NetworkManager: Secret weapon for the Linux road warrior

For years I have envied how easy my Windows- and Mac-based peers had it when traveling with their laptops. They connect to hotspots with ease, get online while I was still logging into root and running some tools. It just wasn’t fair. I wanted an integrated easy-to-use tool that did not require bringing up a shell or logging into root.

I now have that tool in NetworkManager. In this article I will explain what NetworkManager is, what capabilities exist in the tool (in both Fedora and Red Hat Enterprise Linux), and what you can do to extend it to give you more control over your system than before.

What is NetworkManager?

NetworkManager is a software utility that allows a desktop user to manage wired, wireless, modem, WWAN/3G, and VPN network connectivity from a single source. It does not require root access or manual editing of configuration files.

NetworkManager started as a Gnome project and initially appeared in Fedora. It is now supported on multiple desktop environments (Gnome, KDE, Xfce, etc.) and in multiple distributions (Fedora, SuSE, Ubuntu, Gentoo, Debian, etc.). NetworkManager uses dbus and hal to provide network status updates to other desktop applications, allowing them to alter their operation based on this information. For instance, if NetworkManager shows the network is offline, then apps like Evolution and Pidgin will put themselves into offline mode andwait for the network to come online.

How is the NetworkManager software deployed on the system?

NetworkManager is deployed in two parts. The first part is the NetworkManager daemon, which is found in the package NetworkManager. This daemon should be set to start while the system is booting. This can be accomplished by entering the following command as root:

    # /sbin/chkconfig NetworkManager on

You can also start NetworkManager manually by entering the following command as root:

    # /sbin/service NetworkManager start

The second part is the user client, which normally takes the form of an applet. This applet (nm-applet) can be found in the NetworkManager-gnome package, and should be part of the basic Gnome desktop installation. You will not need to add this applet to your desktop. Gnome will add the nm-applet control to the Notification Area applet when the NetworkManager daemon is active.

How does NetworkManager work?

For the user, most everything will be done via the NetworkManager applet. Exactly what needs to be done depends on the type of networking the user needs to activate.

Wired network

If the system the user is logged into is on a wired network (Ethernet), the user does not need to do anything. NetworkManager will look for the link on the network port. When the link is active, it will bring up the interface and then ask for network information via DHCP.

Wireless Network

If the user is trying to connect via wireless, NetworkManager is especially helpful. As long as the wireless device is active, NetworkManager will scan for available networks and will attempt to connect to the last network you connected to that it can see. If the network it is trying to connect to is a secure network (using WEP, WPA, WPA2, or LEAP) it will request the appropriate security information. Once the information is entered, NetworkManager will try to store this information into the GNOME keyring manager.

To connect to a different network than the one that NetworkManager chooses, simply click on the applet and choose a different wireless network.

WWAN network (3G/EVDO/HSDPA/RTTx1/EDGE)

With the release of NetworkManager 0.70, users can now choose WWAN networking. Most of these cards require activation in Windows, but NetworkManager can handle the auto-configuration some cards need for use under Linux. Other cards may still require some minimal account information to activate and use.

If the card is plugged in when NetworkManager starts, it will be autodetected and an attempt to auto-configure the card will be made when you request a connection to the network. If auto-configuration is successful, the user can then just select the card in the applet menu and connect.

VPN connectivity

Once a successful network connection has been made, the user can also use NetworkManager to activate a VPN connection. Currently, there are modules providing support for OpenVPN and Cisco (via vpnc) VPN connectivity.

The VPN connection will be configured, activated, and deactivated via the applet. Username, password, group passwords, and other information can be stored in the GNOME keyring manager, or the user can choose to be prompted to enter some—or all—of the information at each login.

What else can NetworkManager do?

Beside managing your network connectivity, NetworkManager has another key feature. NetworkManager can run scripts when there is a network state change on any interface, using the network interface and the up/down state as variables. In prior releases, this functionality was provided by a separate daemon called NetworkManagerDispatcher. As of NetworkManager 0.70 in Fedora 9, this functionality is now integrated into NetworkManager itself.

