Super lightweight network manager.
RTFM:
$ net help
usage: net [<command>] [<args>] [--config=<config>] [--iface=<interface>]
[--no-vpn] [--verbose] [-h] [--help]
Shorthands:
If no positional arguments are given the command is "list".
If one positional argument is given the command is "connect".
Commands:
list:
List available connections.
scan:
Scan for access points.
connect <connection> [<password>]:
If <connection> is present in the configuration file then use that,
otherwise connect to an access point with SSID <connection>, using the
password <password> if specified.
stop [<interface> [<interface> ...]]:
Bring down the connection. Brings down all interfaces if called with no
arguments.
dns [<dns> [<dns> ...]]:
Change DNS server. No argument or "dhcp" requests DNS servers via DHCP.
mac [<mac>]:
Change the MAC address of the interface specified by --iface. If no address
is given, one is chosen at random.
vpn <name> [stop]:
Connect to, or disconnect from, VPN.
genkey:
Generate a WireGuard key pair.
show [<connection>]:
Show configuration options. If no connection is specified, all are show.
help:
You're reading it.
Options:
--config=<config>:
Select configurations file. If <config> is "-" no configuration file is
used. Defaults to "~/.net.conf".
--iface=<interface>:
Select networking interface. Overridden by configuration file if specified.
Defaults to first WiFi capable interface found.
--no-vpn:
Don't connect to a VPN. Acts as if the connection configuration did not
have a `vpn` field.
--verbose:
Print every executed command (and the result) to stdout.
The simplest usage is probably connecting to a wireless network:
$ net connect MyWirelessNetwork MySecretPassphrase
Connecting
Sending DHCP request
DONE (addr: 192.168.1.42)
The file ~/.net.conf holds a list of configured networks (in YAML). An
example is included in .net.conf.example:
common: # Default settings
mac: 00:??:??:??:??:?? # Make last 5 bytes random
dns: 8.8.8.8, 8.8.4.4
hostname: <name>s-MacBook-Pro # <name> is a table of generic names
vpn: myvpn
ignored:
interfaces:
- br[0-9]+
- tap[0-9]+
- tun[0-9]+
- docker[0-9]+ # Docker
- vboxnet[0-9]+ # Virtualbox
- vmnet[0-9]+ # VMWare
vpn:
myvpn:
type: openvpn
config: |
client
dev tun
proto udp
remote my-server-1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
myvpn2:
type: wireguard
address: 10.0.0.1/8
interface: wg0
gateway: True
config: |
[Interface]
ListenPort = 51820
PrivateKey = QLa1x8ttCEl23cCIGpndDv9CIZ7Al7G7Kuj9yG0PIVk=
[Peer]
Endpoint = 198.51.100.1:51820
PublicKey = cPybMYBdfrj0wp+FlvWoFfL2fI1kc7dhtKB+cqvNPCA=
AllowedIPs = 0.0.0.0/0
office:
vpn: myvpn
routes:
- 192.168.0.0/16 -> 192.168.1.1 # Local network
crappy-hotel-wifi:
ssid: FreeWiFi
# Pin access point address to avoid switching between a gazillion equally
# crappy ones. This tends to give a more reliable connection.
ap-addr: 00:11:22:33:44:55
vpn: myvpn # Connect to VPN when away from home
wired:
dns: dhcp
mac: default # The default is to pick a random Macbook Pro MAC address
hostname: # Do not send a hostname
static:
interface: eth0
addr: 192.168.0.42/24
gateway: 192.168.0.1
routes:
- default
eduroam:
ssid: eduroam
wpa: |
network={
identity="YOUR-ID-HERE"
password="YOUR-PASSPHRASE-HERE"
key_mgmt=WPA-EAP
}
my-home-network:
ssid: SSID-HERE
psk: PASSPHRASE-HERE
vpn: # Do not connect to VPN when at home
Using this config file you can connect to my-home-network using the command:
$ net my-home-network
Notice that the section common does not define a network but rather settings
common to all network configurations (in this case using Google's DNS servers,
randomizing the MAC address and hostname [<name> will be replaced by an actual
name] and connecting to a VPN).
The ignored and vpn sections do not define networks either. The ignored
section contains a list of interfaces to be ignored by e.g. net stop and the
vpn section contains the OpenVPN configurations for each VPN.
Put net in your PATH.
Put _net_bash_completion in your path and add the line
_net_bash_completion
to ~/.bash_completion.
| Dependency | Debian package |
|---|---|
/bin/ip |
iproute2 |
/sbin/ethtool |
ethtool |
/sbin/iw |
iw |
/sbin/udhcpc |
udhcpc |
/sbin/wpa_cli |
wpasupplicant |
/sbin/wpa_supplicant |
wpasupplicant |
/usr/bin/chattr |
e2fsprogs |
/usr/bin/expand |
coreutils |
/usr/bin/cut |
coreutils |
/usr/bin/pkill |
procps |
/usr/sbin/openvpn |
openvpn |
/usr/bin/wg |
https://www.wireguard.com/install/ |
Python package yaml |
python-yaml / PyPI pyyaml |
It is also a good idea to uninstall resolvconf, as it overwrites the DNS settings.
udhcpc is part of the busybox suite, and can be installed, and used, on non-Debian systems, which doesn't have a separate package, by:
- Install busybox with udhcpc compiled in
- Hard-link busybox as udhcpc
# ln /bin/busybox /usr/local/bin/udhcpc
- Install a client script somewhere and make it executable - udhcpc README
- Set udhcpc-config: under common:
common:
udhcpc-config: /etc/udhcpc/default.script