NetworkManager

NetworkManager is a network management software for Ethernet, Wifi, DSL, dialup, VPN, WiMAX and mobile broadband network connections.

Prerequisites
NetworkManager uses udev, D-Bus and polkit, so set them up first.

NetworkManager uses the plugdev group, so add your user to plugdev.

Kernel
You need to disable the following kernel options:

For Wifi devices enable also the following options:

Software
Portage knows the global USE flag networkmanager for enabling support for NetworkManager in other packages. Enabling this USE flag will pull in automatically:

The USE flags of networkmanager are:

After setting this you want to update your system so the changes take effect:

Also install a frontend:
 * - GNOME frontend
 * - KDE frontend
 * - KDE frontend
 * nmcli (part of networkmanager) - command line frontend

There are also some extensions:
 * - VPN connection to a OpenConnect server
 * - VPN connection to a OpenSwan server
 * - VPN connection to a OpenVPN server
 * - VPN connection to a PPTP server
 * - VPN connection to a SSTP server
 * - VPN connection to a Cisco VPN concentrator

OpenRC
You can now start NetworkManager:

To start NetworkManager at boot time, add it your default runlevel:

Reload D-Bus so that the NetworkManager changes take effect:

Note that NetworkManager will not connect if other services are also managing connections. So you need to remove them, if you have them installed.

Systemd
On a systemd-based install, you can start NetworkManager like soː

To start it at boot timeː

Setting a hostname
If you built NetworkManager with USE=dhclient, you can set a hostname like this:

nm-applet and X session startup
To be able to get nm-applet started when starting your light X session or light desktop environment, just put the following line in your file:

For support, add the following lines before the previous line. This will ease password management for GnuPG, ssh and Wifi:

Dnsmasq
NetworkManager can be set up to use Dnsmasq as a local DNS server that passes the DNS queries on to your provider's DNS server. /etc/resolv.conf will be set to point to 127.0.0.1, where dnsmasq runs and processes the queries. This can be useful for example if an application chroots for security reasons and before doing so copies /etc/resolv.conf. Then it would never be informed about changes to the DNS servers as your laptop moves from Wifi to Wifi.

Setup of dnsmasq is simple:

Then restart NetworkManager.

DNSSEC

Dnsmasq can optionally validate DNSSEC data while passing through queries (must be compiled with the dnssec use flag). This can be accomplished by adding these lines to the NetworkManager dnsmasq config file:

The trusted anchor can be found here. After this change dnsmasq will return SERVFAIL and no DNS data if the validation fails. If the validation succeeds it sets the ad flag. In case the domain does not support DNSSEC dnsmasq behaves as before.

If your ISP's DNS server does not forward DNSSEC data then this will fail. In that case you can uncomment the last line, but it will defy the purpose of DNSSEC. Google's server 8.8.8.8 provise DNSSEC data.

Troubleshotting

 * GNOME bugtracker: known bugs
 * GNOME Wiki
 * GNOME Wiki