Advanced network configuration under FreeBSD

In this post, I will tell you how to improve your network settings under FreeBSD.

Wi-Fi setup

If we have installed FreeBSD via Ethernet, and we want to set up the Wi-Fi connection, we carry out the following steps.

To display the Wi-Fi interface, we enter the following command:

$: sysctl net.wlan.devices

Output => net.wlan.devices: iwn0

Enable wireless networking in rc.conf (country depends on your actual location):

$: doas sysrc cloned_interfaces+=iwm0
$: doas sysrc wlans_iwm0=wlan0
$: doas sysrc ifconfig_wlan0="WPA DHCP country de"

Modify /etc/wpa_supplicant.conf to contain your network, example:

$: doas nano /etc/wpa_supplicant.conf =>

network={
  ssid="myssid"
  psk="mysupersecretkey"
}

Enable the IPv6 data protection extension

By default, the IPv6 Privacy Extension mode is not activated — here is how we activate it:

$: doas sysrc ipv6_privacy=YES

DHCP in the background during startup

By default, the DHCP client pauses the startup until it receives an address (or times out). To avoid this, we do the following:

$: doas sysrc background_dhclient=YES

Failover between the wired network card and Wi-Fi

This configuration enables a quick change between the wired network (priority) and Wi-Fi.

We will first test our WPA configuration before setting up this example (an Intel iwn0 Wi-Fi card and an em0 Ethernet card will be used).

We start by specifying the MAC address of the Ethernet card and configure the Wi-Fi card with the same MAC address (which means that the same address is displayed regardless of the interface used):

$: doas setenv MACETH `ifconfig em0 | grep hwaddr | cut -d `` -f 2`
$: doas sysrc wlans_iwn0 = wlan0
$: doas sysrc ifconfig_em0 = up
$: doas sysrc ifconfig_wlan0 = "WPA powersave"
$: doas sysrc create_args_wlan0 = "wlanaddr $ MACETH country DE regdomain ETSI"
$: doas sysrc cloned_interfaces = lagg0
$: doas sysrc ifconfig_lagg0 = "up laggproto failover laggport em0 laggport wlan0 DHCP"
$: doas sysrc ifconfig_lagg0_ipv6 = "inet6 accept_rtadv"

A simple “doas service netif restart” may not be sufficient; if our wlan0 interface has already been configured: a restart may be required.

Discuss...