IP Connection: Difference between revisions
| Line 6: | Line 6: | ||
Connect to your watch using <code>ssh root@192.168.2.15</code> or <code>adb shell</code>. | Connect to your watch using <code>ssh root@192.168.2.15</code> or <code>adb shell</code>. | ||
<pre>connmanctl</pre> | |||
Starts the connmanctl interactive mode. The prompt indicator will change to <code>connmanctl></code> | |||
<pre>enable wifi</pre> | |||
Output: Enabled wifi | |||
<pre>scan wifi</pre> | |||
Output: Scan completed for wifi | |||
<pre>agent on</pre> | |||
Output: Agent registered | |||
<pre> | The Agent will handle automatic reconnect to the network. | ||
<pre>services</pre> | |||
Shows the discovered SSIDs and their service identifier. | |||
Output example: | |||
<code>YourNetwork wifi_1234567890_1234567890_managed_psk</code> | |||
<code>OtherLAN wifi_0987654321_123456789_managed_psk</code> | |||
<pre>connect <ServiceIdentifierOfYourSSID></pre> | |||
Example: | |||
<code>connect wifi_1234567890_1234567890_managed_psk</code> | |||
Passphrase ? | |||
Prompt changes to <code>Passphrase?</code> and asks for the password to the SSID. | |||
</pre> | |||
<code>TypeYourPassPhraseAndPressEnter</code> | |||
Output: Connected to wifi_1234567890_1234567890_managed_psk | |||
<pre>quit</pre> | |||
Leaves the connmanctl interactive mode. | |||
Check whether an IP address has been assigned to the watch using <code>ip a show dev wlan0</code> or <code>ifconfig wlan0</code>. | Check whether an IP address has been assigned to the watch using <code>ip a show dev wlan0</code> or <code>ifconfig wlan0</code> or by trying to <code>ping 8.8.8.8</code>. | ||
Note that activated WLAN consumes additional power. Currently, it is recommended to disable the function after use. <code>connmanctl disable wifi</code> is used to disable Wi-Fi and power off WLAN temporarily. <code>connmanctl enable wifi</code> activates WLAN again and connects to the last used Wi-Fi network. | Note that activated WLAN consumes additional power. Currently, it is recommended to disable the function after use. <code>connmanctl disable wifi</code> is used to disable Wi-Fi and power off WLAN temporarily. <code>connmanctl enable wifi</code> activates WLAN again and connects to the last used Wi-Fi network. | ||
| Line 30: | Line 43: | ||
Some more documentation on connman can be found on [https://wiki.archlinux.org/index.php/ConnMan#Connecting_to_a_protected_access_point ArchWiki]. | Some more documentation on connman can be found on [https://wiki.archlinux.org/index.php/ConnMan#Connecting_to_a_protected_access_point ArchWiki]. | ||
# A Linux computer with RNDIS support loaded and enabled | =IP over USB= | ||
# The ability to change network configurations on that computer | It is possible to allow your watch to be able to use your Linux computer's internet connection via a USB connection. You will need: | ||
# A network connection | |||
#A Linux computer with RNDIS support loaded and enabled | |||
#The ability to change network configurations on that computer | |||
#A network connection | |||
This works by using the RNDIS driver to allow the USB device to appear to be a network interface. RNDIS stands for "Remote Network Driver Interface Specification" and was a proprietary protocol from Microsoft. It is supported in Linux by the <code>rndis_host</code> driver. This driver may either be compiled into the kernel, or more typically provided as an optional module. If you're not sure, you can try this <code>lsmod</code> to see if it's loaded on your computer. | This works by using the RNDIS driver to allow the USB device to appear to be a network interface. RNDIS stands for "Remote Network Driver Interface Specification" and was a proprietary protocol from Microsoft. It is supported in Linux by the <code>rndis_host</code> driver. This driver may either be compiled into the kernel, or more typically provided as an optional module. If you're not sure, you can try this <code>lsmod</code> to see if it's loaded on your computer. | ||
| Line 68: | Line 82: | ||
In this particular case, the address shown is 192.168.2.2, so the first command listed above would be <code>route add default gw 192.168.2.2</code>. | In this particular case, the address shown is 192.168.2.2, so the first command listed above would be <code>route add default gw 192.168.2.2</code>. | ||
= Paranoid Kernels = | = Paranoid Kernels= | ||
On some watch models (e.g., <code>lenok</code>), the kernel shipped with AsteroidOS is compiled with the Android-specific <code>CONFIG_ANDROID_PARANOID_NETWORK</code> kernel option enabled. That option enforces non-standard restrictions on networking, based on hardcoded group IDs (GIDs): | On some watch models (e.g., <code>lenok</code>), the kernel shipped with AsteroidOS is compiled with the Android-specific <code>CONFIG_ANDROID_PARANOID_NETWORK</code> kernel option enabled. That option enforces non-standard restrictions on networking, based on hardcoded group IDs (GIDs): | ||
* GID 3003 is the <code>inet</code> group, allowing to create <code>AF_INET</code> and <code>AF_INET6</code> sockets, | *GID 3003 is the <code>inet</code> group, allowing to create <code>AF_INET</code> and <code>AF_INET6</code> sockets, | ||
* GID 3004 is the <code>net_raw</code> group, allowing to create raw INET sockets. | * GID 3004 is the <code>net_raw</code> group, allowing to create raw INET sockets. | ||
Revision as of 00:39, 5 March 2026
Configuring an IP connection on your watch has to be done manually until a GUI settings option is available. On watches that support WLAN, you can enable Wi-Fi and configure the connection using connmanctl like described below. Forwarding IP requests to a connected PC via USB is another option, explained in the second paragraph.
