Translation(s): EnglishFrançaisItalianoGermanPortuguês (Brasil)简体中文Русский

NetworkManager allows to configure network interfaces using GUI dialogs provided by desktop environments, command line tools, terminal application, or netplan.io YAML configuration files. It is convenient on laptops traveling between different networks. It may be used on servers with static configuration.

briefly discuss NetworkManager

Contents

  1. Documentation
  2. Ignored network interfaces
    1. Devices from /etc/network/interfaces are not managed by default
    2. Enabling Interface Management
  3. "Auto Ethernet" and "Auto eth0"
  4. Permissions
  5. FAQ
  6. Troubleshooting
  7. See Also
  8. External Links

https://commons.wikimedia.org/wiki/File:NetworkManager.png

From the NetworkManager source code README:

  • NetworkManager attempts to keep an active network connection available at all times. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. NetworkManager is intended to replace default route, replace other routes, set IP addresses, and in general configure networking as NM sees fit (with the possibility of manual override as necessary). In effect, the goal of NetworkManager is to make networking Just Work with a minimum of user hassle, but still allow customization and a high level of manual network control. If you have special needs, we'd like to hear about them, but understand that NetworkManager is not intended for every use-case.

In parallel with NetworkManager some network interfaces may be under control of

Netplan.io configuration framework may use NetworkManager as a backend.

Firewalld uses connection.zone property of NetworkManager connection profiles to determine filtering rules when network device is configured.

NetworkManager is composed of two layers:

  1. A daemon running as root: NetworkManager(8) is usually managed by systemd as NetworkManager.service.

  2. Front-ends: nmcli(1) command line tool, nmtui(1) text terminal interface, applets for desktop environments.

The daemon, nmtui and nmcli tools are shipped in the network-manager package. GUI tools are packaged separately: nm-tray, network-manager-gnome (nm-applet), plasma-nm, etc.

Additionally, there are various plugins available that enable NetworkManager to handle other, special connections such as various types of VPN connections.

NetworkManager keeps connection information on known individual networks in configuration files called profiles. Those are stored at /etc/NetworkManager/system-connections/. For options in these files refer to the manpage on nm-settings: man nm-settings or online. They can be edited (as root) using a text editor or the nm-connection-editor (enclosed in network-manager-gnome).

For changes in configuration to become effective, you may have to restart the NetworkManager daemon: 

sudo service network-manager restart

Starting with Debian 11 (bullseye), use: 

sudo service NetworkManager restart

Documentation

Ignored network interfaces

To co-exist with other network configuration tools, NetworkManager should not touch some network interfaces. Actual state is reported by 

$ nmcli device

By default it does not handle interfaces declared in /etc/network/interfaces, see the package README.Debian file in #Documentation and the section below.

In addition it takes into account unmanaged-devices in NetworkManager.conf(5) § KEYFILE SECTION 

[keyfile]
unmanaged-devices=*,except:type:wifi

and managed from NetworkManager.conf(5) § DEVICE SECTION. See also NetworkManager.conf(5) § Device List Format. 

[device]
match-device=lxcbr0
managed=false

Configuration including drop-in files may be obtained by 

$ /usr/sbin/NetworkManager --print-config

See also Chapter 15. Configuring NetworkManager to ignore certain devices in Configuring and managing networking for RHEL9.

Devices from /etc/network/interfaces are not managed by default

Since Debian 6.0 "Squeeze", NetworkManager does not manage any interface defined in /etc/network/interfaces by default, it is realm of ifupdown.

Unmanaged devices means NetworkManager doesn't handle those network devices. This occurs when two conditions are met:

  1. The file /etc/network/interfaces, see interfaces(5), contains anything about the interface, even: 

     allow-hotplug eth0
 iface eth0 inet dhcp

  2. And /etc/NetworkManager/NetworkManager.conf contains: 

     [main]
 plugins=ifupdown,keyfile

 [ifupdown]
 managed=false

Enabling Interface Management

You may comment out interface description from /etc/network/interfaces and configure a connection in NetworkManager. The advantage is fast DHCP configuration when ethernet cable is plugged in.

If you want NetworkManager to handle interfaces that are enabled in /etc/network/interfaces:

  • Set managed=true in a drop-in file in /etc/NetworkManager/NetworkManager.conf.d/ or directly in /etc/NetworkManager/NetworkManager.conf.

  • Restart NetworkManager: 

sudo service NetworkManager restart

prior to Debian 11 (bullseye) it was necessary to use: 

sudo service network-manager restart

"Auto Ethernet" and "Auto eth0"

  • Auto Ethernet means "Select an Ethernet interface automatically"

  • Auto eth0 means "autoconfigure the eth0 interface".

Permissions

Whether a user can perform some action is managed through PolicyKit. To get permissions overview use 

nmcli general permissions

Active local user has enough permissions to enable or disable connections due to the "uaccess" feature of udev and systemd-logind.

Members of the sudo and netdev groups may create system-wide connections without password prompt. As of Debian 12 bookworm, first user created by installer is added to netdev group (#821424), however this group has been dropped from defaults for adduser (#849265). In output of the command given above the related entry is org.freedesktop.NetworkManager.settings.modify.system and its value is yes or auth accordingly.

In Debian 9 stretch (2017) NetworkManager applet did not appear at all unless the user belonged to the netdev group, see README.Debian for network-manager-gnome_1.4.4-1+deb9u1. There is no such a requirement any more.

FAQ

Q. How do I configure a static IP address (for a server, etc) ?

A) Use network settings dialog provided by desktop environment, e.g. nm-connection-editor(1) in GNOME, create or modify connection using nmcli(1), see Example 11. Adding an ethernet connection profile with manual IP configuration in nmcli-examples(7), or configure /etc/network/interfaces as described in NetworkConfiguration.

Q. How can I configure DNS for NetworkManager?

A) The short answer is to use nm-connection-editor. For the long answer see the corresponding entry in NetworkConfiguration.

Q. How to set up a connection sharing ("hotspot") for a wired interface ?

A) First make sure to install dnsmasq-base (but not dnsmasq unless you disable the system daemon in /etc/default/dnsmasq). Then use nm-connection-editor and setup a new profile using "shared to other computer" as the method for IPv4 (not possible from Gnome3's gnome-control-center). This hides all the complexity (dnsmasq, iptables, sysctl). Finally, use that profile for the network interface connected to the shared network. For Wi-Fi interfaces, a hotspot functionality is provided which uses the same functionality besides setting up an ad-hoc WiFi network.

Q. How can I set up OpenVPN using NetworkManager?

A) Using the network-manager-openvpn or network-manager-openvpn-gnome packages, it is possible to configure all aspects of OpenVPN, including importing configs from the service provider and automatically starting for specific connections (via nm-connection-editor).

Troubleshooting

If you faced issues with network then you may get overview of current status and configuration using the following commands 

$ nmcli general
$ nmcli radio
$ nmcli device
$ nmcli
$ nmcli connection
$ nmcli connection show "NAME_OR_UUID"
$ /usr/sbin/NetworkManager --print-config

Inspect logs from current boot (or an earlier one with additional arguments) 

# journalctl -b

alternatively you may start 

# journalctl -f

and watch reaction to e.g. plugged cable or connection activation. Notice that to run journalctl(1) you must be administrator or you will get messages only from GUI applets.

See Also

CategoryNetwork CategorySoftware

AltStyle によって変換されたページ (->オリジナル) /