-device. You can then modify /etc/network/interfaces and bring the network back up (with the new configuration) with ifup network-device.
Let’s take a look at what we can put in ifupdown’s configuration file. There are two main directives: auto network-device, which tells ifupdown to automatically configure the network interface once it is available, and iface network-device inet/inet6 type to configure a given interface. For example, a plain DHCP configuration looks like this:
|
1 2 3 4 5 6 |
auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp |
Note that the special configuration for the loopback device should always be present in this file. For a fixed IP address configuration, you have to provide more details such as the IP address, the network, and the IP of the gateway:
|
1 2 3 4 5 6 7 8 |
auto eth0 iface eth0 inet static address 192.168.0.3 netmask 255.255.255.0 broadcast 192.168.0.255 network 192.168.0.0 gateway 192.168.0.1 |
For wireless interfaces, you must have the wpasupplicant package (included in Kali by default), which provides many wpa-* options that can be used in /etc/network/interfaces. Have a look at /usr/share/doc/wpasupplicant/README.Debian.gz for examples and explanations. The most common options are wpa-ssid (which defines the name of the wireless network to join) and wpa-psk (which defines the passphrase or the key protecting the network).
|
1 2 3 4 |
iface wlan0 inet dhcp wpa-ssid MyNetWork wpa-psk plaintextsecret |
5.1.3. On the Command Line with systemd-networkd
While ifupdown is the historical tool used by Debian, and while it is still the default for server or other minimal installations, there is a newer tool worth considering: systemd-networkd. Its integration with the systemd init system makes it a very attractive choice. It is not specific to Debian-based distributions (contrary to ifupdown) and has been designed to be very small, efficient, and relatively easy to configure if you understand the syntax of systemd unit files. This is an especially attractive choice if you consider NetworkManager bloated and hard to configure.
You configure systemd-networkd by placing .network files into the /etc/systemd/network/ directory. Alternatively, you can use /lib/systemd/network/ for packaged files or /run/systemd/network/ for files generated at run-time. The format of those files is documented in systemd.network(5). The Match section indicates the network interfaces the configuration applies to. You can specify the interface in many ways, including by media access control (MAC) address or device type. The Network section defines the network configuration.
Example 5.1. Static Configuration in /etc/systemd/network/50-static.network
|
1 2 3 4 5 6 7 |
[Match] Name=enp2s0 [Network] Address=192.168.0.15/24 Gateway=192.168.0.1 DNS=8.8.8.8 |
Example 5.2. DHCP-based Configuration in /etc/systemd/network/80-dhcp.network
|
1 2 3 4 5 |
[Match] Name=en* [Network] DHCP=yes |
Note that system-networkd is disabled by default, so if you want to use it, you should enable it. It also depends on systemd-resolved for proper integration of DNS resolution, which in turn requires you to replace /etc/resolv.conf with a symlink to /run/system/resolve/resolv.conf, which is managed by systemd-resolved.
|
1 2 3 4 5 6 |
systemctl enable systemd-networkd systemctl enable systemd-resolved systemctl start systemd-networkd systemctl start systemd-resolved ln -sf /run/system/resolve/resolv.conf /etc/resolv.conf |
Although systemd-networkd suffers from some limitations, like the lack of integrated support for wireless networks, you can rely on a pre-existing external wpa_supplicant configuration for wireless support. However, it is particularly useful in containers and virtual machines and was originally developed for environments in which a container’s network configuration depended on its host’s network configuration. In this scenario, systemd-networkd makes it easier to manage both sides in a consistent manner while still supporting all sorts of virtual network devices that you might need in this type of scenario (see systemd.netdev(5)).