Tag Archives: wifi

Realtek RTL8188CUS – USB 802.11n WiFi Review

When using FreeBSD on a new laptop you sometimes find out that the WiFi chip that it came with is not supported … or not yet supported in RELEASE version and support exists in CURRENT development version that you do not want to use.

This is where Realtek RTL8188CUS chip comes hand.


Its used in many appliances and products but we are interested in its small USB WiFi version that is really small.

The Realtek company even got Taiwan Green Classics Award 2011 for their 802.11b/g/n 2.4GHz 1T1R WLAN Single Chip Controller (RTL8188CE/RTL8188CUS) on 2011 year when it was introduced.



Its not very powerful as it comes with 1×1 antennas and 802.11n support – yes only single antenna. 150Mbps at most.

Its also very small and almost does not stick out of the laptop.


When connected it also gives subtle little dim light.



I will now show you how it works on FreeBSD. This is for 12.2-RELEASE version but it worked the same for 11.1-RELEASE 3 years ago.

My ThinkPad W520 laptop already has Intel 6300 with 3×3 antennas and 802.11n standard WiFi card supported by iwn(4) driver.

# sysctl net.wlan.devices
net.wlan.devices: iwn0

We will now attach Realtek RTL8188CUS chip and will check whats coming in dmesg(8) command.

# dmesg
ugen2.3:  at usbus2
rtwn0 on uhub4
rtwn0:  on usbus2
rtwn0: MAC/BB RTL8188CUS, RF 6052 1T1R

… and some more information from usbconfig(8) command.

# usbconfig
ugen2.3:  at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA)

# usbconfig -d 2.3 show_ifdrv
ugen2.3:  at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA)
ugen2.3.0: rtwn0: 

Its now listed as rtwn0 as its supported by the rtwn(4) driver on FreeBSD.

# sysctl net.wlan.devices
net.wlan.devices: rtwn0 iwn0

Lets connect to some wireless network with this Realtek chip. I will create wlan1 device as wlan0 is already taken by the other Intel 6300 card.

# ifconfig wlan1 create wlandev rtwn0

# ifconfig wlan1
wlan1: flags=8802<broadcast,simplex,multicast> metric 0 mtu 1500
        ether 00:1d:43:21:2d:1c
        groups: wlan
        ssid "" channel 1 (2412 MHz 11b)
        regdomain FCC country US authmode OPEN privacy OFF txpower 30 bmiss 7
        scanvalid 60 wme bintval 0
        parent interface: rtwn0
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
        nd6 options=21<performnud,auto_linklocal>

# wpa_passphrase WIFINETWORK PASSWORD >> /etc/wpa_supplicant.conf

# wpa_supplicant -i wlan1 -c /etc/wpa_supplicant.conf
Successfully initialized wpa_supplicant
wlan1: Trying to associate with d8:07:b8:b8:f4:81 (SSID='wireless' freq=2442 MHz)
wlan1: Associated with d8:07:b6:b8:f4:81
wlan1: WPA: Key negotiation completed with d8:07:b6:b8:f4:81 [PTK=CCMP GTK=CCMP]
wlan1: CTRL-EVENT-CONNECTED - Connection to d8:07:b6:b8:f4:81 completed [id=40 id_str=]
zsh: suspended  wpa_supplicant -i wlan1 -c /etc/wpa_supplicant.conf

# bg
[1]  + continued  wpa_supplicant -i wlan1 -c /etc/wpa_supplicant.conf


We should now have network LAYER 2 connected and wpa_supplicant(8) should be running in a background and wlan1 interface should have associated status.

# ps ax | grep wpa_supplicant
48693  4  S        0:00.43 wpa_supplicant -i wlan1 -c /etc/wpa_supplicant.conf
50687  4  S+       0:00.00 grep --color wpa_supplicant

# ifconfig wlan1
wlan1: flags=8843<up,broadcast,running,simplex,multicast> metric 0 mtu 1500
        ether 00:1d:43:21:2d:1c
        groups: wlan
        ssid wireless channel 7 (2442 MHz 11g ht/20) bssid d8:07:b6:b8:f4:81
        regdomain FCC country US authmode WPA2/802.11i privacy ON
        deftxkey UNDEF AES-CCM 2:128-bit txpower 30 bmiss 7 scanvalid 60
        protmode CTS ht20 ampdulimit 64k ampdudensity 4 shortgi -stbc -ldpc
        -uapsd wme roaming MANUAL
        parent interface: rtwn0
        media: IEEE 802.11 Wireless Ethernet MCS mode 11ng
        status: associated
        nd6 options=29<performnud,ifdisabled,auto_linklocal>


Lets add LAYER 3 with IP address using dhclient(8) command.

# dhclient wlan1
DHCPDISCOVER on wlan1 to port 67 interval 3
DHCPREQUEST on wlan1 to port 67
bound to -- renewal in 3600 seconds.

We just got the IP address.

One last step with DNS and we will test the connection with ping(8) command.

