31 Using NetworkManager #
NetworkManager is the ideal solution for laptops and other portable computers. It supports state-of-the-art encryption types and standards for network connections, including connections to 802.1X protected networks. 802.1X is the “IEEE Standard for Local and Metropolitan Area Networks—Port-Based Network Access Control”. With NetworkManager, you need not worry about configuring network interfaces and switching between wired or wireless networks when you are on the move. NetworkManager can automatically connect to known wireless networks or manage several network connections in parallel—the fastest connection is then used as default. Furthermore, you can manually switch between available networks and manage your network connection using an applet in the system tray.
Instead of only one connection being active, multiple connections may be active at once. This enables you to unplug your laptop from an Ethernet and remain connected via a wireless connection.
 NetworkManager is only supported by SUSE for desktop workloads with SLED or the
 Workstation extension. All server certifications are done with
 wicked as the network configuration tool, and using NetworkManager may
 invalidate them. NetworkManager is not supported by SUSE for server workloads.
 
31.1 Use cases for NetworkManager #
NetworkManager provides a sophisticated and intuitive user interface, which enables users to easily switch their network environment. However, NetworkManager is not a suitable solution in the following cases:
- Your computer provides network services for other computers in your network, for example, it is a DHCP or DNS server. 
- Your computer is a Xen server or your system is a virtual system inside Xen. 
31.2 Enabling or disabling NetworkManager #
On desktop and laptop computers, NetworkManager is enabled by default. You can disable and enable it at any time using the Network Settings module in YaST.
- Run YaST and go to › . 
- The dialog opens. Go to the tab. 
- To configure and manage your network connections with NetworkManager: - In the field, select . 
- Click and close YaST. 
- Configure your network connections with NetworkManager as described in Section 31.3, “Configuring network connections”. 
 
- To deactivate NetworkManager and control the network with your own configuration: - In the field, choose . 
- Click . 
- Set up your network card with YaST using automatic configuration via DHCP or a static external IP address. - Find a detailed description of the network configuration with YaST in Section 23.4, “Configuring a network connection with YaST”. 
 
31.3 Configuring network connections #
After enabling NetworkManager in YaST, configure your network connections with the NetworkManager front-end available in GNOME. It shows tabs for all types of network connections, such as wired, wireless, mobile broadband, DSL and VPN connections.
In previous SUSE Linux Enterprise Desktop releases, network connections were configured using an application called NetworkManager Connection Editor. This is no longer installed by default, because GNOME Control Center has fully replaced its configuration capabilities.
If you still need to use NetworkManager Connection Editor to configure network connections, install the NetworkManager-connection-editor package manually:
>sudozypper install NetworkManager-connection-editor
To open the network configuration dialog in GNOME, open the settings menu via the status menu and click the entry.
    Depending on your system setup, you may not be allowed to configure
    connections. In a secured environment, some options may be locked or
    require root permission. Ask your system administrator for details.
   
- Open the NetworkManager configuration dialog. 
- To add a Connection: - Click the icon in the lower left corner. 
- Select your preferred connection type and follow the instructions. 
- When you are finished click . 
- After confirming your changes, the newly-configured network connection appears in the list of available networks in the Status Menu. 
 
- To edit a connection: - Select the entry to edit. 
- Click the gear icon to open the dialog. 
- Insert your changes and click to save them. 
- To make your connection available as a system connection go to the tab and set the check box . For more information about user and system connections, see Section 31.4.1, “User and system connections”. 
 
