How to manage wireless connections using iwd on Linux

Iwd is the acronym of “iNet wireless daemon”. As the name suggests, it is a free and open source wireless management daemon written by Intel for Linux. It is designed to avoid the usage of external libraries it just relies on the functionalities integrated into the kernel. It can be used together with NetworkManager as a substitute for wpa_supplicant, or in standalone mode. In this tutorial we will explore the latter option.

In this tutorial you will learn:

How to install iwd on some of the most used Linux distributions
How to start and enable the iwd daemon
How to obtain a list of the available wireless networks
How to connect to a protected network
How to enable the dhcp client integrated into iwd
How to obtain a list of the known connections
How to forget a connection

How to manage wireless connections using iwd on Linux

Software requirements and conventions used

Software Requirements and Linux Command Line Conventions
Category	Requirements, Conventions or Software Version Used
System	Distribution independent
Software	iwd
Other	Root privileges
Conventions	# – requires given linux-commands to be executed with root privileges either directly as a root user or by use of `sudo` command $ – requires given linux-commands to be executed as a regular non-privileged user

Installation

Iwd is available in the repositories of all the most used Linux distribution and their derivatives. Here we will see how to perform the installation on Debian, Fedora and ArchLinux.

If you are a Debian user you already know there are many commands we can use to install a package on the distribution. Here we will use the user-friendly apt wrapper. We run:

$ sudo apt install iwd

On Fedora, which is the upstream/community distribution of the Red Hat family, to install a package we can use dnf (Dandified Yum). To perform the installation we run the following command:

$ sudo dnf install iwd

If Archlinux is our favorite distribution, we can use the pacman package manager to perform the same task. The syntax to use is just as easy. We fire up our terminal emulator and issue the following command:

$ sudo pacman -Sy iwd

In the command we used to options: -S and -y. The first one is the short version of --sync: this will install the requested package(s). The second one, -y (--refresh), instead, make so that a fresh package database is downloaded.

The iwd package provides:

The iwd daemon
The iwctl command line utility
The iwmon monitoring tool

Starting and enabling the iwd daemon

The first thing we need to do is to start the iwd daemon with and optionally enable it, so it will be automatically started on boot. How can we do it? Practically all the major Linux distribution nowadays use the systemd init system, therefore to perform the task we must use the systemctl utility. To start the daemon we run:

$ sudo systemctl start iwd

If we also want the daemon to be automatically started at boot, we must issue the following command:

$ sudo systemctl enable iwd

We can actually perform both tasks with just one command:

$ sudo systemctl enable --now iwd

Once the iwd service is running, we can begin with scanning for wireless connections.

Obtaining a list of the available wireless networks

Before we connect to a wireless network, we may want to scan for the available access points, and obtain a list of them on the terminal. The first thing we need to know in order to perform such task, is the name of the wireless network interface(s) available on our machine, so we run:

$ iwctl device list

Here is the output of the above command on the machine I am currently using:

                                    Devices
--------------------------------------------------------------------------------
  Name                Address             Powered   Adapter   Mode
--------------------------------------------------------------------------------
  wlan0               xx:xx:xx:xx:xx:xx   on        phy0      station

The data is organized in columns. We have the following information:

The device name
The device MAC address
The power status
The wireless adapter name
The working mode

As you can see, the original kernel name is used for the network interface instead of the udev predictable one. In this case the device is working in “client” mode, so “station” is reported in the last column of the table.

Once we know the name of our wireless network interface, we can start scanning for available connections. To perform such task we run:

$ iwctl station wlan0 scan

The above command will just scan for available networks, but will not produce any output. To get the list of the available connections, we should use an additional command after it:

$ iwctl station wlan0 get-networks

That’s how the output of the command would look like:

                              Available networks
--------------------------------------------------------------------------------
  Network name                    Security          Signal
--------------------------------------------------------------------------------
  valinor                         psk               ****
  arda                            psk               ****

By taking a look at it we can see each network name, the type of security used for it (one among “open”,”wep”,”psk” or “8021x”) and the signal strength. In the next section we will try to connect to one of those networks.

Connecting to a wireless network

In the previous example we saw how to obtain the list of the available network connections, now let’s try to connect to one. As we can see in the output returned in the previous example, both available networks are protected by a psk (Pre-Shared-Key), therefore, to connect to one of them we should run iwctl with the --passphrase option, and provide the passphrase as argument. Let’s see an example. Suppose I want to connect to the “arda” network; that’s the command I would run:

$ iwctl station wlan0 connect arda --passphrase mysupersecretpassphrase

To verify the connection is now active we can run the following command:

$ iwctl station wlan0 show

In this case we would receive the following output:

                                Station: wlan0
--------------------------------------------------------------------------------
  Settable  Property            Value
--------------------------------------------------------------------------------
            Scanning            no
            State               connected
            Connected network   arda
            ConnectedBss        10:13:31:53:26:11
            Frequency           2462
            Security            WPA2-Personal
            RSSI                -77                  dBm
            AverageRSSI         -76                  dBm
            TxMode              802.11n
            TxMCS               5
            TxBitrate           52000                Kbit/s
            RxBitrate           1000                 Kbit/s
            ExpectedThroughput  27375                Kbit/s

We can see the connection is now active; however, if we try to navigate to some location, or just ping an external address, we fail. Why? That is because although we connected to the access point, we didn’t assign an IP address to the interface, and we didn’t setup a gateway for it, nor a dns server address. We can set those parameters statically or we can get it from the dhcp server integrated in our router. In this case we will use the latter option.

To obtain a dhcp configuration on Linux, we usually use a client like dhcpcd; Iwd, however, has a dhcp client integrated, which is disabled by default. To activate it we need to enter the following lines in the iwd configuration file: /etc/iwd/main.conf (the file may not exists by default):

[General]
EnableNetworkConfiguration=true

After we save the configuration file, we just need to restart the daemon, and the connection should be automatically configured for us:

$ sudo systemctl restart iwd

Disconnecting from a network

What if we want to end a currently active connection? The command we would use to perform such task is very simple. In the previous example we connected to the “arda” network; to disconnect from it we would run:

$ iwctl station wlan0 disconnect

Obtaining a list of the known connections

The iwd service conveniently keeps track of the known connection. To obtain the list of them we can launch the following command:

$ iwctl known-networks list

In this case we just connected to one network, which, as expected is reported in the output of the command:

                            Known Networks
--------------------------------------------------------------------------------
  Name                            Security   Hidden   Last connected
--------------------------------------------------------------------------------
  arda                            psk                 Oct 16,  1:15 PM

The next time we will connect to the network we won’t need to provide information such as the passhprase again. Iwd stores connection information inside the /var/lib/iwd directory. Each network data is stored in a dedicated file, named using the name.security_type template. In this case, the configuration file for the “arda” network would therefore be: /var/lib/iwd/arda.psk.

If for some reason we want the iwd service to forget a specific network, all we have to do is to launch again the iwctl known-networks command, this time using the forget action. To make the service forget about the “arda” network, for example, we would run:

$ iwctl known-networks arda forget

Conclusions

In this tutorial we talked about iwd, the iNet wireless daemon developed by Intel for Linux. We learned how to install it on some of the most used Linux distributions, how to start and enable the iwd daemon using systemctl, how to use the iwctl utility to scan for the available wireless networks and how to connect to a protected one. We also saw to enable the integrated dhcp client, how to obtain the list of the known connection, and finally, how to forget a connection.