Become a NetworkManager Guru

[dos2unix]

In most current Linux distro's. Network connections are managed by something called NetworkManager.
If you have a GUI desktop installed, your Network Connections will look something like this.

You can add, delete and modify Network Connections here. Normally your system is smart enough to automatically figure out
which interfaces have connectivity to the internet, and will try to automatically configure them.
But there are times, when you might want to change something.

You can right click on the little icon that looks like two computers and it should bring up something like this.

In my case I have three ethernet connectors on my PC. Notice only one of them says "now" at the end of the line.
That's the connection I am using right "now". If I double click on that connection, I will see something like this.

For the most part we can ignore this first screen. But next we want to click on the "IPv4 Settings" tab.
That will show a screen similar to this.

Notice it says my method is "Automatic". I'm guessing this is what 95 percent of the people reading this are using.
This means you are "automatically" getting your IP address, your netmask, your gateway, and your DNS servers
from a DHCP server on your local network. I would also guess that for about 95 percent of the people reading this, the
DHCP server is inside your Wi-Fi router. If you're using an Ethernet connection to this router like I am, then it
is still getting the IP configuration automatically from my wifi router.

For now we can click cancel. I wouldn't change anything yet. This was just to show you where things are.
If you're using Wi-Fi ( I suspect most of you are ). Then you make your connection slightly differently.

To be continued ...

 

[dos2unix]

If you're using Wi-Fi, you can see your available Wi-Fi networks here. It also shows you the signal strength
of each network. I do not have six Wi-fi routers in my house. In my case, I have some neighbors that are close enough, that
I can see their networks also. If you live in an apartment building, it's not uncommon to see 20 or 30 Wi-Fi networks here.
I am not connected to any of these Networks, but if I wanted to connect, I would just click on the Network I want to
connect to. That will bring up a password box like this.

You just type in the password, and away you go. It will usually take a few seconds to connect.
That's really all you have to do.

.. to be continued .

 

[dos2unix]

Beneath the covers, all of those screen we just saw run something called "nmcli" in the background.
If you really want to become proficient with NetworkManager, you should also learn how to do things
from the command line. NetworkManager is kind of funny in some ways. For example if you've never
created a Network connection, you /etc/NetworkManager/system-connections directory will be empty.
However once you've created a connection or two, you will now see some files here.

Server23#> cd /etc/NetworkManager/system-connections#

Server23#>  ls

enp13s0.nmconnection  OutlawCave.nmconnection

Notice have two files here. One is for my ethernet interface, and the other is for my Wi-Fi connection.
You can view these files. But it is recommended not to edit them manually. If you don't know what you
are doing you can break your network connections by editing these files. But this is what the file looks like.

Server23#> cat enp13s0.nmconnection

[connection]
id=enp13s0
uuid=9413aaed-e5a5-414d-88fe-de84775e5a70
type=ethernet
interface-name=enp13s0

[ethernet]

[ipv4]
method=auto

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

In real world practice, you don't even need to know about these files. You never edit them directly.
But it's good to know where the configurations are.

[connection]
id=OutlawCave
uuid=98aee106-598b-46bb-9187-e18bf2831fb3
type=wifi
interface-name=wlp14s0

[wifi]
mode=infrastructure
ssid=OutlawCave

[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=secretpassword

[ipv4]
method=auto

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

One thing to be aware of, is that your Wi-Fi password is in this file. No one can see these files except root
or someone with sudo privileges. The line that says "psk=secretpassword" is in clear text. I edited this file
for the purpose of this tutorial, I can assure you that my real Wi-Fi password is not "secretpassword".

... to be continued.

 

[dos2unix]

I am assuming you already know a little bit about networking. It's outside the scope of this article to teach
everything about TCP/IP protocols, but we'll cover a few of the basics.

You need to know a few things like what an interface is, what your Wi-Fi ssid is, and what the IP of your
router is. If you don't know what any of those things are, I would stop here.

How do I find out what my interface names are? There are a number of ways, but the method I usually use is...

