NetworkManager
From ArchWiki
i18n |
---|
Deutsch |
English |
Italiano |
Español |
Português do Brasil |
简体中文 |
Türkçe |
Русский |
Network Manager is a set of co-operative tools that make networking simple and straightforward. Whether wireless or wired, Network Manager allows you to quickly move from one network to another: once a network has been configured and joined once, it can be detected and re-joined automatically at a later date.
Network Manager 0.7 is a major overhaul of the NetworkManager program.
Some of the new features include:
- Support for cellular data cards
- Multiple Active Devices
- System-wide Configuration
- wpa_supplicant dbus Control Interface
- More Wireless/Wired Authentication Methods
Contents |
Step 1: Installation
NetworkManager is available in the repositories:
# pacman -S networkmanager
Step 2: GUIs
Gnome
network-manager-applet (formerly gnome-network-manager) is also there:
# pacman -S network-manager-applet
If no icon for nm-applet appears on one of your panels in Gnome, yet you are sure it is running, try adding a "Notification Area" to a panel.
KDE
KDE4
KNetworkManager is available in the extra repository. Install it like so:
# pacman -S kdeplasma-applets-networkmanager
There is new version of KNetworkManager in [kdemod-core] providing system tray icon and configuration:
# pacman -S kdemod-networkmanagement-knetworkmanager-kde4
KDE3
You can try to use knetworkmanager which is no longer maintained in any Arch official repositories. You can get it from the AUR.
Xfce
Xfce uses the same package as GNOME:
# pacman -S network-manager-applet
You can also install xfapplet plugin, which allows GNOME applets to be displayed within the xfce4 panel:
# pacman -S xfce4-xfapplet-plugin
If after installation you get four or more instances of nm-applet running when automatically starting gnome services and you are not using a session manager, consider doing the following:
- Kill all nm-applet processes
- Add nm-applet --sm-disable to the autostarted applications
- Log out of Xfce
- Delete the XFCE session file (in ~/.cache/sessions/)
- Log into Xfce
Fluxbox and Other WMs
You will need the hicolor theme to be able to run nm-applet:
# pacman -S network-manager-applet hicolor-icon-theme gnome-icon-theme
After configuring your system for use with NetworkManager, to autostart the NetworkManager applet, go to Settings → Autostarted Applications then add, "nm-applet --sm-disable &". This should start up the network manager applet on startup. The "--sm-disable" option is used to prevent multiple instances of the nm-applet, and you should only need it if multiple instances are running when you startup.
- NetworkManager seems to have trouble loading on various box-environments and compiz. By using the ck-launch-session pre-fix, nm-applet seems to work correctly.
Ex.,
exec ck-launch-session startlxde
Command line
cnetworkmanager, from the AUR, can be used to configure connections from the command line.
Step 3: Configuration
Disable interfaces
If you want to use NetworkManager on an interface you will have to disable it in /etc/rc.conf. You can do this by placing a "!" in front of the interface of your choice, for example:
INTERFACES=(!eth0 !ath0)
NetworkManager parses /etc/rc.conf to see if you want to have a static or dynamic IP on your interfaces, so state your preferred configuration there.
Example for static IP:
eth0="eth0 172.19.3.18 netmask 255.255.255.0 broadcast 172.19.3.255"
Example for dynamic IP:
eth0="dhcp"
Set hostname
By default NetworkManager 0.7 will do a reverse lookup of your IP to determine your hostname. Generally, this will result in "localhost" or "localhost.localdomain". It will also attempt to manipulate the hostname of the system on the fly which will occasionally break Xorg.
The solution is to create the file /etc/NetworkManager/nm-system-settings.conf, and add the following:
[main] plugins = keyfile [keyfile] hostname = <your hostname>
Make sure you verify that /etc/hosts is correct before continuing as NetworkManager may have altered it already before you had a chance to change this setting.
Edit daemons
You must disable the default network daemon and add the hal and networkmanager daemons in this order:
DAEMONS=( ... !network hal networkmanager ... )
Get in the network group
Add yourself to the network group, replacing USERNAME with the appropriate user name:
# gpasswd -a USERNAME network
Configure network services
There are quite a few network services that you will not want running until NetworkManager brings up an interface. Good examples are ntpd and network filesystem mounts of various types. NetworkManager can start these services when you bring an interface up, and stop them when you bring it down.
