Search This Blog

Friday, August 12, 2011

Wireless sharing with Plasma NM 0.9

During Desktop Summit in Berlin some people asked me how to make wireless sharing work. Connection sharing allows to use a computer as gateway for other computers, NM does that by routing all IP packages from one network interface to the default route of your computer (yes, that is a Masquerate configuration). For example, you can configure your notebook to access Internet through ethernet cable and create a wifi shared connection to allow other computers to access Internet using your notebook's default route. Your notebook will act like an access point.

Here are the steps I use with NM-0.9:
  1. Create an ad-hoc connection:
  2. Go to IPv4 tab and change the method to "shared":
  3. If you prefer you can also use WEP encrytion, just go to "Wireless Security" tab, fill in the hexadecimal key or passphrase and click Ok:

  4. Go to the main window, click on the connection, and wait a few seconds until it is activated:

Sometimes my connection does not activate and NetworkManager shows this warning in its log:

NetworkManager[25305]: Activation (wlan0/wireless): association took too long, failing activation.

rmmod'ing the wifi's kernel module and loading it again usually solves this problem for me.

To use WPA instead of WEP in shared connections NM must change wireless card mode to "master", which is only possible when using hostapd (AFAIK). Unfortunately NM does not support using hostapd yet, so it is also not possible to use WPA in shared connections.

People also asked me to simplify the steps to create shared connections. Well, I am open to suggestions. Adding a checkbox or combobox in connection edit dialog is not a good idea. We already have too many options there, I really do not want to add one more widget to do just the only two required configuration changes (in ethernet case it is just one change) to convert a normal connection to a shared connection.


Beat Wolf said...

I really like network manager and your interface. It works really good.
BUT, if it does not, usually there are no error messages that would give a hint on what is wrong.
Would it be possible to give the user access to the logfile you mentioned? and others if others are involved. I think it would greatly improve the usability,

Lamarque said...

@Beat Wolf, each distribution configures NM to log to a different file. I use Gentoo and here it logs to /var/log/daemon.log. In some distributions it logs to /var/log/messages, which is read-by-root-only file in some distributions, so it is not always possible to give access to the log file to normal users.

Anyway, reading log files is not user-friendly in any way.

ltinkl said...

What about bridging? Say I have my laptop connected to the net using eth0 and I want to use my wlan to share the connectivity.

Lamarque said...

@ltinkl, you do not need brigding to do that, using connection sharing like I described suffices.

Nick Shaforostoff said...

one way for sharing an existing interface connection with another one would be to allow dragging e.g. wifi connection (that interface button on the left side of the main nm widget window) onto another interface button.

of course an explaining confirmation should be shown to the user before doing this

Beat Wolf said...

I agree that reading logfiles is not very user friendly, but not having any error messages is even less.
Sure, most problems i had where "exotic", but very hard to find.
For example everytime my laptop crashed while suspending, networkmanager decided to no longer manage my wireless connection. Very hard to find what is going on.
Same for a broken system update i had recently. The networkmanager widget just refused to manage my wireless connection, again no error messages.
Just saying, if there was a way to have more explicit error messages, trough a log or in a different way, that would really be great

Anonymous said...

What about to avoid step 2 "Go to IPv4 tab" doing by default the method "Shared" when you select in the wireless tab "ad-hoc" ?

If is the most common setting for ad-hoc connections & then only in few cases should be changed the default value I said... what do you think?

Anonymous said...

I would not search for "Shared" at the IPv4 tab at all. This is hardly discoverable. "Connection type" somewhere would help, also right-clicking on existing wireless connection and selecting "Share" could help.

Anonymous said...

"right-clicking on existing wireless connection and selecting "Share" "

This is way to go!

procuste said...

What about a shared connection created by default (like the eth0 one) and called "share this connection" and with a single click on it you share the connection you are using??

ciao, pla

Fri13 said...

This is great and still a littlebit technical.

I hope some day the network sharing could be achieved simply drag'n'drop method and behind right click.

Like you have two interface (eth0 and wlan0). To share your eth0 (internet) to remote computers (local) you just drag and drop the local connection top of the internet connection.

Drag wlan0 over eth0 and drop. It would ask something like "do you want to share eth0?"

Or should it be vice versa that user drops a internet connection to network device what would be linked to it?

Now the "ad-hoc + shared" mode works well but still hard for avarage user.

Lamarque said...

@Nick Shaforostoff, NM does not allow to select the output interface (the one which will send the IP packages to the Internet). NM always uses the interface with the default route, which is logical and reasonable in my oppinion. Dragging one connection onto a different interface is misleading because of that. Besides, I do not think it is possible to drag a plasma widget onto another, at least I have never seen it working.

@Beat Wolf, as far as I know NM does not have mechanisms to send that kind of error messages to NM's clients (Plasma NM). You should contact NM developers about this issue. The same for the unmanaged wireless interface (it is the interface that is unmanaged, not the connection).