Server1#> :~# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp13s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether d8:43:ae:43:6c:99 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.75/24 brd 10.0.0.255 scope global dynamic noprefixroute enp13s0
       valid_lft 169271sec preferred_lft 169271sec
    inet6 2601:1c1:4000:5fd0::cf8f/128 scope global dynamic noprefixroute
       valid_lft 1745sec preferred_lft 1745sec
    inet6 2601:1c1:4000:5fd0:31c9:7820:c8b8:8f56/64 scope global dynamic noprefixroute
       valid_lft 300sec preferred_lft 300sec
    inet6 fe80::d5f5:e39d:f1de:fdc6/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: enp16s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 00:26:55:ea:b9:aa brd ff:ff:ff:ff:ff:ff
4: enp16s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 00:26:55:ea:b9:ab brd ff:ff:ff:ff:ff:ff
5: wlp14s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether ae:2e:ac:48:24:1d brd ff:ff:ff:ff:ff:ff permaddr 4c:82:a9:18:84:39

Most of you likely will not have 3 or 4 ethernet interfaces. Most consumer PCs usually only have one.
Some laptops do not have any ethernet interfaces at all, they only have Wi-Fi interfaces.
A little tip here: Almost always ethernet interfaces will start with the letter "e".
Almost always wi-fi interfaces will start with the letter "w". It isn't always true 100 percent of the time,
but I would say almost always.
All computer have a "lo" interface. This is very important, never delete this connection. This isn't
really a physical connection you can plug into. It will always have the IP address of 127.0.0.1. Always,
on every single computer. This is called a "loopback" interface. It just means "myself". It's how
I talk to myself on the network.

So then, now we know what interfaces we have. How does this help us?
If we aren't supposed to create and edit those files ourselves.. how do we create them?
Well I already showed you the GUI method to create connections. But next is the command line method.

.. to be continued .

 

[dos2unix]

How do I view my existing network connections in nmcli?

nmcli connection show or nmcli con sho if you don't like typing so many letters.

#> nmcli con sho

NAME                UUID                                  TYPE      DEVICE  
enp13s0             9413aaed-e5a5-414d-88fe-de84775e5a70  ethernet  enp13s0 
lo                  5990d1b6-8f51-4aa0-a702-fced5e0d857c  loopback  lo      
OutlawCave          98aee106-598b-46bb-9187-e18bf2831fb3  wifi      --      
Wired connection 2  3e16f872-777c-3e77-ba0b-555fe68523a1  ethernet  --      
Wired connection 3  205ab78e-cc56-3397-a962-cb01010f9a47  ethernet  --

WARNING: This next command is destructive, and can break your network connection.
DISCLAIMER: I am not responsible for what commands you decide to run on your computer.

How do I delete a network connection? Well I have to know the connection name.
I see five connections from the command above. One of them is named 'Wired connection 2".
Never delete the "lo" connection under any circumstances. We will use the nmcli connection delete
command, or if you like the shorthand version...

#> nmcli con del 'Wired connection 2'

Connection 'Wired connection 2' (3e16f872-777c-3e77-ba0b-555fe68523a1) successfully deleted.

If there are spaces in the name of the connection, you'll have to put the name in quotes. Both single quotes
or double quotes work fine.
Well that's great, I just deleted one of my connections, but now how do I add it back again?
If you're using DHCP, you do it like this.

#> nmcli con add con-name enp16s0f1 ifname enp16s0f1 type ethernet autoconnect yes ipv4.method auto

#> Connection 'enp16s0f1' (4ff8f668-2381-48b5-81f9-6f20aab78150) successfully added.

Where did I get the name of my interface from? From the "ip addr" command in the previous post.
The con-name is arbitrary and you can name the connection anything you want ( if there are spaces, you'll
have to put the name in quotes ) the ifname ( interface name ) has to be the name of the interface from
the ip addr command. Type, in this case it's ethernet. Wi-Fi is done a little differently.
autoconnect yes, means the interface will come up automatically when I start my computer.
ipv4.method is auto because I'm using DHCP to automatically configure this interface.

... to be continued.

 

[dos2unix]

What if I want to add a connection with a static IP address because I'm not using DHCP ?

#> nmcli con add con-name eno1 ifname eno1 type ethernet autoconnect yes ipv4.method manual ip4 192.168.3.44/24 gw4 192.168.3.1

Note: You cannot add a DNS server in this line. It has to be done as a second command. Since I named this connection "eno1" that's the name of the connection I want to modify.

#> nmcli con mod eno1 ipv4.dns "8.8.8.8,9.9.9.9"

I added two DNS server IP addresses, note that they are separated by a comma.
To view all of the information about specific connection...

#> nmcli con show enp13s0

connection.id:                          enp13s0
connection.uuid:                        9413aaed-e5a5-414d-88fe-de84775e5a70
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              enp13s0
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1707314470
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        default
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
connection.dns-over-tls:                -1 (default)
connection.mptcp-flags:                 0x0 (default)
connection.wait-device-timeout:         -1
connection.wait-activation-delay:       -1
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:

This actually outputs about 170 lines of information, but I cut it off so this post isn't full of un-neccesary information.
If you don't want to see all that info, you can do something like..

#> nmcli con sho eno1 | grep -i dns

and that will just show the DNS info.

... to be continued.