To use this feature, add scripts to /etc/NetworkManager/dispatcher.d and make them executable for all users. For security, make them owned by root:root and writable only by the owner. The scripts will be run in alphabetical order at interface up time (with arguments interface up), and in reverse alphabetical order at interface down time (with arguments interface down). To ensure what order they come up in, simply add an alphabetical character and an underscore at the front of the script name; for example, a_portmap and b_netfs (which ensures that the portmapper is up before NFS mounts are attempted).
A useful naming scheme: a_portmap b_netfs c_ntpdate d_ntpd e_cups f_clamav. Typical usage for this is running a local NTP server on a system that does not connect to foreign wireless networks, and that also employs NFS mounts. There is no point in cups if you are not on the network. Clamav's freshclam signature updater requires networking to connect.
Proxy settings
Network Manager does not directly handle proxy settings.
See: Proxy settings
PolicyKit issues
Because many Display Managers (including KDM) do not natively support policykit at login, you will run into some permission issues with D-Bus and NetworkManager.
While there are several options to resolve this issue, choose only one:
- Install Consolekit and add the following line to /etc/pam.d/kde:
session optional pam_ck_connector.so
- Add the following lines to /etc/dbus-1/system.d/NetworkManager.conf:
<policy group="users"> <allow send_destination="org.freedesktop.NetworkManager"/> <allow send_interface="org.freedesktop.NetworkManager"/> </policy>
- If this does not work, check if there are any policy errors by starting NetworkManager manually:
# kill `pidof NetworkManager` # NetworkManager --no-daemon
- Put the following script in ~/.kde4/Autostart or similar for other WMs or DEs:
#!/bin/bash ck-launch-session
- If none of those work, refer to this thread: http://bbs.archlinux.org/viewtopic.php?id=63576
Troubleshooting
DHCP problems
If you have problems with getting an IP via DHCP try to add the following to your /etc/dhclient.conf:
interface "eth0" { send dhcp-client-identifier 01:aa:bb:cc:dd:ee:ff; }
Where aa:bb:cc:dd:ee:ff is the MAC-adress of this NIC.
Problems starting nm-applet as normal user
Sometimes, the gnome applet fails to start with the following error:
** (nm-applet:2941): WARNING **: <WARN> applet_dbus_manager_start_service(): Could not acquire the NetworkManagerUserSettings service. Message: 'Connection ":1.19" is not allowed to own the service "org.freedesktop.NetworkManagerUserSettings" due to security policies in the configuration file'
This depends on NetworkManager changing its behaviour since version 0.7, ignoring the "network" group altogether and instead uses ConsoleKit, which seems to be problematic at times. This solution was provided by madhatter:
Edit your /etc/dbus-1/system.d/NetworkManager.conf to read:
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <policy user="root"> <allow own="org.freedesktop.NetworkManager"/> <allow send_destination="org.freedesktop.NetworkManager"/> <allow send_interface="org.freedesktop.NetworkManager"/> <allow own="org.freedesktop.NetworkManager.PPP"/> <allow send_destination="org.freedesktop.NetworkManager.PPP"/> <allow send_interface="org.freedesktop.NetworkManager.PPP"/> </policy> <policy group="network"> <allow send_destination="org.freedesktop.NetworkManager"/> <allow send_interface="org.freedesktop.NetworkManager"/> </policy> <policy at_console="true"> <allow send_destination="org.freedesktop.NetworkManager"/> <allow send_interface="org.freedesktop.NetworkManager"/> </policy> <policy context="default"> <deny own="org.freedesktop.NetworkManager"/> <deny send_destination="org.freedesktop.NetworkManager"/> <deny send_interface="org.freedesktop.NetworkManager"/> <deny own="org.freedesktop.NetworkManager.PPP"/> <deny send_destination="org.freedesktop.NetworkManager.PPP"/> <deny send_interface="org.freedesktop.NetworkManager.PPP"/> </policy> <limit name="max_replies_per_connection">512</limit> </busconfig>
Also, change your /etc/dbus-1/system.d/nm-applet.conf to read:
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <policy user="root"> <allow own="org.freedesktop.NetworkManagerUserSettings"/> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/> <allow send_interface="org.freedesktop.NetworkManagerSettings"/> <allow send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/> </policy> <policy group="network"> <allow own="org.freedesktop.NetworkManagerUserSettings"/> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/> <allow send_interface="org.freedesktop.NetworkManagerUserSettings"/> <deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/> </policy> <policy at_console="true"> <allow own="org.freedesktop.NetworkManagerUserSettings"/> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/> <allow send_interface="org.freedesktop.NetworkManagerSettings"/> <deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/> </policy> <policy context="default"> <deny own="org.freedesktop.NetworkManagerUserSettings"/> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/> <allow send_interface="org.freedesktop.NetworkManagerSettings"/> <deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/> </policy> <limit name="max_replies_per_connection">512</limit> </busconfig>
This should solve any problems.