@Anonymous1, that is a good ideia.

@Anonymous2 and 3, it is not possible to right-click a connection on the connection list, that would pop-up the plasmoid settings menu and not the connection settings menu. I could that in "Manage Connection" widget. The problem is that by what I am reading here in the comments some of you do not understand how shared connections work in NM, that could lead to misconfigurations. Shared connection is not a good name for what NM does. In fact, NM creates an "input connection", that connection just receives IP packages from the computers connected to it. To send the packages to the Internet you always need a second connection with the default route set.

@procuste, that is an alternative, although I guess most people will not pay attention to the already created shared connections :-/

@Fri13, I think I will just add another button below the Add, Edit, Delete buttons in the ethernet and wireless tabs of "Manage Connections". I will call it "Share...". I guess that would be easy to find, maybe not that easy to realise what the button does, I can add I Qt's hint explaining what the button does.

O. Sinclair & H. Costa said...
This comment has been removed by the author.
O. Sinclair & H. Costa said...

I tried this at home with a "dial-up" ppp (usb 3G modem managed my networkmanager) being the internet connection to share. The "client" could finally connect but no luck. How should the connecting machines be set up and does it work with other connections than wired to share?

O. Sinclair & H. Costa said...

I mean the "client" can connect to "sharing" computer but can not connect to internet...

Lamarque said...

@O. Sinclair & H. Costa, 3G is mobile broadband, not dial-up. Both use AT commands and most 3G modems support serial interfaces but the similarities end there.

The "client" machines should use dhcp to get the network configuration and that is it. You can create wireless and wired shared connections. The wireless shared connection only works in ad-hoc mode, some wireless drivers has problems to change the wireless card to ad-hoc mode. Once connected to the "sharing" computer the "clients" should be able to access the Internet as if they were the "sharing" computer. If it is not working them problably there is conflict with the firewall configuration in the "sharing" computer or dnsmasq is not properly configurated by NM.

Old NetworkManager versions (<=0.8.2) create a dnsmasq configuration that is not compatible with newer dnsmasq and the connection does not work because of that.

O. Sinclair & H. Costa said...
This comment has been removed by the author.
O. Sinclair & H. Costa said...

Thanks for your reply! Does the "client" need 0.8.2 or higher of NM or just the "server"?

Lamarque said...

@O. Sinclair & H. Costa, current Plasma NM does not compile against NM <= 0.8.1, so if you want to use the newest Plasma NM (as "client" or "server") you have to use NM >= 0.8.2.

O. Sinclair & H. Costa said...

well, this goes over my head so to speak. Both computers (for now only 2) are on Kubuntu 11.04 w KDE 4.7 but connection from one to the other does not work.

So: does the "server" have to have dhcp server service running?

Any guide on somewhere on firewall/net configuration settings that possibly must be done for sharing and "masquerading"?

Lamarque said...

Look at NM logs to know what is going on, also disables your firewall when testing the shared connection.

dnsmasq implements both dns and dhcp servers. It is well known program used in most Linux wireless routers out there.

Each distribution has its own way to configure firewall. I have never used Kubuntu, I do not know how it does it.

O. Sinclair & H. Costa said...

Lamarque - many thanks! I finally realised the obvious.. I did not put the "client" to connect via ad-hoc. Am blushing all over but might help someone else confused. Works a treat now, great! Just saved money for a small router at home as no reason any longer :-D

Thomas "Tanghus" Olsen said...

Great article!
I'm having a bit of trouble getting it to work though.
Just to make sure: The configuration in the screenshots are all on the "host" machine; the one with the outbound Internet connection?

I see the interface but with no indication of signal strength. /var/log/syslog shows a lot of information, which is too lengthy to post here. It seems like it tries to set up the interfaces, get's an error and takes down the interface again.
The relevant log lines being:
dnsmasq exited with error: Network access problem (address in use; permissions; etc) (2)
Aug 28 23:48:08 tanghus NetworkManager[1212]: (wlan0): device state change: 8 -> 9 (reason 18)
Aug 28 23:48:08 tanghus NetworkManager[1212]: Activation (wlan0) failed for access point (Tanghus)
Aug 28 23:48:08 tanghus NetworkManager[1212]: Activation (wlan0) failed.
Aug 28 23:48:08 tanghus NetworkManager[1212]: (wlan0): device state change: 9 -> 3 (reason 0)
NetworkManager[1212]: (wlan0): deactivating device (reason: 0) dnsmasq exited with error: Network access problem (address in use; permissions; etc) (2)
NetworkManager[1212]: (wlan0): device state change: 8 -> 9 (reason 18)
NetworkManager[1212]: Activation (wlan0) failed for access point (Tanghus)
NetworkManager[1212]: Activation (wlan0) failed.
NetworkManager[1212]: (wlan0): device state change: 9 -> 3 (reason 0)
NetworkManager[1212]: (wlan0): deactivating device (reason: 0)
NetworkManager[1212]: [1314568088.989946] [nm-device-wifi.c:1548] nm_device_wifi_set_mode(): (wlan0): error setting mode 2

Can anyone decipher this? Well I get the 'Address already in use' message but why it is happening I don't get.

