44Net Connect/Routed Subnet/Debian based distributions

From 44Net Wiki
Revision as of 18:45, 30 June 2026 by KN6DWI (talk | contribs) (Filled out section on configuring WiFi interface for access point mode)

Prerequisites

Set up a single-device tunnel to your machine. Note the IP and name of your WireGuard interface. The name of your WireGuard interface is the same as the name of your config file. For example, if your config file is /etc/wireguard/wg0.conf, then your interface name is wg0. The IP of your WireGuard interface can be obtained from running ifconfig <interface> and finding the IP listed under the interface in the inet field.

Below is some example output of ifconfig wg0.

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1380
    inet 44.27.133.190  netmask 255.255.255.255  destination 44.27.133.190
    inet6 fe80::f728:a0b0:3af5:b5c6  prefixlen 128  scopeid 0x20<link>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
    RX packets 17331  bytes 5865364 (5.5 MiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 13389  bytes 2146828 (2.0 MiB)
    TX errors 0  dropped 1 overruns 0  carrier 0  collisions 0

Request a Subnet

Go to the Network tab of 44Net Connect, and request a network. Requests up to a /28 (16 IPs) are automatically approved. It's recommended to request at least a /29 (8 IPs), since at least 2 of your IPs must be set aside for network and broadcast addresses. That way, you have at least 6 usable addresses for your hosts.


Setting Up The Network Interface

The recommended way to set up the router for your subnet is with two ethernet interfaces. The second can be provided by a USB ethernet adapter if necessary. This section has the steps that are required regardless of whether you're using ethernet or WiFi. If you're using WiFi, you'll also need the steps in the following section. Otherwise, you can skip them.

Step 1: Create a new connection in nmcli

nmcli is the CLI interface for NetworkManager, which is the high level network configuration tool included in most Debian-based distributions by default. These configuration steps can be completed using the NetworkManager GUI, but many people operate a "headless" machine (without a screen or keyboard) and use SSH to remotely configure it. Thus, this tutorial uses a CLI tool to accommodate that use case. An nmcli "connection" is an abstraction representing a network configuration attached to a device. Create a new connection by running

sudo nmcli con add conn-name <name> ifname <interface name> type <type>.

You can name the connection whatever you like, but it's recommended to name it something descriptive. For example, if you're configuring a 44net routed subnet for eth1, you might name it 44net-eth1. The interface name is the name of the interface you're using, as described by ifconfig. The type is either wifi or ethernet. For a WiFi interface, you must also specify the BSSID (network name) by adding the parameter ssid <BSSID> at the end.

Step 2: Configure the IP

Set the IPv4 method to manual using the following command:

sudo nmcli con modify <name> ipv4.method manual

Next, set the IP range for this interface.

sudo nmcli con modify <name> ipv4.address <subnet>

Your subnet should be specified in CIDR notation. At this point, if you're configuring an ethernet interface, you're ready to start it up. If you're configuring a WiFi interface, don't start your interface yet, and move on to the next section for additional configuration.

Step 3: Starting the Interface

First, disable the existing connection, which is likely named netplan-<interface>. If you're using eth1 for your 44net clients, it may look like netplan-eth1. If you are configuring your Debian machine over SSH, be careful not to deactivate the connection over which your SSH is traveling.

sudo nmcli con down <name of existing connection>

After deactivating the regular connection, activate your new connection. If this succeeds, you're good to go.

sudo nmcli con up <name of new connection>

Optional: Setting Up A Wireless Access Point

If you have wireless only clients, or wish to utilize an existing WiFi interface in lieu of an additional ethernet interface, you can configure the interface as an access point.

After your subnet is approved, you must attach it to your tunnel. Go to your Tunnels tab on 44Net Connect, and click Edit on the tunnel for your routing device. Go to the "Route additional Networks Through This Tunnel" section, and check the box for the subnet you want to use for this tunnel.

Step 1: Set your wireless regulatory domain

Different countries have different rules about which frequencies and bandwidths devices are allowed to use for WiFi. Setting the regulatory domain ensures that your device will use the right ones, making it work best with nearby devices and ensuring regulatory compliance.

Your regulatory domain may have already been set during OS installation. Run sudo iw reg get to check whether it's been set. Look at the country set under global. If it says unset, you have not set the regulatory domain.

If your regulatory domain has not been set, set it with sudo iw reg set <country code> where the country code is your two letter ISO country code.

Step 2: Configure WiFi settings for your nmcli connection

Set the access point security and password. First, we set the wifi-sec.key-mgmt parameter to wpa-psk to disable the older insecure WEP encryption method. At this point, you will also need to set a password.

sudo nmcli con modify <connection name> wifi-sec.key-mgmt wpa-psk

sudo nmcli con modify <connection name> wifi-sec.psk <password>

For security, leave only WPA2 enabled. By default, the older WPA protocol is enabled for compatibility, but it only supports the less secure TKIP encryption algorithm. Disable it by setting wifi-sec.proto to rsn.

sudo nmcli con modify <connection name> wifi-sec.proto rsn

Even after disabling the older WPA protocol, WPA2 supports TKIP for compatibility. As an additional security measure, enable only the CCMP encryption algorithm, disabling TKIP.

sudo nmcli con modify <connection name> wifi-sec.pairwise ccmp

Finally, set the connection to access point mode and configure it to use your subnet assignment.

sudo nmcli con modify <connection name> 802-11-wireless.mode ap 802-11-wireless.band <band> ipv4.method manual ipv4.addr <subnet in CIDR notation>

For the 802-11-wireless.band setting, choose either bg for 2.4 GHz or a for 5 GHz.

Now we need to disable the current nmcli connection and enable our new one. Current connections can be viewed by running nmcli connection. If your device is currently connected to a WiFi network, you'll see something like netplan-wlan0-<name of your wifi network>. Disable that connection by running the following command:

sudo nmcli conn down netplan-wlan0-<name of your wifi network>

Next, enable your new connection by running sudo nmcli conn up <name of connection>