NetworkManager

From Gentoo Wiki
Jump to: navigation, search
External resources

NetworkManager is a network management software for Ethernet, Wifi, DSL, dialup, VPN, WiMAX and mobile broadband network connections.

Note
NetworkManager doesn't work together with other network management software. So disable all other managers.

Installation

Prerequisites

NetworkManager uses udev, D-Bus and polkit, so set them up first.

NetworkManager uses the plugdev group, so add your user to plugdev.

root # gpasswd -a $USER plugdev

Kernel

You need to disable the following kernel options:

Kernel configuration

General setup  --->
    [ ] Enable deprecated sysfs features to support old userspace tools

For Wifi devices enable also the following options:

Kernel configuration

[*] Networking support  --->
        Networking options  --->
        <*> Packet socket
    [*] Wireless  --->
        <*>   cfg80211 - wireless configuration API
        [*]     cfg80211 wireless extensions compatibility

Software

Portage knows the global USE flag networkmanager for enabling support for NetworkManager in other packages. Enabling this USE flag will pull in net-misc/networkmanager automatically:

File/etc/portage/make.conf

USE="... networkmanager ..."

The USE flags of networkmanager are:

→ Information about USE flags
USE flag Default Recommended Description
avahi No Add avahi/Zeroconf support
bluetooth Yes Enables Bluetooth Support
connection-sharing No Use net-dns/dnsmasq and net-firewall/iptables for connection sharing
consolekit Yes Use sys-auth/consolekit for session tracking
dhclient No Use dhclient from net-misc/dhcp for getting ip
dhcpcd Yes Use net-misc/dhcpcd for getting ip
doc No Adds extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
gnutls No Adds support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)
introspection Yes Adds support for GObject based introspection
modemmanager No Enable support for mobile broadband devices using net-misc/modemmanager
nss Yes Use dev-libs/nss for cryptography
ppp Yes Enable support for mobile broadband and PPPoE connections using net-dialup/ppp
resolvconf No Use net-dns/openresolv for managing DNS information
vala No Enable bindings for dev-lang/vala
wext Yes Enable support for the deprecated Wext (Wireless Extensions) API; needed for some older drivers (e.g. ipw2200, ndiswrapper)
wimax No Enable support for WiMAX connections using net-wireless/wimax

After setting this you want to update your system so the changes take effect:

root # emerge --ask --changed-use --deep @world

Also install a frontend:

There are also some extensions:

Configuration

Boot service

OpenRC

You can now start NetworkManager:

root # /etc/init.d/NetworkManager start

To start NetworkManager at boot time, add it your default runlevel:

root # rc-update add NetworkManager default

Reload D-Bus so that the NetworkManager changes take effect:

root # /etc/init.d/dbus reload

Note that NetworkManager will not connect if other services are also managing connections. So you need to remove them, if you have them installed.

root # for service in $(rc-update show default | grep 'net\.' | awk '{ print $1 }'); do rc-update del $service default; done
root # rc-update del dhcpcd default

Systemd

On a systemd-based install, you can start NetworkManager like soː

root # systemctl start NetworkManager

To start it at boot timeː

root # systemctl enable NetworkManager

Setting a hostname

If you built NetworkManager with USE=dhclient, you can set a hostname like this:

File/etc/dhcp/dhclient.conf

send host-name "yourhostname";

nm-applet and X session startup

To be able to get nm-applet started when starting your light X session or light desktop environment, just put the following line in your ~/.xinitrc file:

File~/.xinitrc

dbus-launch nm-applet &

For gnome-base/gnome-keyring support, add the following lines before the previous line. This will ease password management for GnuPG, ssh and Wifi:

File~/.xinitrc

eval $(gnome-keyring-daemon --components=pkcs11,secrets,ssh,gpg)
export GNOME_KEYRING_PID
export GNOME_KEYRING_SOCKET
export SSH_AUTH_SOCK
export GPG_AGENT_INFO

Dnsmasq

NetworkManager can be set up to use Dnsmasq as a local DNS server that passes the DNS queries on to your provider's DNS server. /etc/resolv.conf will be set to point to 127.0.0.1, where dnsmasq runs and processes the queries. This can be useful for example if an application chroots for security reasons and before doing so copies /etc/resolv.conf. Then it would never be informed about changes to the DNS servers as your laptop moves from Wifi to Wifi.

Setup of dnsmasq is simple:

File/etc/NetworkManager/NetworkManager.conf

[main]
plugins=keyfile
dns=dnsmasq

Then restart NetworkManager.

DNSSEC

Dnsmasq can optionally validate DNSSEC data while passing through queries (must be compiled with the dnssec use flag). This can be accomplished by adding these lines to the NetworkManager dnsmasq config file:

File/etc/NetworkManager/dnsmasq.d/dnssec

# DNSSEC setup
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
dnssec-check-unsigned

The trusted anchor can be found here. After this change dnsmasq will return SERVFAIL and no DNS data if the validation fails. If the validation succeeds it sets the ad flag. In case the domain does not support DNSSEC dnsmasq behaves as before.

If your ISP's DNS server does not forward DNSSEC data then this will fail. In that case you can uncomment the last line, but it will defy the purpose of DNSSEC. Google's server 8.8.8.8 provise DNSSEC data.

Troubleshotting