By default, there is no root or ceres password, and no firewall rules. (However, on some watches, the kernel has the CONFIG_ANDROID_PARANOID_NETWORK kernel option enabled, see below.) A password can be set using the passwd command.
IP over WLAN (WiFi)
Connect to your watch using ssh root@192.168.2.15 or adb shell.
connmanctl
Starts the connmanctl interactive mode. The prompt indicator will change to connmanctl>
enable wifi
Output: Enabled wifi
scan wifi
Output: Scan completed for wifi
agent on
Output: Agent registered
The Agent will handle automatic reconnect to the network.
services
Shows the discovered SSIDs and their service identifier.
Output example:
YourNetwork wifi_1234567890_1234567890_managed_psk
OtherLAN wifi_0987654321_123456789_managed_psk
connect <ServiceIdentifierOfYourSSID>
Example:
connect wifi_1234567890_1234567890_managed_psk
Prompt changes to Passphrase? and asks for the password to the SSID.
TypeYourPassPhraseAndPressEnter
Output: Connected to wifi_1234567890_1234567890_managed_psk
quit
Leaves the connmanctl interactive mode.
Check whether an IP address has been assigned to the watch using ip a show dev wlan0 or ifconfig wlan0 or by trying to ping 8.8.8.8.
Note that activated WLAN consumes additional power. Currently, it is recommended to disable the function after use. connmanctl disable wifi is used to disable Wi-Fi and power off WLAN temporarily. connmanctl enable wifi activates WLAN again and connects to the last used Wi-Fi network.
Some more documentation on connman can be found on ArchWiki.
IP over USB
It is possible to allow your watch to be able to use your Linux computer's internet connection via a USB connection. You will need:
- A Linux computer with RNDIS support loaded and enabled
- The ability to change network configurations on that computer
- A network connection
This works by using the RNDIS driver to allow the USB device to appear to be a network interface. RNDIS stands for "Remote Network Driver Interface Specification" and was a proprietary protocol from Microsoft. It is supported in Linux by the rndis_host driver. This driver may either be compiled into the kernel, or more typically provided as an optional module. If you're not sure, you can try this lsmod to see if it's loaded on your computer.
lsmod | grep ndis rndis_host 24576 0 cdc_ether 24576 1 rndis_host usbnet 61440 2 rndis_host,cdc_ether
If it isn't you might be able to use modprobe rndis_host (with root privileges) to install the module.
Once the rndis_host is installed and running, you can enable Network Address Translation (NAT) to allow your Linux computer to share it's internet IP address with the watch. To configure a NAT on your computer (Note: Replace eth0 with the name of the interface that connects your computer to the Internet) with:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Here again, you might need root privileges for those commands, depending on how your computer is configured.
Configure a default gateway and DNS on the watch with the following commands ran via SSH as the root user:
ip route add default via 192.168.2.1
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
Note that this assumes that your computer's IP address on RNDIS is 192.168.2.1, which is the default, but if you have multiple watches, or have plugged and unplugged the same watch a few times, it might be different. To make sure, on the watch, you can type who and it will reply with something like this:
root pts/0 00:01 Jun 9 08:06:24 192.168.2.2
In this particular case, the address shown is 192.168.2.2, so the first command listed above would be route add default gw 192.168.2.2.
Paranoid Kernels
On some watch models (e.g., lenok), the kernel shipped with AsteroidOS is compiled with the Android-specific CONFIG_ANDROID_PARANOID_NETWORK kernel option enabled. That option enforces non-standard restrictions on networking, based on hardcoded group IDs (GIDs):
- GID 3003 is the
inetgroup, allowing to createAF_INETandAF_INET6sockets, - GID 3004 is the
net_rawgroup, allowing to create raw INET sockets.
Only root and members of the groups with those magic GIDs are allowed to perform the described actions. In particular, by default, the ceres user is not.
Therefore, in order to be able to access the network as ceres (e.g., for asteroid-weatherfetch to work), SSH into your watch as root (or use adb shell) and run the following 2 commands:
groupadd -g 3003 -U root,ceres inet groupadd -g 3004 -U root,ceres net_raw
These create the two magic groups with the same name and GID as on Android and add both root and ceres to them. Then reboot your watch, because only newly started sessions will pick up the new group memberships.