# echo nameserver > /etc/resolv.conf

# ping -c 3 freebsd.org
PING freebsd.org ( 56 data bytes
64 bytes from icmp_seq=0 ttl=50 time=119.870 ms
64 bytes from icmp_seq=1 ttl=50 time=119.371 ms
64 bytes from icmp_seq=2 ttl=50 time=119.128 ms

--- freebsd.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 119.128/119.456/119.870/0.309 ms


FreeBSD Benchmark

I next tested the performance of this simple single antenna Realtek chip using NFS large file transfer in thunar(1) file manager.


The results are not that bad but not great either.

The file copy from LAN server attached directly to WiFi router to my laptop was about 2.9 MB/s fast. I was 5 meters away from the router.

server  ==LAN==>  router  ==WiFi==>  laptop  @  2.9 MB/s

The file copy from laptop using WiFi to LAN server attached directly to WiFi router was about 2.6 MB/s fast. Still about 5 meters away from the router.

laptop  ==WiFi==>  router  ==LAN==>  server  @  2.6 MB/s

That is 23.2 Mbps and 20.8 Mbps respectively. Really far from theoretical single antenna 802.11n 150 Mbps transfer … its probably fault of the FreeBSD wireless stack.

I would say that its sufficient for Internet browsing but using local LAN resources over NFS can be painful.

On the contrary my Intel 6300 WiFi card does 5.5 MB/s on the laptop-to-router-to-server copy and 10.5 MB/s on the server-to-router-to-laptop road. That is 44 Mbps and 84 Mbps respectively instead of 450 Mbps theoretical maximum. Both the Intel 6300 and my router have 3×3 antennas.

Would love to see these number closer to 30 MB/s …

Raspberry Pi

One of the other benefit of the Realtek RTL8188CUS chip is that it works very well on small Raspberry Pi boxes. Personally I have tested it on the Raspberry Pi 2B and it worked like a charm.



This chip is also great when it comes to price. Products based on this chip are available everywhere. They are on EBAY. They are on ALIEXPRESS. And it costs as low as $2.50 in many cases.

Sometimes the delivery costs more then the product itself πŸ™‚


UPDATE 1 – Middle Ages

Reddit user Yaazkal user from Reddit just reminded me thatΒ  rtwn(4) driver on FreeBSD still does not support 802.11n protocol.

It’s still in the middle ages of 802.11g transfers.

FreeBSD Desktop – Part 13 – Configuration – Dzen2

Time for real configuration of the status bar. In today’s article of the FreeBSD Desktop series I will describe how to configure the Dzen2.

You may want to check other articles in the FreeBSD Desktop series on the FreeBSD Desktop – Global Page where you will find links to all episodes of the series along with table of contents for each episode’s contents.


The provided status bar backed by Dzen2 will be providing the following information.

  • date: Date in ISO 8601 format along with current time.
  • sys: CPU frequency, CPU temperature, system load and free RAM.
  • ip: List of current IP addresses and its interfaces.
  • gw: System default network gateway.
  • dns: System default DNS.
  • ping: Current Internet access state.
  • vol/pcm: Volume level for vol and pcm backends.
  • fs: ZFS pools free space.
  • bat: Battery and AC status.
  • top: Top 3 processes with highest CPU usage along with their RAM usage.

Here is how such Dzen2 looks like in action.



The Dzen2 offers feature that Conky or other status bar applications does not offer. I would call it refresh on demand. If you would like to implement refresh interval of 60 seconds for example (not so often) and also refresh that information everytime you ‘click’ on the status bar (or by other action) its possible to implement in Dzen2 using mkfifo(1) command.

Why anyone would want to implement such ‘strange’ refresh policy? To get more battery life mostly as You do not need this information to be refreshed every second and if You need up to date information then you will refresh it manually with a click on the status bar and have the needed information. The other reason is ‘focus’. If this status bar refreshes every second, then it ‘caches’ your attention, this may prevent you from focusing deep enough on the task you are currently doing. If you do something important that requires focus then You do not want status bar (or anything else) to distract you with useless at the moment information.

To achieve such configuration we would need three things. The dzen2-fifo.sh script that will start initial fifo on the ~/.dzen2-fifo file. The dzen2-update.sh to update the fifo and would be run from the crontab(1) every 60 seconds. A dzen2(1) action configured with left mouse button click to invoke dzen2-update.sh to update the fifo. All these scripts and scripts used directly by Dzen2 to gather needed information are available in the scripts-status-bar.tar.gz file.

To start Dzen2 at the X11 startup we will use script from the earlier ‘bulk’ already available – __openbox_restart_dzen2.sh – which kills all instances of Dzen2 and then starts the fifo backed Dzen2 with dzen2-fifo.sh script available in the scripts.tar.gz file.

Here is how its configured in the ~/.xinitrc (or ~/.xsession) file.

% grep dzen ~/.xinitrc                      
  ~/scripts/__openbox_restart_dzen2.sh &

Remember to put ‘&‘ at the end of the line.

Lets have a look how the ‘update’ is configured in the crontab(1) as shown below.

% crontab -l
  0 * * * * ~/scripts/dzen2-update.sh 1> ~/.dzen2-fifo                                        2> /dev/null

The scripts that Dzen2 uses to gather information are:


… and this one to ’emulate’ clicks to implement Openbox virtual desktops switching with [Scroll Up] and [Scroll Down] mouse events.


