NetworkManager

NetworkManager is network management software for Ethernet, Wifi, DSL, dialup, VPN, WiMAX, and mobile broadband network connections]].

Installation
NetworkManager requires an implementation of udev and D-Bus. On laptops and desktops, it is typically built with polkit to enable local users to configure it. It also optionally integrates with systemd, upower, ConsoleKit and others.

It is a good idea to use from  instead of  as 1.0.0 version is already doing. While dhcpcd in standalone mode provides some interesting features over dhclient, those will not be used by NetworkManager. Most NetworkManager developers do use dhclient and it is therefore much better tested with NetworkManager and is generally a better DHCP client to be used with NetworkManager. NetworkManager does not use the IPv6 support of dhcpcd and instead relies on dhclient for this.

Portage knows the global  USE flag for enabling support for NetworkManager in other packages. Enabling this USE flag will make those packages pull in automatically:

Kernel
For Wifi devices enable also the following options:

Look at the udev page for kernel configuration needed for this NetworkManager dependency.

Emerge
After changing use flags run the following command to update the system so the changes take effect:

To manually install NetworkManager, if not already pulled in automatically from above command:

Live ebuild (future 1.2 release)
NetworkManager is changing substantially and its feature set is slowly moving from a laptop oriented tool to a universal network management service configured using all sorts of tools from through  to GUI tools like, , Gnome Shell's network indicator, Gnome 3 control center, KDE's , and more.

The most convenient way is to add the ixit overlay using Layman or eselect repository.

or

Then you can install the desired NetworkManager release.

If anything goes wrong, contact User:Pavlix. Those are live ebuilds and therefore they can occasionally need updating. I'm also considering starting a separate overlay just for networking related tools, let me know if that would help you.

VPN plugins
The following packages can be used to add VPN support to the base NetworkManager agent:


 * - VPN connection using OpenConnect
 * - VPN connection using or
 * - VPN connection using OpenVPN server
 * - VPN connection to a PPTP server
 * - VPN connection to a SSTP server
 * - VPN connection using

After emerging a plugin, it will be available when adding new connections to NetworkManager.

Split DNS and DNSSEC support using unbound and dnssec-trigger
This doesn't yet work well with upstream releases nor in portage. But you can use Layman or eselect repository to add the ixit overlay and install, , and live ebuilds from there.

or

Now you can install the live ebuilds.

The main difference from simple DNSSEC support like in the dnsmasq plugin is that dnssec-trigger does its best to ensure that you get a working DNSSEC configuration even on your laptop roaming among third party networks with different capabilities as well as to allow you to still access local resources and that you can choose to work without DNSSEC when it cannot provide a working setup.

GTK GUIs
The systray applet is in and works in classic Xembed based systrays. If a systray is not included as part of the desktop environment in use, a standalone systray like stalonetray can be installed. The connection editor GUI in the same package as the applet. Note that this package serves all sorts of desktop environments and panels with systrays but it is no longer used by Gnome which has its own implementations in Gnome Shell and Gnome Control Center.

Also note that the current upstream version doesn't support the appindicator API and thus does not work in some systray implementations like those in current versions of KDE and Unity or the development versions of Enlightenment.

KDE GUIs

 * - KDE Plasma frontend.

Configuration
On Gentoo, NetworkManager uses the plugdev group to specify which users can manage plugable devices. Be sure to substitute  in the command below for each user who should be permitted to manage network connections:

OpenRC
Remove any existing network management services (if activated).

For example, to remove any netifrc scripts from controlling network interfaces (assuming they are all in the default runlevel), issue the following command:

To remove :

Start NetworkManager:

To start NetworkManager at boot time add it the default runlevel:

systemd
To start NetworkManager now:

Enable NetworkManager to be started at boot time.

With NetworkManager older than 0.9.10 or when you have services that order themselves after instead of, you may want to enable the  for. Note that it extends the boot time even if you don't have any services that need to wait for network connections.

When writing your own systemd services, you can easily make them wait for NetworkManager to configure the boot time connections. With NetworkManager 0.9.10 and later it works even without explicitly enabling the network-online.service.

Setting a hostname
If NetworkManager was built with the  USE flag enabled a hostname can be set using the following command:

Checking connectivity
NetworkManager can try to reach a page on Internet when connecting to a network. For those behind a captive portal, the desktop manager can automatically open a window asking for credentials. It's automatically done since NetworkManager 1.8, but it has to be configured manually for earlier versions. To enable this feature, edit (or create) the file to look something like this:

nm-applet and X session startup
To be able to get started when starting a light X session or light desktop environment, just put the following line in the relevant user's  file:

For support, add the following lines before the previous line. This will ease password management for GnuPG, ssh and Wifi:

NetworkManager way
NetworkManager can be set up to use Dnsmasq as a local DNS server that passes the DNS queries on to your provider's DNS server. will be set to point to 127.0.0.1, where dnsmasq runs and processes the queries. This can be useful for example if an application chroots for security reasons and before doing so copies. Then it would never be informed about changes to the DNS servers as your laptop moves from Wifi to Wifi.

Setup of dnsmasq is simple:

Dnsmasq can be configured with files in, for more information see the wiki page or the man pages of Dnsmasq.

Then restart NetworkManager.

DNSSEC
Dnsmasq can optionally validate DNSSEC data while passing through queries (must be compiled with the  USE flag). This can be accomplished by adding these lines to the NetworkManager dnsmasq config file:

The trusted anchor can be found here. After this change dnsmasq will return SERVFAIL and no DNS data if the validation fails. If the validation succeeds it sets the Authenticated Data (AD) flag. In case the domain does not support DNSSEC dnsmasq behaves as before.

If your ISP's DNS server does not forward DNSSEC data then this will fail. In that case you can uncomment the last line, but it will defy the purpose of DNSSEC. Google's server 8.8.8.8 provides DNSSEC data.

Service way
Sometimes you don't want to have Dnsmasq controlled by NetworkManager for different reasons, here is another way you can use both together:

And add localhost to your :

Set your Dnsmasq up, see man pages and the wiki page about Dnsmasq for details.

Don't forget to start Dnsmasq:

or

Fixing nm-applet insufficient privileges
If fails to create new networks with the error "Insufficient Privileges," then it could be a policy kit issue. Create the following file:

This lets all users in the plugdev group control network manager.

Hostname problems
The standard "keyfile" plugin does not forward the hostname in default configuration - to avoid having it changed upon network connection, add the following section to your NetworkManager.conf and enter your hostname accordingly:

Connection sharing
Connection sharing is not working on an Ethernet connection when set to shared via.

Verify the  USE flag has been enabled for. This can quickly be performed using :

Enable the USE flag if it is disabled, then reemerge the package:

DHCPv6 Unique IDentifier (DUID)
The DUID will be generated by NetworkManager and stored as the first line in the following file: {{FileBox|filename=/var/lib/NetworkManager/dhclient6-*.lease|lang=bash|1= default-duid "\000\001\000\001\031\012D\036<\331+m3\004"; lease6 { ... }}

To generate a DUID NetworkManager relies on the following file, which is created by systemd. This should be unique to any system.

For non-systemd users, you can use the following command from lubko on #nm irc channel @freenode.net.