Set a fixed WiFi connection for the Nordic OTBR

Hello,

Yes. I have struggled a bit with the same. 

It is correct as you say, the Access Point service overwrites the default network configurations which is usually stored in wpa_supplicant/wpa_supplicant.conf.

The Border Router uses NetworkManager to module to manage it's networks.

I am not sure if step 1 is required, but at least it works if you include it.

To disable the AP feature, type the command:

1:

$ nmcli connection down BorderRouter-AP

2:

$ sudo systemctl disable ap-config.service

3:

$ nmcli connection add con-name <ssid> ifname wlan0 type wifi ssid <ssid> ipv6.method ignore wifi-sec.key-mgmt wpa-psk wifi-sec.psk <password>

where <ssid> is the name of your network, and <password> is your password. So if you have a network named "MyNetwork" with password "MyPassword":

$ nmcli connection add con-name MyNetwork ifname wlan0 type wifi ssid MyNetwork ipv6.method ignore wifi-sec.key-mgmt wpa-psk wifi-sec.psk MyPassword

So this will add your network to the network manager. If you restart ($ sudo reboot) it will connect to this network on the next startup.

Hope that helps.

Best regards,

Edvin

Hello,

Yes. I have struggled a bit with the same. 

It is correct as you say, the Access Point service overwrites the default network configurations which is usually stored in wpa_supplicant/wpa_supplicant.conf.

The Border Router uses NetworkManager to module to manage it's networks.

I am not sure if step 1 is required, but at least it works if you include it.

To disable the AP feature, type the command:

1:

$ nmcli connection down BorderRouter-AP

2:

$ sudo systemctl disable ap-config.service

3:

$ nmcli connection add con-name <ssid> ifname wlan0 type wifi ssid <ssid> ipv6.method ignore wifi-sec.key-mgmt wpa-psk wifi-sec.psk <password>

where <ssid> is the name of your network, and <password> is your password. So if you have a network named "MyNetwork" with password "MyPassword":

$ nmcli connection add con-name MyNetwork ifname wlan0 type wifi ssid MyNetwork ipv6.method ignore wifi-sec.key-mgmt wpa-psk wifi-sec.psk MyPassword

So this will add your network to the network manager. If you restart ($ sudo reboot) it will connect to this network on the next startup.

Hope that helps.

Best regards,

Edvin

Hi Edvin,

I disable the BorderRouter-AP as you suggested and it worked. Then, I configured my network manually by writing in the /etc/wpa_supplicant/wpa_supplicant.conf and /etc/network/interfaces file, but it does not work. This is the way I do it since I got my RPi3 and it has always worked.

/etc/wpa_supplicant/wpa_supplicant.conf

network={
  ssid="newcastle-university"
  key_mgmt=WPA-EAP
  eap=TTLS
  identity="your_login_name"
  password="your_password"
  phase2="auth=MSCHAPv2"
}

/etc/network/interfaces

allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

As you can see, it is an enterprise network. That is the reason I did not followed your example. You mention that the Border Router uses the NetworkManager module to manage it's networks. Does this means that the only possible way of enable connection is through it? So, would I have to use the NetworkManager for enterprise networks?

Best regards,

Ronald

Can you try this method?

https://blog.khmersite.net/2018/08/connect-to-a-wpa2-enterprise-connection-using-nmcli/

I have not tested it, but if it doesn't work, I will ask the guy who thought me how to disable the AP network tomorrow (he is not in the office today).

Best regards,

Edvin

Thanks for all the support Edvin. I found a solution here https://askubuntu.com/questions/943787/how-to-connect-to-wpa2-enterprise-wifi-in-ubuntu-core-raspberry-pi-3

$ nmcli connection edit type 802-11-wireless
nmcli> goto 802-11-wireless
nmcli 802-11-wireless> set ssid <your_ssid>
nmcli 802-11-wireless> back
nmcli> goto 802-11-wireless-security
nmcli 802-11-wireless-security> set key-mgmt wpa-eap
nmcli 802-11-wireless-security> back
nmcli> goto 802-1x
nmcli 802-1x> set eap peap
nmcli 802-1x> set identity <your_identity>
nmcli 802-1x> set password <your_password>
nmcli 802-1x> set phase2-auth mschapv2
nmcli 802-1x> back
nmcli> verify
nmcli> save
Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection.
Do you still want to save? (yes/no) [yes] yes
Connection 'wifi' (20e7bab0-6780-45a7-b650-eafb28e7912a) successfully saved.

It works, the only problem is that the Access Point is enabled on reboot. So I have to run

$ nmcli connection down BorderRouter-AP

and then my WiFi connection is enabled. I think I need to specify somewhere that the WiFi connection should be the interface used on reboot, but I am not sure where.

I will try your example and see if it works on reboot.

I tried the example and the result is the same. Here is the new configuration,

nmcli con add type wifi ifname wlan0 con-name uni-wifi ssid <your_ssid>
nmcli con edit id uni-wifi
nmcli> set wifi-sec.key-mgmt wpa-eap
nmcli> set 802-1x.eap ttls
nmcli> set 802-1x.identity <your_identity>
nmcli> set 802-1x.password <your_password>
nmcli> set 802-1x.phase2-auth mschapv2
nmcli> verify
nmcli> save
nmcli> activate

My initial intention was to disable the BorderRouter-AP to connect the Nordic OTBR to a WPA2 enterprise network, so as long as I can connect to the network, I do mind disabling the BorderRouter-AP on reboot.

So does this mean that you managed to both disable the BorderRouter-AP and connect to the enterprise network automatically on startup?