 

[vs2-free-users]

Hi,

there is also a pretty terminal gui called nm-tui. Its pretty usefull on lightweight systems.

 

[dos2unix]

here is also a pretty terminal gui called nm-tui.

I am hoping to cover this as well.

 

[dcbrown73]

Nice write up.

I used to really hate NetworkManager. The first thing I did was disable it. Though that is quickly becoming not an option these days.

I'm learning to deal with and accept this fact lol.

I do appreciate the fact that I can update settings via ssh and not get disconnect. That was always a PIA in the past.

 

[dos2unix]

Back in the old networkd days, we used command like ifcfg up and ifcfg down to bring interfaces up and down.

Now with Network Manager, it's a little different. Again we need to know the connection names.
We can use nmcli con sho to list all of the connection names.

~$ nmcli con sho

NAME                UUID                                  TYPE      DEVICE
enp13s0             9413aaed-e5a5-414d-88fe-de84775e5a70  ethernet  enp13s0
lo                  5990d1b6-8f51-4aa0-a702-fced5e0d857c  loopback  lo    
enp16s0f1           4ff8f668-2381-48b5-81f9-6f20aab78150  ethernet  --    
OutlawCave          98aee106-598b-46bb-9187-e18bf2831fb3  wifi      --    
Wired connection 3  205ab78e-cc56-3397-a962-cb01010f9a47  ethernet  --

If I want to take connection enp13s0 off line, I simply type...

nmcli con down enp13s0

If I want to bring it up again, I simply type...

nmcli con up enp13s0

You can actually use the UUID to delete and modify connections as well.

nmcli con up 9413aaed-e5a5-414d-88fe-de84775e5a70

or to delete a connection...

nmcli con del 9413aaed-e5a5-414d-88fe-de84775e5a70

One thing about nmcli is that it will let you create two connections with the same name. However they will
have two different UUID's. If you were type "nmcli con del 'My connection'" and you had two connections named
"My connection", it would delete both of them. But if you use the UUID then it will only delete that specific one.

But for an old guy like me, it's too hard to remember the UUIDs, so I just use the connection names when I can.

.. to be continued.

 

[dos2unix]

You can nmcli with Wi-Fi connections as well.
Assuming you have a working Wi-Fi chip in your computer.

#~> nmcli dev wifi list

will output something like this.

To connect to a Wi-Fi network, simply type....

nmcli dev wifi conn OutlawCave password "mysecretpassword"

Obviously your SSID and password will be different.
You do not need root or sudo privileges to do this on most Linux distros.
One thing to be aware of, is that now your Wi-Fi password is in your command line history.
This isn't usually a problem because only yourself and someone with root privileges can see your history.
This isn't less secure than doing it through the GUI, because anyone see the password in the GUI as well.

Just like with Ethernet, if I want to drop the connection, I simply type...

nmcli con down OutlawCave

...and that will kill my Wi-Fi session. One good thing about this, once you've connected once and created the connection, you don't have to type that whole command with your password again, you can simply type...

nmcli con up OutlawCave

Unless you deleted the connection already. This command will work for any user that's logged into the computer now.
They don't have to know your Wi-Fi password. They can simply do a "nmcli con up ( connection name )".

... to be continued.

 

[dos2unix]

@vs2-free-users mentioned something called nmtui. This is handy if you don't have a Xwindows GUI.
For example, non of the 6,000 servers in our data have a Xwindows GUI installed on them. None of them
have a monitor or mouse connected, so you would never be able to see or use the GUI if it was installed.

But what if you don't like using the nmcli command line? There is another option.
I wanted to keep this article distro agnostic, but sometimes it's unavoidable to mention some distro's.
NetworkManager is a modular program, in the case of Fedora, it's about 30 packages.