The dzen2-update.sh is kinda like Conky on terminal, it just puts all that information in text format with Dzen2 colors syntax as shown below.

% dzen2-update.sh
 ^fg(#aaaaaa)date: ^fg(#eeeeee)2018/07/05/Thu/10:11 ^fg(#dd0000)| ^fg(#aaaaaa)sys: ^fg(#eeeeee)800MHz/46.1C/0.83/4.5GB ^fg(#dd0000)| ^fg(#aaaaaa)ip: ^fg(#eeeeee)wlan0/wirelesssid/ ^fg(#dd0000)| ^fg(#aaaaaa)gw: ^fg(#eeeeee) ^fg(#dd0000)| ^fg(#aaaaaa)dns: ^fg(#eeeeee) ^fg(#dd0000)| ^fg(#aaaaaa)ping: ^fg(#eeeeee)^fg(#dd2200)NOPE ^fg(#dd0000)| ^fg(#aaaaaa)vol/pcm: ^fg(#eeeeee)100/100 ^fg(#dd0000)| ^fg(#aaaaaa)fs: ^fg(#eeeeee)local/69.2G sys/3.27G ^fg(#dd0000)| ^fg(#aaaaaa)bat: ^fg(#eeeeee)AC/^fg(#ffffff)90% ^fg(#dd0000)| ^fg(#aaaaaa)top: ^fg(#eeeeee)firefox/15%/0.6GB firefox/13%/0.3GB firefox/11%/0.4GB 


To make most scripts work Your user (vuk in the series) needs to be in the wheel, operator and network groups and doas(1) (sudo(8) equivalent) needs to be installed and configured in the following way.

# pkg install doas

# pw groupmod wheel    -m vuk
# pw groupmod operator -m vuk
# pw groupmod network  -m vuk

# cat /usr/local/etc/doas.conf
permit nopass :wheel as root

permit nopass :network as root cmd ifconfig
permit nopass :network as root cmd dhclient
permit nopass :network as root cmd umount
permit nopass :network as root cmd wpa_supplicant
permit nopass :network as root cmd ppp
permit nopass :network as root cmd killall args -9 dhclient
permit nopass :network as root cmd killall args -9 wpa_supplicant
permit nopass :network as root cmd killall args -9 ppp
permit nopass :network as root cmd cat args /etc/ppp/ppp.conf
permit nopass :network as root cmd /etc/rc.d/netif args onerestart
permit nopass :network as root cmd tee args /etc/resolv.conf
permit nopass :network as root cmd tee args -a /etc/resolv.conf


In this post I attach scripts related to Dzen2. Download them all in the scripts-status-bar.tar.gz file and unpack them into the ~/scripts directory.

Here are these scripts.

% tar -tf scripts-status-bar.tar.gz

Make sure they remain executable.

% chmod +x ~/scripts/*

To make them work properly add ~/scripts into the ${PATH} variable at the beginning of the ~/.xinitrc file.

  export PATH=${PATH}:~/scripts

All of my scripts have this ‘mysterious’ line at the end. Its for statistics to check which scripts are run when (or it at all to which ones to delete).

echo '1' >> ~/scripts/stats/$( basename ${0} )

Thus it is needed to create the ‘stats’ directory.

% mkdir -p ~/scripts/stats

I have implemented that about two months ago and here are the results.

% wc -l ~/scripts/stats/* | sort -n
       1 /home/vermaden/scripts/stats/__openbox_show_screenshot.sh
       2 /home/vermaden/scripts/stats/__openbox_cpufreq.sh
       2 /home/vermaden/scripts/stats/__openbox_current_wallpaper.sh
       2 /home/vermaden/scripts/stats/__openbox_fullscreen.sh
       4 /home/vermaden/scripts/stats/__openbox_restart_dzen2.sh
       4 /home/vermaden/scripts/stats/dzen2-fifo.sh
       5 /home/vermaden/scripts/stats/__openbox_dmenu.sh
       5 /home/vermaden/scripts/stats/__openbox_restart_conky.sh
       5 /home/vermaden/scripts/stats/__openbox_restart_tint2.sh
       6 /home/vermaden/scripts/stats/__openbox_delete_wallpaper.sh
       7 /home/vermaden/scripts/stats/__openbox_freebsd_sound.sh
       8 /home/vermaden/scripts/stats/aero-snap.sh
      12 /home/vermaden/scripts/stats/__openbox_edit_screenshot.sh
      16 /home/vermaden/scripts/stats/__openbox_lock_zzz.sh
      16 /home/vermaden/scripts/stats/__openbox_lock.sh
      22 /home/vermaden/scripts/stats/shot.sh
      24 /home/vermaden/scripts/stats/network.sh
     214 /home/vermaden/scripts/stats/xterm.sh
     960 /home/vermaden/scripts/stats/random_wallpaper.sh
    2767 /home/vermaden/scripts/stats/desktop-battery-warning.sh
   13834 /home/vermaden/scripts/stats/desktop-kill-shit.sh
   17916 total

Of course I limited the output only to scripts that are available in this article, but be patient, more to come later πŸ™‚


To make these scripts work and generally to make all this setup work we will need these dependencies.