Missing default route
On at least one KDE4 system, no default route was created when establishing wireless connections with NetworkManager. Changing the route settings of the wireless connection to remove the default selection "Use only for resources on this connection" solved the issue.
Tips and tricks
Checking if networking is up inside a cron job or script
Some cron jobs require networking to be up to succeed. You may wish to avoid running these jobs when the network is down. To accomplish this, add an if test for networking that queries NetworkManager's nm-tool and checks the state of networking. The test shown here succeeds if any interface is up, and fails if they are all down. This is convenient for laptops that might be hardwired, might be on wireless, or might be off the network.
if [ `nm-tool|grep State|cut -f2 -d' '` == "connected" ]; then #Whatever you want to do if the network is online else #Whatever you want to do if the network is offline - note, this and the else above are optional fi
This useful for a cron.hourly script that runs fpupdate for the F-Prot virus scanner signature update, as an example. Another way it might be useful, with a little modification, is to differentiate between networks using various parts of the output from nm-tool; for example, since the active wireless network is denoted with an asterisk, you could grep for the network name and then grep for a literal asterisk.
Automatically unlock keyring after login
This will prevent nm-applet from asking for your keyring password.
- In /etc/pam.d/gdm (or your corresponding daemon in /etc/pam.d), add these lines at the end of the "auth" and "session" blocks if they do not exist already:
auth optional pam_gnome_keyring.so session optional pam_gnome_keyring.so auto_start
- In /etc/pam.d/passwd, use this line for the 'password' block:
password optional pam_gnome_keyring.so
- Next time you log in, you should be asked if you want the password to be unlocked automatically on login.
- Put a script like the following in ~/.kde4/Autostart:
$!/bin/sh echo PASSWORD | /usr/bin/pam-keyring-tool --unlock --keyring=default -s
- Similar should work with openbox, lxde, etc.
Automatically connect on boot
Since version 0.7 the NetworkManager is able to connect on boot, before a user has logged in and unlocked the keyring.
- First make sure that the keyfile plugin is loaded; /etc/NetworkManager/nm-system-settings.conf should look like this:
[main] plugins=keyfile
- If this was not in the file before, you have to restart nm-system-settings:
# killall -TERM nm-system-settings
- or simply reboot.
- Now grant your user the right to modify system-connections with:
$ sudo polkit-auth --grant org.freedesktop.network-manager-settings.system.modify --user "YOURUSERNAME"
- Finally, in the connection-editor, check the Available to all users box.
The connection is now saved in /etc/NetworkManager/system-connections/"CONNECTION NAME". On reboot, NetworkManager will try to connect to it, when in range.
Ignore specific devices
Sometimes it is desired, that network manager ignores some devices and do not try to get an IP.
- First you have to find out the Hal UDI (e.g. with lshal):
... info.product = 'Networking Interface' (string) info.subsystem = 'net' (string) info.udi = '/org/freedesktop/Hal/devices/net_00_1f_11_01_06_55' (string) linux.hotplug_type = 2 (0x2) (int) linux.subsystem = 'net' (string) ...
- Add the udi to /etc/NetworkManager/nm-system-settings.conf:
[keyfile] unmanaged-devices=/org/freedesktop/Hal/devices/net_00_1f_11_01_06_55
- Multiple devices can be specified, delimited by a semicolon:
[keyfile] unmanaged-devices=/org/freedesktop/Hal/devices/net_00_1f_11_01_06_55;/org/freedesktop/Hal/devices/net_00_2c_6d_e2_08_af
You do not need restarting networkmanager for the changes to take effect.