Digi Embedded Yocto uses the NetworkManager software package to manage any kind of Wi-Fi configuration on a Wi-Fi network. When the Wi-Fi interface is brought up NetworkManager will read the /etc/NetworkManager/system-connections/nm-wlan0 configuration file and will apply the corresponding actions for the Wi-Fi interface. The NetworkManager configuration is kept in /etc/NetworkManager/NetworkManager.conf, and the interface configuration is kept at /etc/NetworkManager/system-connections

By default Digi Embedded Yocto configures NetworkManager to use the Wi-Fi interface in client infrastructure mode without open authentication, no encryption and no SSID. In this mode NetworkManager will not connect to any access point (AP).

Digi Embedded Yocto provides a default nm-wlan0 file which is part of the networkmanager package. This file can be customized and overridden on a custom Yocto layer or during system run time.

Configuring the NetworkManager

The nmcli is a command line tool which allows the user to interact with NetworkManager. You can use the nmcli tool to establish a manual connection for different authentication and encryption configurations.

To show information on the command line tool parameters, call nmcli without a parameter. 

You can use nmcli's edit or modify sub-commands to do any configuration or else change the configuration file itself and then restart the interface to use the new setup. The following examples show different configurations of the Wi-Fi interface using either the configuration file or the command line interface.

Open authentication and no encryption

Via configuration file

[connection]
...
 
[wifi]
ssid=<AP_name>
mac-address-blacklist=
seen-bssids=
 
[ipv4]
dns-search=
method=auto
...

Via command line interface

~# nmcli con edit wlan0
 
===| nmcli interactive connection editor |===
 
Editing existing '802-11-wireless' connection: 'wlan0'
 
Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.
 
You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wi6
nmcli> set wifi.ssid <AP_name>
nmcli> save
nmcli> quit

In both cases, to load the new configuration file and tell NetworkManager to connect to that access point execute the following commands in the console.

~# nmcli con load /etc/NetworkManager/system-connections/nm.wlan0
~# nmcli dev disconnect wlan0
~# nmcli dev connect wlan0

The disconnect command might only be necessary if the Wi-Fi interface had previously been connected to a different AP. 

WPA2-PSK authentication with AES-CCMP encryption

Via configuration file

[connection]
...
 
[wifi]
ssid=<AP_name>
mac-address-blacklist=
seen-bssids=
 
[wifi-security]
key-mgmt=wpa-psk
group=
pairwise=
proto=
psk=<AP_passphrase>
...

Via command line interface

~# nmcli con edit wlan0
 
===| nmcli interactive connection editor |===
 
Editing existing '802-11-wireless' connection: 'wlan0'
 
Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.
 
You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wi6
nmcli> set wifi.ssid <AP_name>
nmcli> set wifi-sec.key-mgmt wpa-psk
nmcli> set wifi-sec.psk <AP_passphrase>
nmcli> remove wifi-sec.group
nmcli> remove wifi-sec.proto
nmcli> remove wifi-sec.pairwise
nmcli> save
nmcli> quit

In both cases, to load the new configuration file and tell NetworkManager to connect to that access point execute the following commands in the console.

~# nmcli con load /etc/NetworkManager/system-connections/nm.wlan0
~# nmcli dev disconnect wlan0
~# nmcli dev connect wlan0

The disconnect command might only be necessary if the Wi-Fi interface had previously been connected to a different AP.

By keeping the proto and the pairwise parameters empty, NetworkManager is able to resolve the authentication and encryption combination used by the access point. This way, you can use the same configuration to connect to an access point with any of the following encryption combinations:

  • WPA-PSK authentication with TKIP encryption

  • WPA-PSK authentication with CCMP/AES encryption

  • WPA2-PSK authentication with TKIP encryption

WPA3-Personal

To connect to a WPA3-Personal network, you must establish a manual connection with the wpa_supplicant daemon because the NetworkManager version included with Digi Embedded Yocto is not compatible with WPA3-personal networks. The following example shows the different configuration steps for the Wi-Fi interface to connect to a WPA3-Personal network.

  1. Add Wi-Fi interface to the unmanaged list for NetworkManager:

    /etc/NetworkManager/NetworkManager.conf
    ...
    [keyfile]
    unmanaged-devices=interface-name:p2p*;interface-name:wlan*
    ...
  2. Configure network settings for wpa_supplicant using your WPA3 password:

    /etc/wpa_supplicant.conf
    ...
    network={
            scan_ssid=1
            ssid="myNetwork"
            key_mgmt=SAE
            group=CCMP
            pairwise=CCMP
            sae_password="xxxxxxxxxx"
            ieee80211w=2
    }
    ...
  3. Start Wi-Fi interface on boot:

    /etc/network/interfaces
    ...
    auto lo
    iface lo inet loopback
    
    auto wlan0
    iface wlan0 inet dhcp
            wpa-driver nl80211
            wpa-conf /etc/wpa_supplicant.conf
    ...
  4. Reboot your system for the changes to take effect:

    ~# reboot

    The device automatically connects to your WPA3-Personal network.