GNOME Bugzilla – Bug 756081
Add 'nmcli device wifi hotspot' for easy creation of a Wi-Fi hotspot
Last modified: 2015-11-10 08:39:11 UTC
nmcli allows creating a hotspot. But that requires two step operation. First a connection with the right parameters has to be created, and only then a hotspot can be activated. It could to be useful to have a simple command for setting up a hotspot.
Implemented the command: nmcli device wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>] [band a|bg] [channel <channel>] See jk/nmcli-hotspot branch.
It seems to me that this command is too specific. Very few people will actually need it, and those who do probably are not happy with the generated connection. -- for example, the password cannot be specified. I would not want to leave the password generation up to nmcli. But even then, before the user can connect any clients, he has to lookup the generated password: nmcli connection show --show-secrets and at that point, it's not clear how "two steps" were saved. (I don't agree in favor for a "[password <password>]" option) Also, the created connection depends on the detected capabilities. That is great, but you cannot inspect what will be created. E.g. activating an open/WEP hotspot by accident seems like a security issue. It is indeed great, the create a Hotspot connection by checking device capabilities!! The detect&create part is very useful. But I'd rather see a command that prints such a created connection to stdout only, and a command that can create a connection by reading stdin. I'd go from a UI model where "there is a specific commands to do a whole chain of actions" to "individual (generic) commands can be combined by chaining them"
(In reply to Thomas Haller from comment #2) > (I don't agree in favor for a "[password <password>]" option) s/agree/argue/
I think the command is useful and basically is does the same think as "Use as Hotspot" button in gnome-control-center, that does not see it as a problem. Anyway, power users can always create a hotspot connection manually if they want, but for normal usage the created hotspot is sufficient in my opinion. And it does not create open network, but WPA or WEP one. We could add a "password" parameter if it is seen as important.
This looks good to me (both the code and the idea).
Added password-related options to the branch.
>> cli: add 'show-password' option for 'nmcli device wifi hotspot' I think, show-password should be an option. Now it looks like a property of the hotspot connection itself. Rather: wifi hotspot [--show-password] [ifname <ifname>] [con-name <name>]... Also, a trailing whitespace in + if (show_password) + g_print (_("Hotspot password: %s\n"), key); + return TRUE;
(In reply to Thomas Haller from comment #7) > >> cli: add 'show-password' option for 'nmcli device wifi hotspot' > > > I think, show-password should be an option. Now it looks like a property of > the hotspot connection itself. > > Rather: > > wifi hotspot [--show-password] [ifname <ifname>] [con-name <name>]... > Done. > > Also, a trailing whitespace in > + if (show_password) > + g_print (_("Hotspot password: %s\n"), key); > + > return TRUE; Fixed.
> nmcli: add an hotspot example to nmcli manual page +creates a hotspot profile and connects it. Prints the hotpsot password the user should use s/hotpsot/hotspot/ If I try: $ nmcli dev wifi hotspot con-name QuickHotspot --show-password Hotspot password: d5f19pWI Error: Failed to setup a Wi-Fi hotspot: 802-11-wireless-security.pairwise: 'adhoc' connections require 'none' in this property What am I doing wrong?
(In reply to Beniamino Galvani from comment #9) > > nmcli: add an hotspot example to nmcli manual page > > +creates a hotspot profile and connects it. Prints the hotpsot password the > user should use > > s/hotpsot/hotspot/ > Fixed. > If I try: > > $ nmcli dev wifi hotspot con-name QuickHotspot --show-password > Hotspot password: d5f19pWI > Error: Failed to setup a Wi-Fi hotspot: 802-11-wireless-security.pairwise: > 'adhoc' connections require 'none' in this property > > What am I doing wrong? You do it right. You just have a card supporting adhoc WPA. And we require "none" in pairwise property. libnm-core/nm-setting-wireless-security.c:verify() I have tried now with a USB adapter Bus 001 Device 004: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter and got the same error. Fixed by adding "none" with nm_setting_wireless_security_add_pairwise (s_wsec, "none"); Great you caught that!
Ok, now the hotspot creation succeeds. But I noticed that even if the connection is created with a password, clients are able to connect without any authentication. I haven't investigated why yet.
