Latest revision as of 13:21, 18 November 2025

Configuring an IP connection on your watch has to be done manually until a GUI settings option is available. On watches that support WLAN, you can enable Wi-Fi and configure the connection using connmanctl like described below. Forwarding IP requests to a connected PC via USB is another option, explained in the second paragraph.

By default, there is no root or ceres password, and no firewall rules. (However, on some watches, the kernel has the CONFIG_ANDROID_PARANOID_NETWORK kernel option enabled, see below.) A password can be set using the passwd command.

IP over WLAN (WiFi)

Connect to your watch using ssh root@192.168.2.15 or adb shell.

# connmanctl
connmanctl> enable wifi
connmanctl> scan wifi
connmanctl> services
connmanctl> agent on
connmanctl> connect wifi_CODE-FOR-YOUR-SSID
connmanctl> quit

Check whether an IP address has been assigned to the watch using ip a show dev wlan0 or ifconfig wlan0.

Note that activated WLAN consumes additional power. Currently, it is recommended to disable the function after use. connmanctl disable wifi is used to disable Wi-Fi and power off WLAN temporarily. connmanctl enable wifi activates WLAN again and connects to the last used Wi-Fi network.

Some more documentation on connman can be found on ArchWiki.

IP over USB

It is possible to allow your watch to be able to use your Linux computer's internet connection via a USB connection. You will need:

A Linux computer with RNDIS support loaded and enabled
The ability to change network configurations on that computer
A network connection

This works by using the RNDIS driver to allow the USB device to appear to be a network interface. RNDIS stands for "Remote Network Driver Interface Specification" and was a proprietary protocol from Microsoft. It is supported in Linux by the rndis_host driver. This driver may either be compiled into the kernel, or more typically provided as an optional module. If you're not sure, you can try this lsmod to see if it's loaded on your computer.

lsmod | grep ndis
rndis_host             24576  0
cdc_ether              24576  1 rndis_host
usbnet                 61440  2 rndis_host,cdc_ether

If it isn't you might be able to use modprobe rndis_host (with root privileges) to install the module.

Once the rndis_host is installed and running, you can enable Network Address Translation (NAT) to allow your Linux computer to share it's internet IP address with the watch. To configure a NAT on your computer (Note: Replace eth0 with the name of the interface that connects your computer to the Internet) with:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Here again, you might need root privileges for those commands, depending on how your computer is configured.

Configure a default gateway and DNS on the watch with the following commands ran via SSH as the root user:

ip route add default via 192.168.2.1

echo "nameserver 8.8.8.8" >> /etc/resolv.conf

Note that this assumes that your computer's IP address on RNDIS is 192.168.2.1, which is the default, but if you have multiple watches, or have plugged and unplugged the same watch a few times, it might be different. To make sure, on the watch, you can type who and it will reply with something like this:

root pts/0 00:01 Jun 9 08:06:24 192.168.2.2

In this particular case, the address shown is 192.168.2.2, so the first command listed above would be route add default gw 192.168.2.2.

Paranoid Kernels

On some watch models (e.g., lenok), the kernel shipped with AsteroidOS is compiled with the Android-specific CONFIG_ANDROID_PARANOID_NETWORK kernel option enabled. That option enforces non-standard restrictions on networking, based on hardcoded group IDs (GIDs):

GID 3003 is the inet group, allowing to create AF_INET and AF_INET6 sockets,
GID 3004 is the net_raw group, allowing to create raw INET sockets.

Only root and members of the groups with those magic GIDs are allowed to perform the described actions. In particular, by default, the ceres user is not.

Therefore, in order to be able to access the network as ceres (e.g., for asteroid-weatherfetch to work), SSH into your watch as root (or use adb shell) and run the following 2 commands:

groupadd -g 3003 -U root,ceres inet
groupadd -g 3004 -U root,ceres net_raw

These create the two magic groups with the same name and GID as on Android and add both root and ceres to them. Then reboot your watch, because only newly started sessions will pick up the new group memberships.

@@ Line 1: / Line 1: @@
 Configuring an IP connection on your watch has to be done manually until a GUI settings option is available. On watches that support WLAN, you can enable Wi-Fi and configure the connection using <code>connmanctl</code> like described below. Forwarding IP requests to a connected PC via USB is another option, explained in the second paragraph.
-By default, there is no <code>root</code> or <code>ceres</code> password, and no firewall rules. A password can be set using the passwd command.
+By default, there is no <code>root</code> or <code>ceres</code> password, and no firewall rules. (However, on some watches, the kernel has the <code>CONFIG_ANDROID_PARANOID_NETWORK</code> kernel option enabled, see below.) A password can be set using the passwd command.
 = IP over WLAN (WiFi) =
@@ Line 42: / Line 42: @@
 Once the <code>rndis_host</code> is installed and running, you can enable Network Address Translation (NAT) to allow your Linux computer to share it's internet IP address with the watch. To configure a NAT '''on your computer''' (Note: Replace eth0 with the name of the interface that connects your computer to the Internet) with:
-<pre>
+<pre>echo 1 > /proc/sys/net/ipv4/ip_forward</pre>
-echo 1 > /proc/sys/net/ipv4/ip_forward
+<pre>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</pre>
-iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-</pre>
 Here again, you might need root privileges for those commands, depending on how your computer is configured.
@@ Line 51: / Line 49: @@
 Configure a default gateway and DNS '''on the watch''' with the following commands ran via [[SSH]] as the root user:
-<pre>
+<pre>ip route add default via 192.168.2.1</pre>
-route add default gw 192.168.2.1
+<pre>echo "nameserver 8.8.8.8" >> /etc/resolv.conf</pre>
-echo "nameserver 8.8.8.8" >> /etc/resolv.conf
-</pre>
 Note that this assumes that your computer's IP address on RNDIS is 192.168.2.1, which is the default, but if you have multiple watches, or have plugged and unplugged the same watch a few times, it might be different. To make sure, on the watch, you can type <code>who</code> and it will reply with something like this:
@@ Line 63: / Line 59: @@
 In this particular case, the address shown is 192.168.2.2, so the first command listed above would be <code>route add default gw 192.168.2.2</code>.
+= Paranoid Kernels =
+On some watch models (e.g., <code>lenok</code>), the kernel shipped with AsteroidOS is compiled with the Android-specific <code>CONFIG_ANDROID_PARANOID_NETWORK</code> kernel option enabled. That option enforces non-standard restrictions on networking, based on hardcoded group IDs (GIDs):
+* GID 3003 is the <code>inet</code> group, allowing to create <code>AF_INET</code> and <code>AF_INET6</code> sockets,
+* GID 3004 is the <code>net_raw</code> group, allowing to create raw INET sockets.
+Only <code>root</code> and members of the groups with those magic GIDs are allowed to perform the described actions. In particular, by default, the <code>ceres</code> user is '''not'''.
+Therefore, in order to be able to access the network as <code>ceres</code> (e.g., for <code>asteroid-weatherfetch</code> to work), SSH into your watch as <code>root</code> (or use <code>adb shell</code>) and run the following 2 commands:
+<pre>
+groupadd -g 3003 -U root,ceres inet
+groupadd -g 3004 -U root,ceres net_raw
+</pre>
+These create the two magic groups with the same name and GID as on Android and add both <code>root</code> and <code>ceres</code> to them. Then reboot your watch, because only newly started sessions will pick up the new group memberships.