| EnableNetworkConfiguration |
Values: true, false Enable
network configuration. Setting this option to true enables
iwd to configure the network interfaces with the IP addresses.
There are two types IP addressing supported by iwd: static and
dynamic. The static IP addresses are configured through the network
configuration files. If no static IP configuration has been provided for a
network, iwd will attempt to obtain the dynamic addresses from the
network through the built-in DHCP client. This also enables DHCP server
when in AP mode when either [General].APRanges is set or an AP profile is
being used. The network configuration feature is disabled by default. See
[Network] settings for additional settings related to network
configuration. |
| EnableIPv6 |
Values: true, false Sets the
global default that tells iwd whether it should configure IPv6
addresses and routes (either provided via static settings, Router
Advertisements or DHCPv6 protocol). This setting is disabled by default.
This setting can also be overriden on a per-network basis. |
| APRanges |
Values: <IP in prefix notation>
Sets the range of IP's used for DHCP server (AP mode). The IP should be in
prefix notation e.g. aaa.bbb.ccc.ddd/xx. AP's which are started in a
profile-less configuration will use this pool of IP's to set the AP's
interface address as well as default DHCP server options. Each AP will get
a new subnet from the range and clients will be addressed in that subnet
to avoid IP conflicts if multiple AP's are started. |
| UseDefaultInterface |
Values: true, false Do not
allow iwd to destroy / recreate wireless interfaces at startup,
including default interfaces. Enable this behavior if your wireless card
driver is buggy or does not allow such an operation, or if you do not want
iwd to manage netdevs for another reason. For most users with an
upstream driver it should be safe to omit/disable this setting. |
| AddressRandomization |
Values: disabled, once,
network If AddressRandomization is set to disabled, the
default kernel behavior is used. This means the kernel will assign a mac
address from the permanent mac address range provided by the hardware /
driver. Thus it is possible for networks to track the user by the mac
address which is permanent. If AddressRandomization is set to
once, MAC address is randomized a single time when iwd
starts or when the hardware is detected for the first time (due to
hotplug, etc.) If AddressRandomization is set to network,
the MAC address is randomized on each connection to a network. The MAC is
generated based on the SSID and permanent address of the adapter. This
allows the same MAC to be generated each time connecting to a given SSID
while still hiding the permanent address. |
| AddressRandomizationRange |
Values: full, nic One can
control which part of the address is randomized using this setting. When
using AddressRandomizationRange set to nic, only the NIC
specific octets (last 3 octets) are randomized. Note that the
randomization range is limited to 00:00:01 to 00:00:FE. The permanent mac
address of the card is used for the initial 3 octets. When using
AddressRandomizationRange set to full, all 6 octets of the
address are randomized. The locally-administered bit will be set. |
| RoamThreshold |
Value: rssi dBm value, from -100 to
1, default: -70 This can be used to control how aggressively
iwd roams. |
| ManagementFrameProtection |
Values: 0, 1 or 2 When
ManagementFrameProtection is 0, MFP is completely turned
off, even if the hardware is capable. This setting is not recommended.
When ManagementFrameProtection is 1, MFP is enabled if the
local hardware and remote AP both support it. When
ManagementFrameProtection is 2, MFP is always required. This
can prevent successful connection establishment on some hardware or to
some networks. |
| ControlPortOverNL80211 |
Values: false, true
Enable/Disable sending EAPoL packets over NL80211. Enabled by default if
kernel support is available. Doing so sends all EAPoL traffic over
directly to the supplicant process (iwd) instead of putting these
on the Ethernet device. Since only the supplicant can usually make sense /
decrypt these packets, enabling this option can save some CPU cycles on
your system and avoids certain long-standing race conditions. |
| DisableANQP |
Values: false, true
Enable/disable ANQP queries. The way IWD does ANQP queries is dependent on
a recent kernel patch (available in Kernel 5.3). If your kernel does not
have this functionality this should be disabled (default). Some drivers
also do a terrible job of sending public action frames (freezing or
crashes) which is another reason why this has been turned off by default.
If you want to easily utilize Hotspot 2.0 networks, then setting
DisableANQP to false is recommended. |