(In reply to Beniamino Galvani from comment #11) > Ok, now the hotspot creation succeeds. But I noticed that even if the > connection is created with a password, clients are able to connect > without any authentication. I haven't investigated why yet. It may be the problem of kernel creating open network instead of AdHoc with WPA. See e.g. https://bugzilla.redhat.com/show_bug.cgi?id=818214 https://bugzilla.redhat.com/show_bug.cgi?id=787733 We should probably use WEP instead of WPA if we can detect that the device only supports AdHoc (IBSS) mode instead of AP. What device do you use? $ iw list | grep -A 8 "Supported interface modes:" # iw dev <device name> list when you connect the profile $ nmcli d w on the machine with Hotspot and on the other you connect with.
nl80211 reports whether the device supports RSN-IBSS through the wiphy attribute NL80211_ATTR_SUPPORT_IBSS_RSN. We should check that and add a new NM_WIFI_DEVICE_CAP_ADHOC_RSN capability which nmcli could then detect. But that can happen later after this branch gets merged. > cli: add 'nmcli device wifi hotspot' command In set_wireless_security_for_hotspot() I think the mode should be "wpa-psk" for the NM_SETTING_WIRELESS_MODE_AP case. WPA-NONE is only for IBSS mode. For IBSS/AdHoc, wpa-none only gets used with IBSS TKIP. The supplicant sample wpa_supplicant.conf file says that WPA-PSK also gets used with adhoc RSN.
Created attachment 315077 [details] "iw list" output (In reply to Jiri Klimes from comment #12) > What device do you use? 04:00.0 Network controller [0280]: Intel Corporation Wireless 7260 [8086:08b2] (rev bb) > $ iw list | grep -A 8 "Supported interface modes:" Supported interface modes: * IBSS * managed * AP * AP/VLAN * monitor * P2P-client * P2P-GO * P2P-device > # iw dev <device name> list Attached output of 'iw list' ('iw dev <dev> list' doesn't work). > when you connect the profile > $ nmcli d w > on the machine with Hotspot * SSID MODE CHAN RATE SIGNAL BARS SECURITY * Hotspot-tp Infra 1 0 Mbit/s 0 ____ WPA1 > and on the other you connect with. I'm using an Android phone.
(In reply to Dan Williams from comment #13) > nl80211 reports whether the device supports RSN-IBSS through the wiphy > attribute NL80211_ATTR_SUPPORT_IBSS_RSN. We should check that and add a new > NM_WIFI_DEVICE_CAP_ADHOC_RSN capability which nmcli could then detect. But > that can happen later after this branch gets merged. > Great. I filed a bug for that - bug 757823. > > > cli: add 'nmcli device wifi hotspot' command > > In set_wireless_security_for_hotspot() I think the mode should be "wpa-psk" > for the NM_SETTING_WIRELESS_MODE_AP case. WPA-NONE is only for IBSS mode. > > For IBSS/AdHoc, wpa-none only gets used with IBSS TKIP. The supplicant > sample wpa_supplicant.conf file says that WPA-PSK also gets used with adhoc > RSN. Fixed. Now only using "wpa-psk" when with AP mode. For IBSS, the branch uses WEP to work around the kernel IBSS vs. WPA problem issue. (In reply to Beniamino Galvani from comment #14) > * SSID MODE CHAN RATE SIGNAL BARS SECURITY > * Hotspot-tp Infra 1 0 Mbit/s 0 ____ WPA1 > Hmm, it seems that the AP has a security. Anyway it might be caused by the wpa-none value. Would you try again with the re-pushed branch?
(In reply to Jiri Klimes from comment #15) > Hmm, it seems that the AP has a security. Anyway it might be caused by the > wpa-none value. Would you try again with the re-pushed branch? Now it works for me, a password is needed to connect.
Code merged to master branch: 2b4b78e merge: add 'nmcli device wifi hotspot' command (bgo #756081) fe5927a nmcli: add a hotspot example to nmcli manual page 2f52a10 cli: add '--show-password' option for 'nmcli device wifi hotspot' 781d24f cli: add 'password' option for 'nmcli device wifi hotspot' d6427d7 cli: add 'nmcli device wifi hotspot' command cd217db cli: move unique_connection_name() to common.c as nmc_unique_connection_name()