NLJO(8) - System Manager's Manual


nljo - manage wifi network configurations


/etc/nljo [-fnoVv] [-i interface [-i interface ...]] [nwid [wpakey]]


The nljo command saves wifi network identifiers credentials and uses them to connect to available networks. It writes network credentials in hostname.if(5) format either to standard output or to files in hostname.*.d directories, and it activates a particular set of credentials by creating a symbolic link from the hostname.*‌ file to the hostname.*.d that contains the credentials.


Do not ask for confirmation before overwriting or deleting hostname.*.d files.

-i interface

Append the specified interface to the list of interfaces. If no -i flags are passed, use all wlan interfaces.


Do not scan for networks with ifconfig(8) nor load configurations with netstart(8).


Instead of following the procedure below, only format a hostname.if(5) file for the provided wifi credentials and write the file to standard output. Note that all other flags are meaningless if -o is set.


Print verbose output to standard error.


Print the version number and exit.

nljo ordinarily chooses network interfaces, writes configurations, and then enables configurations. An alternative procedure is used if -o is passed. See -o above for explanation of the alternative procedure, and read below for the ordinary procedure.

The first step is to choose which interfaces to use. If any -i flags were set, nljo uses the interfaces specified in the -i flags. If no -i flags were set, nljo uses all wlan interfaces.

Second, if you provided a nwid and, optionally wpakey, nljo formats a hostname.if(5) file with these credentials and saves it to files, one file per interface. With each particular chosen interface, nljo checks for the existance of a hostname.*.d file referencing the particular nwid.

We have not needed network access so far. nljo can be called with -n to indicate that no commands requiring network access should be run; if nljo gets this far and was called with -n, then it exits now as the rest of the procedure requires accessing the network.

The third and last step is to try to connect to wireless networks. With each of the specified interfaces, nljo scans for wireless networks with ifconfig(8) and looks for a configuration file in /etc/hostname.${interface}.d that references an nwid that the scan returned. If it found a match, nljo makes a symbolic link from /etc/hostname.${interface} to the configuration file and then calls netstart(8) on the interface.


If you want to connect to a particular wifi network in the room that you are in, I suggest using nljo without flags. That is, run this command to connect to "PublicWifiNetwork" with no password,

$ nljo PublicWifiNetwork

and run this command to connect to "PrivateWifiNetwork" with password "SecretPassword".

$ nljo PrivateWifiNetwork SecretPassword

Either of the above commands will check for configurations saved for each of the different wlan interfaces, write the configuration if it does not exist, and then call netstart(8).

If you pass -o, the resulting interface configuration is printed to standard output, and nothing else happens.

$ nljo -o PrivateWifiNetwork SecretPassword
nwid "PrivateWifiNetwork"
wpakey "SecretPassword"
$ nljo -o PublicWifiNetwork
nwid "PublicWifiNetwork"


Here are some suggestions on configuring other aspects of your operating system to run nljo conveniently.

The startup script rc(8) runs netstart(8) to configure network interfaces, using any configurations that are set in /etc/hostname.*‌ files. The access points in these files may not match those that are presently available. To ensure that wireless networks are scanned on startup, you can add something like this to your rc.local(8)

nljo -i iwm0

To save time, you can also add something like this to your rc.shutdown(8), where "iwm0" is your wireless network interface:

rm -f /etc/hostname.iwm0

netstart(8) requires root privileges, and this can be inconvenient on a computer that you carry around. For configuration on such computers, you might give other users permission to configure the wireless networks. I recommend accomplishing this by providing doas(1) permission to the users of interest for running any nljo command. Add something like the following line to /etc/doas.conf,

permit nopass tlevine cmd nljo

where "tlevine" is the name of your user account. Then, when you want to configure the wifi, prefix any nljo calls with "doas ". Here are some examples.

$ doas nljo PrivateWifiNetwork SecretPassword

$ doas nljo

You could limit the commands more. For example, this /etc/doas.conf line allows tlevine only to connecting to access points through iwm0; it does not allow tlevine to add new network credentials or to configure other interfaces.

permit nopass tlevine cmd nljo args -i iwm0

Many other approaches to granting permissions are possible, of course; I document simple doas(1) configuration here because I think it is the shortest good approach.


It is possible that nljo finds multiple access points with nwids that match those in the hostname.*.d files. In this case, one combination is chosen based on the order of the access points from the ifconfig(8) scan and the order of the configuration files in hostname.*.d.

nljo looks the names of the hostname.*.d files. If any of these files begins with a number, then nljo considers only the group with the first numeric prefix. If no file begins with a number, all files are ignored. nljo parses the nwids from each of the files that is considering.

nljo next checks the ifconfig(8) output for the nwids that it has just parsed from the hostname.*.d files. It selects the first access point from the ifconfig(8) with an nwid that is contained in the group of hostname.*.d files that it considered. (I think the first access point is the one with the most powerful connection.) nljo makes the symbolic link from /etc/hostname.${interface} to the file that uses access point's nwid.

If no matching nwid was found in the files considered group, nljo moves on to the next group, until all groups have been tried.

Consider the following file names.




This is an interface-specific hostname.if(5) configuration file used by netstart(8). nljo sets this file to be a symbolic link a configuration file for a particular network.


This directory contains the various saved interface-specific network configuration options. The interface-specific configuration file is linked to one of these files.


When I say that nljo is manipulating /etc, I really mean that it is manipulating ${DESTDIR}${SYSCONFDIR:-/etc} This is useful for testing. You are unlikely to need to set both DESTDIR and SYSCONFDIR; I included both just to follow conventions.



doas(1), doas.conf(5), hostname.if(5), ifconfig(8), netstart(8), rc.local(8), rc.shutdown(8),

devious, wiconfig,

Ray Lai, "wifind(8) find your wifi", openbsd-misc,, A discussion of approaches to wifi connection on OpenBSD.


The nljo utility exits 0 on success, and >0 if an error occurs.


Thomas Levine wrote nljo. Support will eventually be available at; until then, you can send an email to

OpenBSD 6.1 - July 17, 2017