NetworkManager-adsl.x86_64 : ADSL device plugin for NetworkManager
NetworkManager-bluetooth.x86_64 : Bluetooth device plugin for NetworkManager
NetworkManager-cloud-setup.x86_64 : Automatically configure NetworkManager in cloud
NetworkManager-config-connectivity-fedora.noarch : NetworkManager config file for connectivity checking via Fedora servers
NetworkManager-config-server.noarch : NetworkManager config file for "server-like" defaults
NetworkManager-dispatcher-routing-rules.noarch : NetworkManager dispatcher file for advanced routing rules
NetworkManager-fortisslvpn.x86_64 : NetworkManager VPN plugin for Fortinet compatible SSLVPN
NetworkManager-fortisslvpn-gnome.x86_64 : NetworkManager VPN plugin for SSLVPN - GNOME files
NetworkManager-initscripts-ifcfg-rh.x86_64 : NetworkManager plugin for reading and writing connections in ifcfg-rh format
NetworkManager-initscripts-updown.noarch : Legacy ifup/ifdown scripts for NetworkManager that replace initscripts
                                         : (network-scripts)
NetworkManager-iodine.x86_64 : NetworkManager VPN plugin for iodine
NetworkManager-iodine-gnome.x86_64 : NetworkManager VPN plugin for iodine - GNOME files
NetworkManager-l2tp.x86_64 : NetworkManager VPN plugin for L2TP and L2TP/IPsec
NetworkManager-l2tp-gnome.x86_64 : NetworkManager VPN plugin for L2TP and L2TP/IPsec - GNOME files
NetworkManager-libnm.x86_64 : Libraries for adding NetworkManager support to applications.
NetworkManager-libnm.i686 : Libraries for adding NetworkManager support to applications.
NetworkManager-libnm-devel.i686 : Header files for adding NetworkManager support to applications.
NetworkManager-libnm-devel.x86_64 : Header files for adding NetworkManager support to applications.
NetworkManager-libreswan.x86_64 : NetworkManager VPN plug-in for IPsec VPN
NetworkManager-libreswan-gnome.x86_64 : NetworkManager VPN plugin for libreswan - GNOME files
NetworkManager-openconnect.x86_64 : NetworkManager VPN plugin for openconnect
NetworkManager-openconnect-gnome.x86_64 : NetworkManager VPN plugin for OpenConnect - GNOME files
NetworkManager-openvpn.x86_64 : NetworkManager VPN plugin for OpenVPN
NetworkManager-openvpn-gnome.x86_64 : NetworkManager VPN plugin for OpenVPN - GNOME files
NetworkManager-ovs.x86_64 : Open vSwitch device plugin for NetworkManager
NetworkManager-ppp.x86_64 : PPP plugin for NetworkManager
NetworkManager-pptp.x86_64 : NetworkManager VPN plugin for PPTP
NetworkManager-pptp-gnome.x86_64 : NetworkManager VPN plugin for PPTP - GNOME files
NetworkManager-ssh.x86_64 : NetworkManager VPN plugin for SSH
NetworkManager-ssh-gnome.x86_64 : NetworkManager VPN plugin for SSH - GNOME files
NetworkManager-sstp.x86_64 : NetworkManager VPN plugin for SSTP
NetworkManager-sstp-gnome.x86_64 : NetworkManager VPN plugin for SSTP - GNOME files
NetworkManager-strongswan.x86_64 : NetworkManager strongSwan IPSec VPN plug-in
NetworkManager-strongswan-gnome.x86_64 : NetworkManager VPN plugin for strongswan - GNOME files
NetworkManager-team.x86_64 : Team device plugin for NetworkManager
NetworkManager-tui.x86_64 : NetworkManager curses-based UI
NetworkManager-vpnc.x86_64 : NetworkManager VPN plugin for vpnc
NetworkManager-vpnc-gnome.x86_64 : NetworkManager VPN plugin for vpnc - GNOME files
NetworkManager-wifi.x86_64 : Wifi plugin for NetworkManager
NetworkManager-wwan.x86_64 : Mobile broadband device plugin for NetworkManager
cockpit-networkmanager.noarch : Cockpit user interface for networking, using NetworkManager

Now normally you don't need all of these programs, and most of them are not installed by default.
If you're not using Wi-Fi, or a VPN, or a serial connection, then there is really no need to have those parts of NetworkManger installed. This is also true for a package called NetworkManager-tui. It isn't installed by default on any of the distro's I use. In fact it may be named slighly differently on Ubuntu/Debian distros. ( Perhaps someone more familiar with Ubuntu can chime in here ) So you may have to install it first before the following will work.

But if you run the following command...

nmtui

It should bring up a screen like this.

You can use your up and down arrow keys to select one of the items in the list. Then just press [enter] to bring up the item.
In this case we will select "Edit a connection".

Much like the nmcli command line, I can add, delete, or modify my connections. Simply use the tab key or your arrow keys to navigate around the screen. We will add a connection.

It asks what kind of connection we want to add. We will add a ethernet connection.

You can rename the connection at the top. You'll still need to know the interface device and type it in manually.
If you're using DHCP you can leave the IPv4 CONFIGURATION set to Automatic. If you're using a static IP address.
Use your arrows keys to go down to the <Automatic> and press [enter].

Select "Manual".
Then use your arrow keys to go over the "Show" selection on the same line.

Type in whatever configuration settings you need. Then arrow down to <OK> at the bottom right hand corner.
Now you'll see a new connection in your connection list. You can arrow down to the <Back> selection, and then
on the next screen select the <Exit> option. That's it, you've made a new connection, congratulations.