It would be very cool to get this to work as I'm currently leaching on my neighbors unprotected network from my Android phone ;-)

Lamarque said...

@Thomas "Tanghus" Olsen, yes, all the screenshot are from the host machine. There is not signal indication for ad-hoc networkms, which are the case of wifi shared connections.

Is dnsmasq already running? Execute 'ps auxw | grep dnsmasq' and send the output.

Do you have a nameserver (bind) running on your machine? If so then dnsmasq will not be able to run and the activation of the shared connection will fail.

Thomas "Tanghus" Olsen said...

dnsmasq 1420 0.0 0.0 6120 472 ? S Aug29 0:01 /usr/sbin/dnsmasq -x /var/run/dnsmasq/ -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new -h

Wondering what the dpkg-* are for but it must be updates to the configuration. Last time I had to setup DNS servers (OpenDNS) in dnsmasq it was quite a hassle to get to work but from my notes it looks like the only thing I ended up changing was resolf-file.

No bind running.

btw, sorry for the late reply. I thought blogger automatically send out email notification on comments and I got caught up with other things meanwhile ;-)

procuste said...

for me too it doesn't works, I created the "Share Wireless Connection" on the host machine (suse 11.4, kde 4.7), but the other machine cannot connect, I tried with suse 11.4 and windows 7

I tried also:
pla@linux-y7c9:~> ps auxw | grep dnsmasq
dnsmasq 7072 0.0 0.0 12956 1044 ? S 19:54 0:00 /usr/sbin/dnsmasq --conf-file /tmp/ttbcxqvgwa.conf --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address= --dhcp-range=,,60m --dhcp-option=option:router, --dhcp-lease-max=50 --pid-file=/var/run/
pla 9856 0.0 0.0 7804 828 pts/1 S+ 20:03 0:00 grep dnsmasq
pla@linux-y7c9:~> ^C

and the only process with "bind" are rpcbind and dnsmask

Lamarque said...

@Thomas "Tanghus" Olsen, you have dnsmasq already running, connection sharing will not work until you close that instance of dnsmasq.

@procuste, send me the NM log from the "guest" machine (the one which is trying to connect).

Thomas "Tanghus" Olsen said...

@Lamarque: Sorry for all the non-Plasma NM questions but I'm having a hard time wrapping my brain around how this works.

dnsmasq should not be started explicitly at boot?
Will networkmanager then automatically start dnsmasq when needed?

I use dnsmasq to set which DNS servers to use override the ones given by DHCP because Danish ISP's DNS-blocks certain domains.
Hmm. This leads me to another question: Am I using a wrong approach to override DNS servers?

NetworkManager is great but sometimes it just feels like it was a lot easier 10-15 years ago ;-D (I know that's not the fact - I'm just not up-to-date on how to use it)

procuste said...

well, here is the NMlog of the guest machine using:
opensuse 11.4
gnome 2.32 (Applet NetworkManager 0.8.2)

here you can download the log(too many characters to paste here):

:-) ciao

Lamarque said...

@Thomas "Tanghus" Olsen, yes, dnsmasq should not be started at boot because it will conflicts with the one NM tries to start when you activate the shared connection. The same is valid for any program that conflicts with NM's shared connection implementation: bind name server is another one that will conflicts, dhcpd is another one.

Using dnsmasq is a valid approach to override dhcp's nameserver configuration. The problem is that you cannot run two dns nameservers (like dnsmasq and bind) or two dhcp servers (like dnsmasq and dhcpd) at the same time.

@procuste, this line in the log

Sep 1 15:54:14 linux-4upm NetworkManager[1402]: [1314885254.168013] [nm-device-wifi.c:1544] nm_device_wifi_set_mode(): (wlan0): error setting mode 2

indicates NM is trying to configure the wifi card in infrastructure mode (mode 2), which is wrong, shared connection for wifi only works in adhoc mode (mode 1). You need to check your configuration and change your connection to use ad-hoc instead of infrastructure.

Thomas "Tanghus" Olsen said...

@Lamarque: I hope you don't regret posting this excellent article with all the questions flooding in ;-)

Shutting down dnsmasq and re-configuring sort of worked:

The last 10-12 lines in syslog clearly indicates some errors but ifconfig and iwconfig looks correct and Plasma NM shows the device as connected.

The access point doesn't show up when scanning from my phone though.

Lamarque said...

My phone (Symbian) does not always find ad-hoc access points, but if I force it connect passing the ssid it connects. I think some phones ignores ad-hoc connections or have troubles scanning them.

Anonymous said...

@Lamarque: Yeah I tried that but it just says that it's not in range (Android 2.1 on Xperia X8).
Could you see any important errors in the log? It didn't look quite successful to me but I don't really know what to read into it.