31.3.1 Managing wired network connections #
If your computer is connected to a wired network, use the NetworkManager applet to manage the connection.
- Open the Status Menu and click to change the connection details or to switch it off. 
- To change the settings click and then click the gear icon. 
- To switch off all network connections, activate the setting. 
31.3.2 Managing wireless network connections #
Visible wireless networks are listed in the GNOME NetworkManager applet menu under . The signal strength of each network is also shown in the menu. Encrypted wireless networks are marked with a shield icon.
- To connect to a visible wireless network, open the Status Menu and click . 
- Click to enable it. 
- Click , select your Wi-Fi Network and click . 
- If the network is encrypted, a configuration dialog opens. It shows the type of encryption the network uses and text boxes for entering the login credentials. 
- To connect to a network that does not broadcast its service set identifier (SSID or ESSID) and therefore cannot be detected automatically, open the Status Menu and click . 
- Click to open the detailed settings menu. 
- Make sure your Wi-Fi is enabled and click . 
- In the dialog that opens, enter the SSID or ESSID in and set encryption parameters if necessary. 
A wireless network that has been chosen explicitly will remain connected as long as possible. If a network cable is plugged in during that time, any connections that have been set to will be connected, while the wireless connection remains up.
31.3.3 Enabling wireless captive portal detection #
On the initial connection, many public wireless hotspots force users to visit a landing page (the captive portal). Before you have logged in or agreed to the terms and conditions, all your HTTP requests are redirected to the provider's captive portal.
When connecting to a wireless network with a captive portal, NetworkManager and GNOME will automatically show the login page as part of the connection process. This ensures that you always know when you are connected, and helps you to get set up as quickly as possible without using the browser to login.
To enable this feature, install the package NetworkManager-branding-SLE and restart NetworkManager with:
>sudosystemctl restart network
Whenever you connect to a network with a captive portal, NetworkManager (or GNOME) will open the captive portal login page for you. Login with your credentials to get access to the Internet.
31.3.4 Configuring your Wi-Fi/Bluetooth card as an access point #
If your Wi-Fi/Bluetooth card supports access point mode, you can use NetworkManager for the configuration.
- Open the Status Menu and click . 
- Click to open the detailed settings menu. 
- Click and follow the instructions. 
- Use the credentials shown in the resulting dialog to connect to the hotspot from a remote machine. 
31.3.5 NetworkManager and VPN #
NetworkManager supports several Virtual Private Network (VPN) technologies. For each technology, SUSE Linux Enterprise Desktop comes with a base package providing the generic support for NetworkManager. In addition to that, you also need to install the respective desktop-specific package for your applet.
- OpenVPN
- To use this VPN technology, install: - NetworkManager-openvpn
- NetworkManager-openvpn-gnome
 
- OpenConnect
- To use this VPN technology, install: - NetworkManager-openconnect
- NetworkManager-openconnect-gnome
 
- PPTP (point-to-point tunneling protocol)
- To use this VPN technology, install: - NetworkManager-pptp
- NetworkManager-pptp-gnome
 
The following procedure describes how to set up your computer as an OpenVPN client using NetworkManager. Setting up other types of VPNs works analogously.
    Before you begin, make sure that the package
    NetworkManager-openvpn-gnome is
    installed and all dependencies have been resolved.
   
- Open the application by clicking the status icons at the right end of the panel and clicking the icon. In the window , choose . 
- Click the icon. 
- Select and then . 
- Choose the type. Depending on the setup of your OpenVPN server, choose or . 
- Insert the necessary values into the respective text boxes. For our example configuration, these are: - The remote endpoint of the VPN server - The user (only available when you have selected ) - The password for the user (only available when you have selected ) - /etc/openvpn/client1.crt- /etc/openvpn/ca.crt- /etc/openvpn/client1.key
- Finish the configuration with . 
- To enable the connection, in the panel of the application click the switch button. Alternatively, click the status icons at the right end of the panel, click the name of your VPN and then . 
31.4 NetworkManager and security #
NetworkManager distinguishes two types of wireless connections: trusted and untrusted. A trusted connection is any network that you explicitly selected in the past. All others are untrusted. Trusted connections are identified by the name and MAC address of the access point. Using the MAC address ensures that you cannot use a different access point with the name of your trusted connection.
NetworkManager periodically scans for available wireless networks. If multiple trusted networks are found, the most recently used is automatically selected. NetworkManager waits for your selection in case if all networks are untrusted.
If the encryption setting changes but the name and MAC address remain the same, NetworkManager attempts to connect, but first you are asked to confirm the new encryption settings and provide any updates, such as a new key.
If you switch from using a wireless connection to offline mode, NetworkManager blanks the SSID or ESSID. This ensures that the card is disconnected.
31.4.1 User and system connections #
    NetworkManager knows two types of connections: user and
    system connections.
User connections require every user to authenticate in NetworkManager, which stores the user's credentials in their local GNOME keyring so that they do not need to re-enter them every time they connect.
System connections are available to all users automatically. The first user to create the connection enters any necessary credentials, and then all other users have access without needing to know the credentials. The difference in configuring a user or system connection is a single check box, . For information on how to configure user or system connections with NetworkManager, refer to Section 31.3, “Configuring network connections”.
31.4.2 Storing passwords and credentials #
If you do not want to re-enter your credentials each time you want to connect to an encrypted network, you can use the GNOME Keyring Manager to store your credentials encrypted on the disk, secured by a master password.
31.4.3 Firewall zones #
firewalld zones in NetworkManager #The firewall zones set general rules about which network connections are allowed. To configure the zone of firewalld for a wired connection, go to the Identity tab of the connection settings. To configure the zone of firewalld for a Wi-Fi connection, go to the Security tab of the connection settings.
    If you are in your home network, use the zone
    home. For public wireless networks, switch to
    public. If you are in a secure environment and
    want to allow all connections, use the zone
    trusted.
   
