home
nix
Nix
Nixpkgs
1. derivations
NixOS
Flakes
Packages
pkgs
applications
1. audio
2. 1. cmus
3. display-managers
4. 1. sddm
5. editors
6. 1. neovim
7. emulators
8. 1. wine
9. file-managers
10. 1. ranger
11. misc
12. 1. mupdf
  2. redshift
  3. sioyek
  4. zathura
13. networking
14. 1. mailreaders
  2. 1. neomutt
15. terminal-emulators
16. 1. alacritty
17. version-management
18. 1. git
  2. git-credential-manager
19. window-managers
20. 1. i3
  2. picom
data
1. fonts
2. 1. ipafont
development
1. libraries
2. 1. fontconfig
  2. pipewire
misc
1. screensavers
2. 1. xss-lock
os-specific
1. linux
2. 1. alsa-project
  2. bluez
  3. iwd
  4. plymouth
  5. tuxedo-keyboard
servers
1. x11
2. 1. xorg
3. pulseaudio
shells
1. fish
tools
1. audio
2. 1. playerctl
3. inputmethods
4. 1. ibus
  2. ibus-engines
  3. 1. ibus-mozc
5. misc
6. 1. android-tools
  2. clipster
  3. grub
  4. plocate
  5. qmk
  6. tmux
  7. yubikey-manager
7. networking
8. 1. dhcp
  2. dhcpcd
  3. globalprotect-openconnect
  4. ifplugd
  5. mullvad
  6. openconnect
  7. openresolv
  8. unbound
9. package-management
10. 1. conda
  2. micromamba
  3. nix
  4. pacman
11. security
12. 1. browerpass
  2. gnupg
  3. pass
  4. 1. extensions
    2. 1. pass-otp
13. typesetting
14. 1. tex
  2. 1. texlive
  3. tectonic
misc
pace
far
arch
Arch Linux
install
post-install
1. audio
2. clipboard
3. gpu
4. internet
5. input
6. screen capture
7. security

dhcp (dhclient)

install dhclient (n.b. deprecated)

pacman -S dhclient

start system service

systemctl enable dhclient@eno1.service
systemctl start  dhclient@eno1.service

dhclient overwrites /etc/resolv.conf which is a problem if using vpn, etc.
see arch forum - dhclient overwrites resolv.conf even when resolvconf is installed
I can't get this to work, resolvconf processes it in the wrong order
this could be fixed by hardcoding or just ignoring DNS altogether (I get my DNS server from mullvad or 1.1.1.1 anyways)
patch from arch forum in /etc/dhclient-enter-hooks

	# if [ -f /etc/resolv.conf ]; then
	#     chown --reference=/etc/resolv.conf $new_resolv_conf
	#     chmod --reference=/etc/resolv.conf $new_resolv_conf
	# fi
	# mv -f $new_resolv_conf /etc/resolv.conf

        # use resolvconf
        cat $new_resolv_conf | /usr/bin/resolvconf -a $interface
        rm $new_resolv_conf

use unbound to prevent DNS servers being in the wrong order

operation not permitted

error journalctl -u dhclient@eno1.service

Jun 11 16:22:03 neko dhclient[687]: send_packet: Operation not permitted
Jun 11 16:22:03 neko dhclient[687]: dhclient.c:2996: Failed to send 300 byte long packet over fallback interface.

see linuxquestions - dhcpd complains "Failed to send 300 byte long packet over fallback interface."
when it works check tcpdump output (pacman -S tcpdump)

sudo tcpdump > out.txt

note that bootps is usually port 67 and bootpc is usually port 68

02:58:43.767759 IP neko.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b0:25:aa:44:bd:c2 (oui Unknown), length 300
02:58:43.770219 ARP, Request who-has res388d-128-61-95-198.res.gatech.edu (Broadcast) tell _gateway, length 46
02:58:43.773852 IP _gateway.bootps > neko.bootpc: BOOTP/DHCP, Reply, length 300
02:58:43.774738 IP _gateway.bootps > neko.bootpc: BOOTP/DHCP, Reply, length 300

firewall issue, try using built-in kernel packet filter, front end iptables
arch wiki - iptables
arch wiki - ebtables
arch wiki - nftables
open bootps and bootpc ports for DHCP

iptables -A OUTPUT -p udp --sport 1024:65535 --dport 67 -j ACCEPT
iptables -A OUTPUT -p udp --sport 68 --dport 67 -j ACCEPT

iptables -A INPUT -p udp --sport 1024:65535 --dport 68 -j ACCEPT
iptables -A INPUT -p udp --sport 67 --dport 68 -j ACCEPT

list

ebtables-nft --list

to undo run

iptables -F
ebtables-nft -F

firewall created by mullvad
solution: use split tunnel to exclude dhclient from the vpn, see mullvad - How to use the Mullvad CLI
edit /etc/dhclient-exit-hooks

# exclude dhclient from vpn, also from firewall
mullvad split-tunnel pid add "$(pgrep --oldest dhclient)"