  • dzen2
  • xdotool
  • wmctrl

To install them all with pkg(8) just type this line below.

# pkg install dzen2 xdotool wmctrl


After adding Dzen2 to crontab(1) and keeping the earlier entries the complete crontab(1) would look like that.

% crontab -l
  *     *     * * * ~/scripts/desktop-kill-shit.sh                                       1> /dev/null 2> /dev/null
  */5   *     * * * ~/scripts/desktop-battery-warning.sh
  */20  *     * * * ~/scripts/random_wallpaper.sh ~/gfx/wallpapers                       1> /dev/null 2> /dev/null
  12,0  *     * * * /usr/bin/find ~/.cache -mtime +10 -delete                            1> /dev/null 2> /dev/null
  0     */3   * * * /usr/bin/find ~/.local/share/Trash/files -mtime +1 -delete           1> /dev/null 2> /dev/null

  0     *     * * * ~/scripts/dzen2-update.sh 1> ~/.dzen2-fifo                                        2> /dev/null


This Dzen2 configuration implements five ‘mouse actions’ or shortcuts available on the status bar.

  • [Scroll Up] – switch next virtual desktop.
  • [Scroll Down] – switch previous virtual desktop.
  • [Right Click] – show Openbox root menu.
  • [Middle Click] – show Openbox window menu.
  • [Left Click] – update Dzen2 Status Bar with dzen2-update.sh invoke.

Hope I haven’t forgot anything, feel free to ask or remind me πŸ˜‰


FreeBSD Desktop – Part 2 – Install

This is the second post in the FreeBSD Desktop series.

You may want to check other articles in the FreeBSD Desktop series on the FreeBSD Desktop – Global Page where you will find links to all episodes of the series along with table of contents for each episode’s contents.

How about actually installing FreeBSD? On a real hardware? You may first want to mess with the FreeBSD installer in a virtualized hardware (Bhyve/KVM/XEN/Virtualbox/…) so You will gain some confidence. In these posts series we will create a complete step by step FreeBSD desktop installation on USB 2.0 pendrive. 8 GB size or more is required. This way You will not have to ‘touch’ you installed system and as You gain confidence in FreeBSD You may want to switch to it if it suits your needs better then the currently installed system on your hardware. This way You can also try it on various computers without the need of (re)install or You may use it as You ‘go/mobile’ system on a stick.

For the series I will use one of the best laptops ever made – Lenovo ThinkPad X220 – shown below.


Its a 2011 12.5″ screen laptop with best keyboard layout on the world. As the series will progress I will also show the differences to other laptop – Lenovo ThinkPad T420s – another great machine. Besides being one of the best laptops ever made they also today have another advantage – they are dirt cheap. You can get any of them in a really good condition for about $150-180.


First we need to setup our machine, I mean the BIOS settings in the laptop. We will disable unused (Express Card/Bluetooth/Camera/Fingerprint Reader/…) and unwanted options (Intel AMT/Security Chip/UEFI/…). Below are screens with these settings.



















The install is very similar to the HardenedBSD install made in earlier post – Introduction to HardenedBSD World.

You will need:
* 8GB or larger USB pendrive for the installation (or install directly to hard disk)
* 1GB or larger USB pendrive or 700MB CD-R(W) disk for the FreeBSD installer to boot/install from

Besides all Lenovo ThinkPad XY20 (X220/T420/T420s/T520/W520) laptops being one of the best ever made they have one amusing problem – the broken GPT boot πŸ™‚ The installer – on these Lenovo laptops – will ask You if You want to apply that fix – answer ‘yes’ there. Later in the setup process this option is called GPT + Lenovo Fix (BIOS) as a Partition Scheme option. You can read more about GPT issue on this FreeBSD Mailing Lists post – using GPT / EFI booting on Lenovo BIOSeshttps://lists.freebsd.org/pipermail/freebsd-i386/2013-March/010437.html.

One more thing to mention, this GPT BUG is present only when You want to boot FreeBSD from GPT partition in BIOS/Legacy mode. If You make UEFI install (which we will do in one of the next articles in the series) this problem is not present and FreeBSD boots properly on Lenovo ThinkPad X220 (and other from XY20 series) from GPT partition in UEFI mode.

Now the install process. First You need the FreeBSD 11.1-RELEASE install image, download it from here – FreeBSD-11.1-RELEASE-amd64-memstick.imghttp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-memstick.img.

To put the image on the pendrive we will use the dd(1) tool available on almost any Mac OS X (macOS) and Linux system – You can read more about that command on following Wikipedia article on dd command.

For Windows You will have to download it from here – dd for windowshttp://www.chrysocome.net/dd.

On FreeBSD such command will look like that:

# dd if=FreeBSD-11.1-RELEASE-amd64-memstick.img of=/dev/da1

… but for performance reasons its better to add bs=1m (bs=1M on Linux/Windows) to the command.

