31 Using NetworkManager #
NetworkManager is the ideal solution for laptops and other portable computers. It supports state-of-the-art encryption types and standards for network connections, including connections to 802.1X protected networks. 802.1X is the “IEEE Standard for Local and Metropolitan Area Networks—Port-Based Network Access Control”. With NetworkManager, you need not worry about configuring network interfaces and switching between wired or wireless networks when you are on the move. NetworkManager can automatically connect to known wireless networks or manage several network connections in parallel—the fastest connection is then used as default. Furthermore, you can manually switch between available networks and manage your network connection using an applet in the system tray.
Instead of only one connection being active, multiple connections may be active at once. This enables you to unplug your laptop from an Ethernet and remain connected via a wireless connection.
NetworkManager is only supported by SUSE for desktop workloads with SLED or the
Workstation extension. All server certifications are done with
wicked
as the network configuration tool, and using NetworkManager may
invalidate them. NetworkManager is not supported by SUSE for server workloads.
31.1 Use cases for NetworkManager #
NetworkManager provides a sophisticated and intuitive user interface, which enables users to easily switch their network environment. However, NetworkManager is not a suitable solution in the following cases:
Your computer provides network services for other computers in your network, for example, it is a DHCP or DNS server.
Your computer is a Xen server or your system is a virtual system inside Xen.
31.2 Enabling or disabling NetworkManager #
On desktop and laptop computers, NetworkManager is enabled by default. You can disable and enable it at any time using the Network Settings module in YaST.
Run YaST and go to
› .The
dialog opens. Go to the tab.To configure and manage your network connections with NetworkManager:
In the
field, select .Click
and close YaST.Configure your network connections with NetworkManager as described in Section 31.3, “Configuring network connections”.
To deactivate NetworkManager and control the network with your own configuration:
In the
field, choose .Click
.Set up your network card with YaST using automatic configuration via DHCP or a static external IP address.
Find a detailed description of the network configuration with YaST in Section 23.4, “Configuring a network connection with YaST”.
31.3 Configuring network connections #
After enabling NetworkManager in YaST, configure your network connections with the NetworkManager front-end available in GNOME. It shows tabs for all types of network connections, such as wired, wireless, mobile broadband, DSL and VPN connections.
To open the network configuration dialog in GNOME, open the settings menu via the status menu and click the
entry.
Depending on your system setup, you may not be allowed to configure certain
connections. In a secured environment, certain options may be locked or
require root
permission. Ask your system administrator for details.
Open the Status Menu, click the gear icon to open
and click from the left menu.To add a Connection:
Click the
icon next to the connection type tab that you want to add.Depending on the connection type, fill the required fields in the corresponding dialog.
When you are finished click
.After confirming your changes, the newly configured network connection appears in the list of available networks in the Status Menu.
To edit a connection:
Click the gear icon on the right side of the connection type tab that you want to edit.
Insert your changes and click
to save them.To make your connection available as a system connection go to the Section 31.4.1, “User and system connections”.
tab and set the check box . For more information about user and system connections, see
31.3.1 Managing wired network connections #
If your computer is connected to a wired network, use the NetworkManager applet to manage the connection.
Open the Status Menu and click
to switch it off or click the related right arrow to change the connection details.To change the settings click
and then click the gear icon.To switch off all network connections, activate the
setting.
31.3.2 Managing wireless network connections #
Visible wireless networks are listed in the GNOME NetworkManager applet menu under
. The signal strength of each network is also shown in the menu. Encrypted wireless networks are marked with a shield icon.To connect to a visible wireless network, open the Status Menu and click
.Click
to enable it.Click
, select your Wi-Fi Network and click .If the network is encrypted, a configuration dialog opens. It shows the type of encryption the network uses and text boxes for entering the login credentials.
To connect to a network that does not broadcast its service set identifier (SSID or ESSID) and therefore cannot be detected automatically, open the Status Menu and click
.Click
to open the detailed settings menu.Make sure your Wi-Fi is enabled and click
.In the dialog that opens, enter the SSID or ESSID in
and set encryption parameters if necessary.
A wireless network that has been chosen explicitly remains connected as long as possible. If a network cable is plugged in during that time, any connections that have been set to
will be connected, while the wireless connection remains up.31.3.3 Enabling wireless captive portal detection #
On the initial connection, many public wireless hotspots force users to visit a landing page (the captive portal). Before you have logged in or agreed to the terms and conditions, all your HTTP requests are redirected to the provider's captive portal.
