This post shall give a brief introduction into a simple functional iwd-based setup. Make sure you have all alternative service disabled that could interfere with this setup.
- Linux >= 4.20 (at least for things like eduroam or other EAP-wifis)
- NetworkManager/Connman/other-GUI-Interface (optional, potentially alternatively to systemd-networkd)
On systemd-based systems this is most likely just a simple
systemctl enable iwd && systemctl start iwd.
One can verify that iwd runs by issuing
If it can connect to iwd, you'll get a iwctl-shell.
Create a file
[Match] Name=<name of your wifi device> [Network] DHCP=yes IPv6PrivacyExtensions=true
and enable systemd-networkd. Now you have iwd bringing your wifi up and systemd-networkd getting you an IP via DHCP on that interface quickly afterwards.
At some point iwd intends to implement DHCP as well, but as of writing this, this is not yet the case and needs to be done by e.g. systemd-networkd.
Remarks to GUIs
If you use NetworkManager, you have to enable the iwd-backend for NetworkManager to use it. In addition to that, double check if you have the right NetworkManager-Version for your iwd version. As iwd has still not reached version 1.0 as of time of writing, the API can still be subject to change if it turns out that things need to be changed to prevent headaches in the future.
Working with it
You can now connect to simple PSK-wifi-networks in the
[iwctl] station <devicename> get-networks … [iwctl] station <devicename> connect network-name
iwd will ask you for the password, memorize it for later connections and autoconnect the next time the network appears.
If you have more complex wifi-setups, you can place a configuration file in
The files must be named as
You can find the protocol listed in the output of
get-networks in the iwctl-shell.
To fill the file, take a look to the network configuration settings in the iwd documentation.
To get eduroam running (at least for institutions using TTLS as the EAP-Method), create the file `/var/lib/iwd/eduroam.8021x containing
[Security] EAP-Method=TTLS EAP-TTLS-Phase2-Method=Tunneled-PAP EAP-TTLS-CACert=<certificate.pem> EAP-Identity=<anonymous-identity> EAP-TTLS-Phase2-Identity=<username> EAP-TTLS-Phase2-Password=<password>
For the University Heidelberg for example,
<certificate.pem> should be
<anonymous-identity> should be
There are institutions using MSCHAPv2 (which has been broken by now) for the phase2-authentication, those institutions will likely require a different configuration for eduroam according to their specifications.
You might want to take a look at the previous post to deal with race conditions that might be introduced due to iwd being significantly faster than other wifi-solutions on Linux.