# dd if=FreeBSD-11.1-RELEASE-amd64-memstick.img of=/dev/da1 bs=1m

Alternatively You may want to burn the ISO image to the CD-R(W) disc and boot from it instead of USB pendrive, in such case here is the ISO image link – FreeBSD-11.1-RELEASE-amd64-disc1.isohttp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-disc1.iso

Now to install. Attach the USB pendrive or CD disc with FreeBSD installer and boot from it, on most laptops You may show the temporary boot list selection with [F11] or [F12] key.

After You have booted to the screen below with Welcome message, leave the ‘focus’ on the Install button and attach the 8GB or larger USB pendrive for installation.


You will see kernel buffer messages messing the screen and showing that new drive has been attached, but as the ‘focus’ is still on the Install button so just hit [ENTER] key and proceed with the installation process as shown on the images below.

You can select your desired keyboard layout, it can also be changed later, your choice.


When we have a new machine there is always a problem with new name for it. The RFC 1178 Choosing a Name for Your Computer from 1990 year tries to address that issue – https://tools.ietf.org/html/rfc1178. For machine hostname we will use Slavic word for the wind which would be vetru – in normalized form – as original as You can imagine is not in ASCII compatible – Π²Ρ£Ρ‚Ρ€ΡŠ (vΔ›trΕ­) πŸ™‚


We do not need any additional components, with all deselected as shown below only the (not shown) base and kernel will be installed.


We will use ZFS because we want to use Boot Environments with sysutils/beadm port.


Hit [ENTER] on the Pool Type/Disks to select target disk to install FreeBSD on.


As we will be using only single disk without redundancy select stripe here.


This may vary, select the pendrive (or disk) that You want to install FreeBSD on.


We will set SWAP size to ‘0‘ (no SWAP) as it will not be needed. If we will need SWAP in the future, then we will create ZVOL on ZFS and use it as a SWAP device.



As we are installing it on a Lenovo ThnikPad X220 with GPT BUG then we need to select GPT + Lenovo FIX (BIOS) here.


Now move ‘focus’ to Install and hit [ENTER] to proceed with installation.


This is the last chance to not overwrite your precious data.


Then You will see the install progress.


Fill in your root user password.


Select any interface here as we will not be making any configuration here.


Leave the interface unconfigured for now, we will take care about that later.



Now we will configure the time zone, I have configured Europe/Poland as shown below.



Now you may correct the date and time.



Select services as shown below.


Enable all security hardening features as shown below.


We want to create new ‘regular’ user so answer Yes here.


For the username we will use Slavic word for wolf which is Vuk.



Our job is done here, hit [ENTER] key with ‘focus’ on Exit name,


Installer will ask You if You want to modify the installed system before rebooting into it. We do not have any needs now so hit [ENTER] key on No option.


As we finished hit [ENTER] on Reboot button.



After the boot process of the newly installed FreeBSD 11.1-RELEASE USB pendrive You will see an image similar to below one.



What to do next? Lets make some basic network connectivity. Later in the FreeBSD Desktop series we will switch to network.sh for networking – FreeBSD Network Management with network.sh Script but now lets see how its done the raw way. If You will have attached LAN cable and your interface is em0 (check ifconfig(8) command output) then dhclient em0 command should grant You the working connection to the Internet – assuming that You have DHCP server on that network. Here are the commands.

# ifconfig em0 up

# dhclient em0
DHCPREQUEST on em0 to port 67
bound to -- renewal in 2147483647 seconds.

To test the network connectivity use the ping(8) command.

# ping -c 3 freebsd.org
PING freebsd.org ( 56 data bytes
64 bytes from icmp_seq=0 ttl=52 time=242.421 ms
64 bytes from icmp_seq=1 ttl=52 time=234.535 ms
64 bytes from icmp_seq=2 ttl=52 time=245.120 ms

--- freebsd.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 234.535/240.692/245.120/4.491 ms

Also check LAN network chapter in the FreeBSD Handbookhttps://freebsd.org/handbook/config-network-setup.html

If You would like to connect to the World with wireless connection then here are the needed commands.

First lets check what wireless card You have.

# sysctl net.wlan.devices
net.wlan.devices: iwn0

We will now create wlan(4) virtual device on top of our iwn0 device and bring it up.

# ifconfig wlan0 create wlandev iwn0

# ifconfig wlan0 up

We can scan for existing nearby WiFi access points if needed.

# ifconfig wlan0 scan
SSID/MESH ID    BSSID              CHAN RATE    S:N     INT CAPS
xxxxxxx         xx:xx:xx:xx:xx:xx    7   54M  -85:-95   100 EPS  HTCAP RSN WME BSSLOAD WPS
WIFI-NETWOR...  xx:xx:xx:xx:xx:xx    8   54M  -71:-95   100 EPS  HTCAP APCHANREP WME ATH RSN WPA
xxxxxxx         xx:xx:xx:xx:xx:xx    1   54M  -90:-95   100 EPS  RSN HTCAP WME ATH WPS
xxxxxxx         xx:xx:xx:xx:xx:xx    1   54M  -90:-95   100 EP   RSN WME WPS

In case the name of the network does not fit into the first column, then use -v flag for verbose (and wider) output.

# ifconfig -v wlan0 scan

Now we need to add the desired WiFi network to the /etc/wpa_supplicant.conf file as shown below.

