Switch to `iwd` from `wpa_supplicant` for WiFi management on Linux

j3ffyang
2 min readJan 3, 2023

--

Why do I do this:

> iwd will be the only program that performs WiFi scanning on systems where it is running; that differs from systems using wpa_supplicant, where higher-level software must also scan for networks. With iwd, that work has all been pushed to a single level where good decisions can be made. Iwd is meant to support fast and reliable roaming; it can ask an access point for information about its neighbors and use that to maintain connectivity as the system moves.

tl;dr

I have a Fedora 36 Linux installed natively on a MacBook Pro 16,2 and recently switched to iwd from the default wpa_supplicant for Wifi/ wireless interface management.

Modify `/etc/NetworkManager/NetworManager.conf`

```
[device]
wifi.backend=iwd
wifi.iwd.autoconnect=yes
```

Convert the existing connection profiles

Simple and straight forward on Linux. And I tested that it supports Tunneled TLS authentication.

cd /etc/NetworkManager/system-connections
mkdir ../system-connections-iwd
for f in *; do grep -v '^\(mac-address\|interface-name\|permissions\|bssid\)=' "$f" > ../system-connections-iwd/"$f"; done
chmod 0600 ../system-connections-iwd/*
cd /etc/NetworkManager
mv system-connections system-connections-backup
dbus-send --system --print-reply --dest=org.freedesktop.NetworkManager /org/freedesktop/NetworkManager/Settings org.freedesktop.NetworkManager.Settings.ReloadConnections
sleep 1
mv system-connections-iwd system-connections
dbus-send --system --print-reply --dest=org.freedesktop.NetworkManager /org/freedesktop/NetworkManager/Settings org.freedesktop.NetworkManager.Settings.ReloadConnections

Code credit > https://iwd.wiki.kernel.org/networkmanager#converting_network_profiles

After converting, you’d see the similar

[root@mbp iwd]# pwd
/var/lib/iwd
[root@mbp iwd]# ls -la
total 36
drwx------. 1 root root 324 Jan 3 15:54 .
drwxr-xr-x. 1 root root 918 Aug 9 21:57 ..
-rw------- 1 root root 352 Jan 3 15:54 '=4443....7a29.8021x'
-rw------- 1 root root 232 Jul 14 08:03 '=7065....2e34.psk'
drwx------. 1 root root 0 Feb 11 2022 hotspot
-rw------- 1 root root 546 Jan 3 15:54 .known_network.freq
-rw------- 1 root root 228 Jul 14 08:03 pskNetwork.psk

*.8021x is converted from tunneled TLS profile and the SSID of the network is used as a filename only when it contains only alphanumeric characters or one of - _. If it contains any other characters, the name will instead be an =-character followed by the hex-encoded version of the SSID.

Reference > https://wiki.archlinux.org/title/iwd

Update `systemctl`

systemctl start iwd; systemctl enable iwd
systemctl stop wpa_supplicant; systemctl disable wpa_supplicant

Common commands

 iwctl station wlan0 scan
iwctl station wlan0 get-networks
iwctl station wlan0 show
iwctl station wlan0 connect "networkID" --passphrase mysecretpassphrase

Enjoy :-)

--

--

j3ffyang
j3ffyang

Written by j3ffyang

ardent linux user, opensource, kubernetes containerization, blockchain, data security. handler of @analyticsource and @j3ffyang

No responses yet