Using wireless
Teddy Hogeborn
teddy at recompile.se
Tue Apr 5 10:48:09 CEST 2016
Tom <tom at tomt.me> writes:
> First, great tool!
Thanks!
> This thing is awesome and I'm not sure you thought about this use case
> but I use it on my laptops.
We did and we do that, too. :)
> I think its a perfect for this solution. If my laptop is home, chances
> are its safe. If I'm at a coffee shop and somebody jacks my laptop
> they will not likely get my data if the screen is locked.
Yup. I suggest that you, in the clients.conf file, change the "checker"
option to ":" for your laptop client in order to effectively disable
checking for it.
> While Mandos is awesome at things on an ethernet cable I've switched to
> laptops and had given up on it when I unplugged the ethernet cable. That
> was until poking around I found an edited:
>
> root at Laptop:~# cat /etc/mandos/network-hooks.d/wireless.conf
[...]
That should work. Be sure to also copy and unpack the
/usr/share/doc/mandos-client/examples/network-hooks.d/wireless.gz script
file to the /etc/mandos/network-hooks.d directory. Make sure it is
unpacked with gunzip (i.e. no .gz extension) and that executable bits
are set. This script file is what is actually reading the wireless.conf
file, not mandos-client. See the mandos-client(8mandos) manual, section
"NETWORK HOOKS". The "wireless" network hook script is an example of
one such possible network hook, with accompanying "wireless.conf" file.
> I'm running Ubuntu 14.04.4 LTS
> mandos-keygen -v
> /usr/sbin/mandos-keygen 1.6.0
>
> I'm really out of my element on this one, I've tried to do some reading
> but I'm not really sure where to begin. Normally I would look for error
> logs but the only error I get I don't think is related:
> p11-kit: couldn't list directory: /usr/share/p11-kit/modules: Permission
> denied
Step one for troubleshooting: Uncomment the line in
/etc/mandos/plugin-runner.conf which says
"--options-for=mandos-client:--debug", and rebuild the initramfs image
with "update-initramfs -k all -u". When booting, the Mandos client
should now output debug information about what it is doing, including
running its network hooks.
[...]
> Still not requesting a DHCP address. I'm not sure if its a setting
> somewhere that I've missed. initramfs is alien to me to start with,
> and adding wireless on top of that is making it worse. I've attempted
> to google getting my wireless chip working in initramfs but it seems
> to be a very limited usecase and I haven't found anything that could
> help me solve this. I just found that file and decided to try and run
> with it thinking it would be pretty self explanatory. I've been at
> this for quite a few days off and on at this point and I don't seem to
> be making any headway.
If it still doesn't work, try adding the "break" parameter to the kernel
command line - this should start an emergency shell within the
initramfs, enabling you to experiment interactively.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20160405/6d66bc79/attachment.sig>
More information about the Mandos-Dev
mailing list