# cat > /etc/wpa_supplicant.conf << __EOF

The You may connect to it using the wpa_supplicant(8) daemon. We will connect to the WiFi hot spot, and as the message ‘CTRL-EVENT-CONNECTED‘ will be displayed we hit the [CTRL]+[Z] key combination to put the process into suspended state (SIGTSTP signal). Then we type the bg(1) command to put it back into running state, but in the background (SIGCONT signal) so we can continue to type next commands.

# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf
Successfully initialized wpa_supplicant
wlan0: Trying to associate with xx:xx:xx:xx:xx:xx (SSID='WIFI-NETWORK-NAME' freq=2447 MHz)
wlan0: Associated with xx:xx:xx:xx:xx:xx
wlan0: WPA: Key negotiation completed with xx:xx:xx:xx:xx:xx [PTK=CCMP GTK=TKIP]
wlan0: CTRL-EVENT-CONNECTED - Connection to xx:xx:xx:xx:xx:xx completed [id=17 id_str=]
[1]  + Suspended  sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf
# bg
[1]    sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf &

Now we will request for the IP address from the access point DHCP server.

# dhclient wlan0
DHCPREQUEST on wlan0 to port 67
bound to -- renewal in 2147483647 seconds.

To test the network connectivity use the ping(8) command.

# ping -c 3 freebsd.org
PING freebsd.org ( 56 data bytes
64 bytes from icmp_seq=0 ttl=52 time=242.421 ms
64 bytes from icmp_seq=1 ttl=52 time=234.535 ms
64 bytes from icmp_seq=2 ttl=52 time=245.120 ms

--- freebsd.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 234.535/240.692/245.120/4.491 ms

Also check WLAN chapter in the FreeBSD Handbookhttps://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html


In case You want to learn more about FreeBSD the FreeBSD Handbook and FreeBSD FAQ are good place to start.


In case the installer would not made its job properly You can make the fix by yourself, you just need a FreeBSD system for it (You already have it on the USB pendrive or CD disk). Boot into the first question and move the ‘focus’ to the Live CD button on the right but do not hit the [ENTER] yet. Now, attach the USB pendrive with FreeBSD installed. Screen will be flooded with kernel buffer about attaching new da device, note the da device number (for example da1) and now hit [ENTER] key.

You will be welcomed with login: prompt, type root and hit [ENTER] (no password is required).

Remember the kernel buffer messages screen earlier? They started with the device name (like da0 or da1), we will use that device name to apply the fix. I will assume its da0. First, lets dump partition table to FDISK file.

# fdisk -p /dev/da0 > FDISK

# cat FDISK
# /dev/da0
g c1886 h255 s63
p 1 0xee 63 30298527

Now we need to make the fix, after the 'p 1 (...)' line add 'a 1' an below that line copy the line that starts with 'p 1 (...)' and name it 'p 2 (...)'. Now in the ‘first’ line with 'p 1 (...)' change the 0xee into 0x00. Final result is shown below.

# vi FDISK
# /dev/da0
g c1886 h255 s63
p 1 0x00 63 30298527
a 1
p 2 0xee 63 30298527

After writing the file, apply this new partition table into the da0 device with fdisk(8) command.

# fdisk -f FDISK /dev/da0

Verify that fix is applied.

# fdisk -p /dev/da0
# /dev/da0
g c1886 h255 s63
p 2 0xee 63 30298527

Indeed it is. Now You have Lenovo GPT fix applied. Important to mention that this ‘fix’ does not break the USB pendrive for computers that do not have GPT problem, so with GPT FIX applied you may use it on computers other then Lenovo.


In case You may want to start after the installation I have uploaded the installed image here – http://www.mediafire.com/file/ywcnw99ghqezd6u/usb-freebsd-11.1-lenovo.raw.xz – keep in mind that its compressed by xz(1) so in order to apply it to USB pendrive You must first unpack it. You may do that on the fly with following command assuming that we will be writing that image to da1 device:

# xz -c -d usb-freebsd-11.1-lenovo.raw.xz | dd > /dev/da1 bs=1m

For the record, this image contains the Lenovo GPT FIX. The passwords are set to ‘asd‘ for convenience.

Enough for one post πŸ˜‰

UPDATE 1 – Lenovo GPT Fix with gpart(8)

Initially I described how to apply a fix for broken Lenovo GPT bug with fdisk(8) tool. This is very tricky and error prone but there is a lot easier way to make the same fix. Its made with other FreeBSD tool called gpart(8) and its one line only.

# gpart set -a lenovofix /dev/ada0
lenovofix set on ada0

Done. No longer the need to dance with fdisk(8) tool.


FreeBSD Network Management with network.sh Script

When You use only one connection on FreeBSD, then the best practice is to just put its whole configuration into the /etc/rc.conf file, for example typical server redundant connection would look like that one below.

ifconfig_igb0="-lro -tso -vlanhwtag mtu 9000 up"
ifconfig_igb1="-lro -tso -vlanhwtag mtu 9000 up"
ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up"

If You must use more then one connection and You often switch between them, sometimes several times a day, then using the main FreeBSD’s config file is not the most convenient way for such operations.

For laptops where You often switch between WWAN (usually 3G connection) and WLAN (typical WiFi connection) and even LAN cable.

