nmcli Tutorial
This is the complete instruction list for configuring nmcli
. This was tested on a clean Tails install. File location may differ across distributions. If directories don't exist, check your distribution's documentation for the correct location of the files.
Requirements
The following is required to use this configuration:
nmcli
/NetworkManager, and a terminal emulator to run commands in- A modern web browser
- A
PEM
orP12
certificate - Root/
sudo
priveleges - A text editor. Terminal emulators are easiest for this, but are not strictly necessary
nano
micro
nvim
/vim
/vi
emacs
Instructions
All commands starting with $
can be used as your standard user. All commands using #
require to be run as root, generally by preceding the command with sudo
.
-
Generate a personal certificate according to this tutorial.
-
Grab the name of the wireless network interface that you want to use for this connection. You will need this throughout this setup process. You can list all network interfaces by running the command:
$ nmcli device show
Check the one whose
GENERAL.TYPE
iswifi
. Most commonly, this iswlan0
orwlp5s0
.
- Open a terminal and use nmcli to create a new wifi connection on your wireless network interface that connects to the
eduroam
network:
$ nmcli connection add type wifi ifname <your interface> con-name eduroamWiFi ssid eduroam
- Open the
eduroamWiFi.nmconnection
file in the editor of your choice as root. If you do not open it as root, the changes will not be saved.
# nano /etc/NetworkManager/system-connections/eduroamWiFi.nmconnection
Substitute
nano
for editor of choice
- Edit the file so that it contains the following lines. The file will contain most of these lines already. The
uuid
field will already be filled in, do not edit this field.
[connection]
id=eduroamWiFi
uuid=<generated UUID, don't edit this>
type=wifi
interface-name=<your interface>
[wifi]
mode=infrastructure
ssid=eduroam
[wifi-security]
key-mgmt=wpa-eap
[802-1x]
ca-cert=location/of/ritCACert.cer
client-cert=location/of/p12PrivateKey.p12
domain-suffix-match=radius.rit.edu
eap=tls;
identity=abc1234@rit.edu
private-key=location/of/p12PrivateKey.p12
private-key-password=<your private key password>
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
- Run the following command to activate the connection:
# nmcli conection up eduroamWiFi
This tells nmcli
that you want to bring up the network using the configuration that you created in the previous step.
- (Optional) Test your connection by running:
$ ping 9.9.9.9
This command tests the ability to talk to the Quad9 DNS Service. If the command returns an error, then you are not connected to the eduroam
network (or any other network, for that matter).
Troubleshooting
Basic troubleshooting steps can be found in the Archwiki or your distribution's documentation.