In Bash scripts written for NetworkManager, the variable $1 equals the interface whose state has changed and triggered the script. Variable $2 equals the state of the interface (up or down). No other variables are needed.

Let’s take a look at one of the scripts that is included with Fedora 9:

# cat /etc/NetworkManager/dispatcher.d/05-netfs

#!/bin/sh

export LC_ALL=C

if [ "$2" = "down" ]; then
        /sbin/ip route ls | grep -q ^default || {
                [ -f /var/lock/subsys/netfs ] && /etc/rc.d/init.d/netfs stop
        }
fi

if [ "$2" = "up" ]; then
        /sbin/ip -o route show dev "$1" | grep -q '^default' && {
                /sbin/chkconfig netfs && /etc/rc.d/init.d/netfs start
        }
fi

When an interface comes up and adds itself as the default route, the script starts the netfs service. This script also stops the netfs service when an interface goes down and no default route remains. Effectively, this will mount your NFS and CIFS shares when you have access to the network, and will unmount those same shares when the network goes down. Using this script as an example, you can easily write your own scripts to run various commands as the network state changes.

How can I best use NetworkManager in the field?

Now that you have a good idea of how NetworkManager works and what it can do, let’s talk about how to best use NetworkManager in the field. Now that you have NetworkManager managing your network connectivity, make sure your network interfaces are not trying to start on boot. Nothing is more annoying than having your laptop tell you that your wired network is not available when you are sitting on a plane. If you are using NetworkManager 0.70 (currently in Fedora 9), you should also disable the network service itself, as it may conflict with NetworkManager.

You can go further, writing NetworkManager scripts to activate various services only when they are needed. Many of the init scripts in Linux make the assumption that your system is a server or a workstation with continuous access to the network. Things like ntp, cups, sshd, even rhnsd do not need to be running while you have no network connectivity. These services can be disabled, set to run only when NetworkManager starts them via a custom script on a network state change.

Using the previously posted script as a guide, a script to manage sshd might look like this:

# cat /etc/NetworkManager/dispatcher.d/10-sshd

#!/bin/sh
#
# Start and stop sshd based on network availability using NetworkManager
#

export LC_ALL=C

if [ "$2" = "down" ]; then
        /sbin/ip route ls | grep -q ^default || {
                [ -f /var/lock/subsys/sshd ] && /etc/rc.d/init.d/sshd stop
        }
fi

if [ "$2" = "up" ]; then
        /sbin/ip -o route show dev "$1" | grep -q '^default' && {
                /sbin/chkconfig sshd && /etc/rc.d/init.d/sshd start
        }
fi

You could substitute “rhnsd” or “cups” for “sshd”, and the script should work equally well for those tasks..

If you are a administrator tasked with managing Red Hat or Fedora systems of remote employees, the scripting functionality can be even more handy. You can write a script that looks for the activation of the VPN interface then sends an email letting you know the system is online. You could have the system check in with a Satellite server located within your firewall, installing updates you previously scheduled for it. The possible uses here are many.

The student is now the master

No longer do I envy my Windows-based peers and their easy mobile connectivity. NetworkManager is constantly impressing me, adding functionality and allowing me to be more efficient on the road. This Swiss Army knife of Linux networking gives me the control I need over my connectivity whether at home, coffee house, or airport. Now that you know what NetworkManager is, how it works, and how best to use it, try it out of your own system. I trust you will find NetworkManager works as well for you as it did for me.

More information

1. NetworkManager main project page
2. NetworkManager in Fedora
3. dbus and hal
4. KNetworkManager

This entry was posted by Kyle Gonzales on Tuesday, July 22nd, 2008 at 5:21 pm and is filed under Fedora, Red Hat Enterprise Linux, technical. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.