You can of course use graphical NetworkMgr from GhostBSD project which is described as “Python GTK3 network manager for FreeBSD, GhostBSD, TrueOS and DragonFlyBSD. NetworkMgr support both netif and OpenRC network” citing the project site – https://github.com/GhostBSD/networkmgr – it is also available in FreeBSD Ports and as package – net-mgmt/networkmgr.


What I miss in NetworkMgr is the WWAN connection management, DNS management, optional random MAC generation and network shares unmount at disconnect from network. With my solution – network.sh – you still need to edit /etc/wpa_supplicant.conf and /etc/ppp/ppp.conf files by hand so it’s also not a perfect solution for typical desktop usage, but you do not edit these files every day.

As I use WWAN, WLAN and LAN connections on my laptop depends on the location I wrote a script to automate this connection management in a deterministic and convenient way, at least for me.

It can also set DNS to some safe/nologging providers or even a random safe DNS and generate legitimate MAC address for both LAN and WLAN if needed, even with real OUI first three octets if You also have additional network.sh.oui.txt file with them inside.

Here is the network.sh script help message.

% network.sh help 
  network.sh TYPE [OPTIONS]



  network.sh lan start
  network.sh lan start IP.IP.IP.IP/MASK
  network.sh lan start IP.IP.IP.IP/MASK GW.GW.GW.GW
  network.sh lan restart
  network.sh wlan start
  network.sh wlan start HOME-NETWORK-SSID
  network.sh wwan example
  network.sh dns onic
  network.sh dns udns
  network.sh dns nextdns
  network.sh dns cloudflare
  network.sh dns ibm
  network.sh dns random
  network.sh dns IP.IP.IP.IP
  network.sh doas
  network.sh sudo
  network.sh status

If You run network.sh with appreciate arguments to start network connection it will display on the screen what commands it would run to achieve that. It also makes use of sudo(8) or doas(1) assuming that You are in the network group. To add yourself into the network group type this command below.

# pw groupmod network -m yourself

The network.sh doas command will print what rights it needs to work without root privileges, same for network.sh sudo command, an example below.

% network.sh doas
  # pw groupmod network -m YOURUSERNAME
  # cat /usr/local/etc/doas.conf
  permit nopass :network as root cmd /etc/rc.d/netif args onerestart
  permit nopass :network as root cmd /usr/sbin/service args squid onerestart
  permit nopass :network as root cmd dhclient
  permit nopass :network as root cmd ifconfig
  permit nopass :network as root cmd killall args -9 dhclient
  permit nopass :network as root cmd killall args -9 ppp
  permit nopass :network as root cmd killall args -9 wpa_supplicant
  permit nopass :network as root cmd ppp
  permit nopass :network as root cmd route
  permit nopass :network as root cmd tee args -a /etc/resolv.conf
  permit nopass :network as root cmd tee args /etc/resolv.conf
  permit nopass :network as root cmd umount
  permit nopass :network as root cmd wpa_supplicant

The network.sh script does not edit /usr/local/etc/doas.conf or /usr/local/etc/sudoers files, You have to put these lines there by yourself. An example doas setup for network.sh script is below.

# pkg install -y doas

# cat >> /usr/local/etc/doas.conf << __EOF
permit nopass :network as root cmd /etc/rc.d/netif args onerestart
permit nopass :network as root cmd /usr/sbin/service args squid onerestart
permit nopass :network as root cmd dhclient
permit nopass :network as root cmd ifconfig
permit nopass :network as root cmd killall args -9 dhclient
permit nopass :network as root cmd killall args -9 ppp
permit nopass :network as root cmd killall args -9 wpa_supplicant
permit nopass :network as root cmd ppp
permit nopass :network as root cmd route
permit nopass :network as root cmd tee args -a /etc/resolv.conf
permit nopass :network as root cmd tee args /etc/resolv.conf
permit nopass :network as root cmd umount
permit nopass :network as root cmd wpa_supplicant

# pw groupmod network -m yourself

The network.sh script upon disconnect would also forcefully unmount all network shares.

The idea is that it does only one connection type at a time, When You type network.sh lan start and then type network.sh wlan start, then it will reset entire FreeBSD network stack to defaults (to settings that are in /etc/rc.conf file) and then connect to WiFi in a ‘clean network environment’ as I could say. As I use 3 different methods of connecting to various networks I do not have any network settings in the /etc/rc.conf file, but You may prefer for example to have DHCP for local LAN enabled if that is more convenient for You.

The settings are on the beginning of the network.sh script, You should modify them to your needs and hardware that You own.


You can specify other NETFS filesystems that You want to forcefully unmount during network stop or set different physical WLAN adapter (WLAN_PH option), like ath0 for Atheros chips. similar for LAN interface which also defaults to Intel based network card with em0 driver (LAN_IF option).

If you want to disable random MAC address for LAN with LAN_RANDOM_MAC=0 and enable generation of random MAC address for WiFi networks with WLAN_RANDOM_MAC=1 option.

You should also decide if You want to use sudo (SUDO option) or doas (DOAS option).

Here is network.sh script.

Here is example of all network connections stop.