    For details about firewalld, see Book “Security and Hardening Guide”, Chapter 23 “Masquerading and firewalls”, Section 23.4 “firewalld”.
   
31.5 Frequently asked questions #
In the following, find some frequently asked questions about configuring special network options with NetworkManager.
- 5. How to tie a connection to a specific device?
- By default, connections in NetworkManager are device type-specific: they apply to all physical devices with the same type. If more than one physical device per connection type is available (for example, your machine is equipped with two Ethernet cards), you can tie a connection to a certain device. - To do this in GNOME, first look up the MAC address of your device (use the available from the applet, or use the output of command line tools like - nm-toolor- wicked show all). Then start the dialog for configuring network connections and choose the connection you want to modify. On the or tab, enter the of the device and confirm your changes.
- 6. How to specify a certain access point in case multiple access points with the same ESSID are detected?
- When multiple access points with different wireless bands (a/b/g/n) are available, the access point with the strongest signal is automatically chosen by default. To override this, use the field when configuring wireless connections. - The Basic Service Set Identifier (BSSID) uniquely identifies each Basic Service Set. In an infrastructure Basic Service Set, the BSSID is the MAC address of the wireless access point. In an independent (ad-hoc) Basic Service Set, the BSSID is a locally administered MAC address generated from a 46-bit random number. - Start the dialog for configuring network connections as described in Section 31.3, “Configuring network connections”. Choose the wireless connection you want to modify and click . On the tab, enter the BSSID. 
- 7. How to share network connections with other computers?
- The primary device (the device which is connected to the Internet) does not need any special configuration. However, you need to configure the device that is connected to the local hub or machine as follows: - Start the dialog for configuring network connections as described in Section 31.3, “Configuring network connections”. Choose the connection you want to modify and click . Switch to the tab and from the drop-down box, activate . That will enable IP traffic forwarding and run a DHCP server on the device. Confirm your changes in NetworkManager. 
- As the DHCP server uses port - 67, make sure that it is not blocked by the firewall: On the machine sharing the connections, start YaST and select › . Switch to the category. If is not already shown as , select from and click . Confirm your changes in YaST.
 
- 8. How to provide static DNS information with automatic (DHCP, PPP, VPN) addresses?
- In case a DHCP server provides invalid DNS information (and/or routes), you can override it. Start the dialog for configuring network connections as described in Section 31.3, “Configuring network connections”. Choose the connection you want to modify and click . Switch to the tab, and from the drop-down box, activate . Enter the DNS information in the and fields. To click and activate the respective check box. Confirm your changes. 
- 9. How to make NetworkManager connect to password protected networks before a user logs in?
- Define a - system connectionthat can be used for such purposes. For more information, refer to Section 31.4.1, “User and system connections”.
31.6 Troubleshooting #
Connection problems can occur. Some common problems related to NetworkManager include the applet not starting or a missing VPN option. Methods for resolving and preventing these problems depend on the tool used.
- NetworkManager desktop applet does not start
- The applets starts automatically if the network is set up for NetworkManager control. If the applet does not start, check if NetworkManager is enabled in YaST as described in Section 31.2, “Enabling or disabling NetworkManager”. Then make sure that the NetworkManager-gnome package is also installed. - If the desktop applet is installed but is not running, start it manually with the command - nm-applet.
- NetworkManager applet does not include the VPN option
- Support for NetworkManager, applets, and VPN for NetworkManager is distributed in separate packages. If your NetworkManager applet does not include the VPN option, check if the packages with NetworkManager support for your VPN technology are installed. For more information, see Section 31.3.5, “NetworkManager and VPN”. 
- No network connection available
- If you have configured your network connection correctly and all other components for the network connection (router, etc.) are also up and running, it sometimes helps to restart the network interfaces on your computer. To do so, log in to a command line as - rootand run- systemctl restart wickeds.
31.7 More information #
More information about NetworkManager can be found on the following Web sites and directories:
- NetworkManager project page
- https://gitlab.freedesktop.org/NetworkManager/NetworkManager 
- Package documentation
- Also check out the information in the following directories for the latest information about NetworkManager and the GNOME applet: - /usr/share/doc/packages/NetworkManager/,
- /usr/share/doc/packages/NetworkManager-gnome/.
 