When connecting to a wireless network with a captive portal, NetworkManager and GNOME automatically show the login page as part of the connection process. This ensures that you always know when you are connected, and helps you to get set up as quickly as possible without using the browser to login.
To enable this feature, install the package NetworkManager-branding-SLE and restart NetworkManager with:
>
sudo
systemctl restart network
Whenever you connect to a network with a captive portal, NetworkManager (or GNOME) opens the captive portal login page for you. Login with your credentials to get access to the Internet.
31.3.4 Configuring your Wi-Fi/Bluetooth card as an access point #
If your Wi-Fi/Bluetooth card supports access point mode, you can use NetworkManager for the configuration.
Open the Status Menu and click
.Click
to open the detailed settings menu.Click
and follow the instructions.Use the credentials shown in the resulting dialog to connect to the hotspot from a remote machine.
31.3.5 NetworkManager and VPN #
NetworkManager supports several Virtual Private Network (VPN) technologies. For each technology, SUSE Linux Enterprise Desktop comes with a base package providing the generic support for NetworkManager. Besides that, you also need to install the respective desktop-specific package for your applet.
- OpenVPN
To use this VPN technology, install:
NetworkManager-openvpn
NetworkManager-openvpn-gnome
- OpenConnect
To use this VPN technology, install:
NetworkManager-openconnect
NetworkManager-openconnect-gnome
- PPTP (point-to-point tunneling protocol)
To use this VPN technology, install:
NetworkManager-pptp
NetworkManager-pptp-gnome
The following procedure describes how to set up your computer as an OpenVPN client using NetworkManager. Setting up other types of VPNs works analogously.
Before you begin, make sure that the package
NetworkManager-openvpn-gnome
is
installed and all dependencies have been resolved.
Open the application
by clicking the status icons at the right end of the panel and clicking the icon. In the window , choose .Click the
icon.Select
and then .Choose the
type. Depending on the setup of your OpenVPN server, choose or .Insert the necessary values into the respective text boxes. For our example configuration, these are:
The remote endpoint of the VPN server
The user (only available when you have selected
)The password for the user (only available when you have selected
)/etc/openvpn/client1.crt
/etc/openvpn/ca.crt
/etc/openvpn/client1.key
Finish the configuration with
.To enable the connection, in the
panel of the application click the switch button. Alternatively, click the status icons at the right end of the panel, click the name of your VPN and then .
31.4 NetworkManager and security #
NetworkManager distinguishes two types of wireless connections: trusted and untrusted. A trusted connection is any network that you explicitly selected in the past. All others are untrusted. Trusted connections are identified by the name and MAC address of the access point. Using the MAC address ensures that you cannot use a different access point with the name of your trusted connection.
NetworkManager periodically scans for available wireless networks. If multiple trusted networks are found, the most recently used is automatically selected. NetworkManager waits for your selection in case if all networks are untrusted.
If the encryption setting changes but the name and MAC address remain the same, NetworkManager attempts to connect, but first you are asked to confirm the new encryption settings and provide any updates, such as a new key.
If you switch from using a wireless connection to offline mode, NetworkManager blanks the SSID or ESSID. This ensures that the card is disconnected.
31.4.1 User and system connections #
NetworkManager knows two types of connections: user
and
system
connections.
User connections require every user to authenticate in NetworkManager, which stores the user's credentials in their local GNOME keyring so that they do not need to re-enter them every time they connect.
System connections are available to all users automatically. The first user to create the connection enters any necessary credentials, and then all other users have access without needing to know the credentials. The difference in configuring a user or system connection is a single check box, Section 31.3, “Configuring network connections”.
. For information on how to configure user or system connections with NetworkManager, refer to31.4.2 Storing passwords and credentials #
If you do not want to re-enter your credentials each time you want to connect to an encrypted network, you can use the GNOME Keyring Manager to store your credentials encrypted on the disk, secured by a master password.
31.4.3 Firewall zones #
firewalld
zones in NetworkManager #The firewall zones set general rules about which network connections are allowed. To configure the zone of firewalld for a wired connection, go to the Identity tab of the connection settings. To configure the zone of firewalld for a Wi-Fi connection, go to the Security tab of the connection settings.