% network.sh stop
doas killall -9 wpa_supplicant
doas killall -9 ppp
doas killall -9 dhclient
doas ifconfig wlan0 destroy
doas ifconfig em0 down
echo | doas tee /etc/resolv.conf
doas /etc/rc.d/netif onerestart

Here is example of WLAN (or should I say WiFi) network connection start.

% network.sh wlan start
doas killall -9 wpa_supplicant
doas killall -9 ppp
doas killall -9 dhclient
doas ifconfig em0 down
doas ifconfig wlan0 down
echo | doas tee /etc/resolv.conf
doas /etc/rc.d/netif restart
doas ifconfig wlan0 up
doas ifconfig wlan0 scan
doas ifconfig wlan0 ssid -
doas wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf -s -B
doas dhclient -q wlan0
echo | doas tee /etc/resolv.conf
echo 'nameserver' | doas tee -a /etc/resolv.conf
doas ifconfig wlan0 powersave

Here is example od DNS change.

% network.sh dns ibm
echo | doas tee /etc/resolv.conf
echo 'nameserver' | doas tee -a /etc/resolv.conf

If You have any problems with the network.sh script then let me know, I will try to fix them ASAP.

If You are more into OpenBSD then FreeBSD then Vincent Delft wrote nmctlNetwork Manager Control tool for OpenBSD – available here – http://vincentdelft.be/post/post_20171023.

Ther is also another OpenBSD project by Aaron Poffenberger for network management – netctl – cli network-location manager for OpenBSD – available here – https://github.com/akpoff/netctl.

UPDATE 1 – Connect to Open/Unsecured WiFi Network

Recently when I was attending the Salt workshop during NLUUG Autumn Conference 2018 at Utrecht, Nederlands I wanted to connect to open unsecured WiFi network called 'Utrecht Hotel'. My phone of course attached to it instantly but on the other hand FreeBSD was not able to connect to it. As it turns out if you want to enable wpa_supplicant(8) to connect to open unsecured network a separate /etc/wpa_supplicant.conf option is needed (on option for all open unsecured
networks – no need to create such rule for each open/unsecured network).

Its these lines in the /etc/wpa_supplicant.conf file:

% grep -C 2 key_mgmt=NONE /etc/wpa_supplicant.conf


I also modified the network.sh to contain that information in the examples section and also made little fix to always reset the previously set/forced SSID during earlier usage.

# ifconfig wlan0 ssid -

Now the network.sh should be even more pleasant to use.

UPDATE 2 – Openbox Integration

In on of the FreeBSD Desktop series articles I described how to setup Openbox window manager – FreeBSD Desktop – Part 12 – Configuration – Openbox – available here.

Below is an example of integration of that network.sh script with Openbox window manager.


… and here is the code used in the ~/.config/openbox/menu.xml file.


UPDATE 3 – Updated Status Page

I have jest added reworked status page to the network.sh script.

Its already updated in the GitHub ‘network’ repository:

Here is how it looks.


UPDATE 4 – Major Rework

After using network.sh script for a while I saw some needed changes. Time has come and I finally made them. I also find a problem when already about creating wlan0 virtual device from physical device (like iwn0).

When you start network.sh script for the first time and wlan0 is not yet created then the problem does not exists but when wlan0 already exists then network.sh waited for whopping 22 seconds on this single command. Now network.sh checks if the wlan0 device already exists which allows now WiFi connection in less then 3 seconds.


#DOAS# permit nopass :network as root cmd ifconfig
#SUDO# %network ALL = NOPASSWD: /sbin/ifconfig *
${CMD} ifconfig ${WLAN_IF} create wlandev ${WLAN_PH} 2> /dev/null
echo ${CMD} ifconfig ${WLAN_IF} create wlandev ${WLAN_PH}


if ! ifconfig ${WLAN_IF} 1> /dev/null 2> /dev/null
  #DOAS# permit nopass :network as root cmd ifconfig
  #SUDO# %network ALL = NOPASSWD: /sbin/ifconfig *
  ${CMD} ifconfig ${WLAN_IF} create wlandev ${WLAN_PH} 2> /dev/null
  echo ${CMD} ifconfig ${WLAN_IF} create wlandev ${WLAN_PH}

I used gnomon to benchmark the script execution.

Here is its simple installation process.

# pkg install -y npm
# npm install -g gnomon

Here is how it performed before the optiomization. About 25 seconds.


And here is how it performs now. About 3 seconds.


At first I suspected the /etc/rc.d/netif FreeBSD startup script but the real enemy was the tart ifconfig wlan0 create wlandev iwn0 command.

I also made it more verbose to better know where the time is wasted.


Its now possible to set static IP and gateway in LAN mode and static IP in DNS mode.


The complete summary of changes and improvements is here:

  • Static IP address and gateway on LAN now possible.
  • Specify DNS by IP address.
  • Simplified __random_mac() function.
  • Fixed __wlan_wait_associated() function.
  • Removed unneded call for “create wlandev” in WLAN mode.
  • Other minor fixes.
  • WiFi (re)connection now possible under 3 seconds instead of 25+ seconds.

I also created a dedicated GitHub repository for network.sh script.