If you are in your home network, use the zone
home
. For public wireless networks, switch to
public
. If you are in a secure environment and
want to allow all connections, use the zone
trusted
.
For details about firewalld, see Section 23.4, “firewalld
”.
31.5 Frequently asked questions #
In the following, find several frequently asked questions about configuring special network options with NetworkManager.
- 1. How to tie a connection to a specific device?
By default, connections in NetworkManager are device type-specific: they apply to all physical devices with the same type. If more than one physical device per connection type is available (for example, your machine is equipped with two Ethernet cards), you can tie a connection to a certain device.
To do this in GNOME, first look up the MAC address of your device (use the
available from the applet, or use the output of command line tools likenm-tool
orwicked show all
). Then start the dialog for configuring network connections and choose the connection you want to modify. On the or tab, enter the of the device and confirm your changes.
- 2. How to specify a certain access point in case multiple access points with the same ESSID are detected?
When multiple access points with different wireless bands (a/b/g/n) are available, the access point with the strongest signal is automatically chosen by default. To override this, use the
field when configuring wireless connections.The Basic Service Set Identifier (BSSID) uniquely identifies each Basic Service Set. In an infrastructure Basic Service Set, the BSSID is the MAC address of the wireless access point. In an independent (ad-hoc) Basic Service Set, the BSSID is a locally administered MAC address generated from a 46-bit random number.
Start the dialog for configuring network connections as described in Section 31.3, “Configuring network connections”. Choose the wireless connection you want to modify and click . On the tab, enter the BSSID.
- 3. How to share network connections with other computers?
The primary device (the device which is connected to the Internet) does not need any special configuration. However, you need to configure the device that is connected to the local hub or machine as follows:
Start the dialog for configuring network connections as described in Section 31.3, “Configuring network connections”. Choose the connection you want to modify and click . Switch to the tab and from the drop-down list, activate . That will enable IP traffic forwarding and run a DHCP server on the device. Confirm your changes in NetworkManager.
As the DHCP server uses port
67
, make sure that it is not blocked by the firewall: On the machine sharing the connections, start YaST and select › . Switch to the category. If is not already shown as , select from and click . Confirm your changes in YaST.
- 4. How to provide static DNS information with automatic (DHCP, PPP, VPN) addresses?
In case a DHCP server provides invalid DNS information (and/or routes), you can override it. Start the dialog for configuring network connections as described in Section 31.3, “Configuring network connections”. Choose the connection you want to modify and click . Switch to the tab, and from the drop-down box, activate . Enter the DNS information in the and fields. To click and activate the respective check box. Confirm your changes.
- 5. How to make NetworkManager connect to password protected networks before a user logs in?
Define a
system connection
that can be used for such purposes. For more information, refer to Section 31.4.1, “User and system connections”.
31.6 Troubleshooting #
Connection problems can occur. Common problems related to NetworkManager include the applet not starting or a missing VPN option. Methods for resolving and preventing these problems depend on the tool used.
- NetworkManager desktop applet does not start
The applets starts automatically if the network is set up for NetworkManager control. If the applet does not start, check if NetworkManager is enabled in YaST as described in Section 31.2, “Enabling or disabling NetworkManager”. Then make sure that the NetworkManager-gnome package is also installed.
If the desktop applet is installed but is not running, start it manually with the command
nm-applet
.- NetworkManager applet does not include the VPN option
Support for NetworkManager, applets, and VPN for NetworkManager is distributed in separate packages. If your NetworkManager applet does not include the VPN option, check if the packages with NetworkManager support for your VPN technology are installed. For more information, see Section 31.3.5, “NetworkManager and VPN”.
- No network connection available
If you have configured your network connection correctly and all other components for the network connection (router, etc.) are also up and running, it sometimes helps to restart the network interfaces on your computer. To do so, log in to a command line as
root
and runsystemctl restart wickeds
.
31.7 More information #
More information about NetworkManager can be found on the following Web sites and directories:
- NetworkManager project page
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
- Package documentation
Also check out the information in the following directories for the latest information about NetworkManager and the GNOME applet:
/usr/share/doc/packages/NetworkManager/
,/usr/share/doc/packages/NetworkManager-gnome/
.