https://wiki.archlinux.org/api.php?action=feedcontributions&user=Eloydegen&feedformat=atomArchWiki - User contributions [en]2024-03-29T13:01:35ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Irssi&diff=574028Irssi2019-05-26T03:12:33Z<p>Eloydegen: /* Configuration */ adding mouse mode</p>
<hr />
<div>[[Category:Internet Relay Chat]]<br />
[[Category:Console applications]]<br />
[[bg:Irssi]]<br />
[[de:Irssi]]<br />
[[es:Irssi]]<br />
[[fr:Irssi]]<br />
[[ja:Irssi]]<br />
[[sv:Irssi]]<br />
[[zh-hans:Irssi]]<br />
[[zh-hant:Irssi]]<br />
{{Related articles start}}<br />
{{Related|IRC channels}}<br />
{{Related|IRC}}<br />
{{Related|WeeChat}}<br />
{{Related|HexChat}}<br />
{{Related articles end}}<br />
[https://irssi.org/ Irssi] is a modular, ncurses based [[Wikipedia:Internet Relay Chat|IRC]] (Internet Relay Chat) client. It also supports [[Wikipedia:SILC_(protocol)|SILC]] and [http://www.icb.net/_jrudd/icb/protocol.html ICB] protocols via plugins.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|irssi}} package. <br />
<br />
Several scripts are available in the AUR under [https://aur.archlinux.org/packages/?O=0&K=irssi-script '''irssi-script'''], and in the [http://scripts.irssi.org/ irssi script repository].<br />
<br />
== Usage ==<br />
<br />
For a detailed introduction see the [https://irssi.org/documentation official documentation].<br />
<br />
{{Note|This section assumes you already know the basics of IRC and have used other clients in the past}}<br />
<br />
A [[terminal multiplexer]] such as [[tmux]] or [[GNU Screen]] is recommended. It allows the user to easily disconnect and reconnect to a session, and scripts such as [http://wouter.coekaerts.be/site/irssi/nicklist nicklist.pl] depend on a secondary window. To start irssi, run:<br />
<br />
$ irssi<br />
<br />
See also {{man|1|irssi}}.<br />
<br />
=== Commands ===<br />
<br />
Irssi commands start with a slash and are case-insensitive. You can find out about them with the built-in {{ic|/help}} pages, which are also [https://irssi.org/documentation/help/ available online].<br />
<br />
{| class="wikitable"<br />
! style="font-weight: bold;" | Command<br />
! style="font-weight: bold;" | Description<br />
|-<br />
| [https://irssi.org/documentation/help/help/ /help]<br />
| List all commands or describe a given command.<br />
|-<br />
| [https://irssi.org/documentation/help/network/ /network]<br />
| Manage your IRC networks.<br />
|-<br />
| [https://irssi.org/documentation/help/server/ /server]<br />
| Manage your IRC servers.<br />
|-<br />
| [https://irssi.org/documentation/help/connect/ /connect]<br />
| Connect to a server or network.<br />
|-<br />
| [https://irssi.org/documentation/help/disconnect/ /disconnect]<br />
| Closes the current connection to a server.<br />
|-<br />
| {{ic|ALT+(1-0,q-p,etc)}}<br />
| Changes the currently active window. {{ic|Ctrl+n}} cycles to the next window, {{ic|Ctrl+p}} to the previous window. <br />
|-<br />
| [https://irssi.org/documentation/help/window/ /window]<br />
| Manage your irssi windows.<br />
|-<br />
| [https://irssi.org/documentation/help/layout/ /layout]<br />
| Save or delete your window configuration.<br />
|-<br />
| [https://irssi.org/documentation/help/statusbar/ /statusbar]<br />
| Manage the statusbars.<br />
|-<br />
| [https://irssi.org/documentation/help/set/ /set]<br />
| View or change settings.<br />
|-<br />
| [https://irssi.org/documentation/help/alias/ /alias]<br />
| Manage your aliases.<br />
|}<br />
<br />
== Configuration ==<br />
<br />
Personal configuration file should be located at {{ic|~/.irssi/config}}; there is a template available in {{ic|/etc/irssi.conf}}. You can start irssi with an alternate config file using the {{ic|--config}} flag.<br />
<br />
* You can use {{ic|/save}} to save your current configuration to the config file.<br />
* You can save the location of your currently opened windows by entering {{ic|/layout save}}<br />
<br />
=== Authenticating with SASL ===<br />
<br />
{{Style|Freenode is a bad example since it's already present by default. Is {{ic|-ssl_capath}} actually needed?}}<br />
<br />
Irssi supports the [[Wikipedia:Simple Authentication and Security Layer|Simple Authentication and Security Layer]] (SASL).<br />
<br />
You can add a network with SASL mechanism as follows:<br />
<br />
/SERVER ADD -ssl -ssl_verify -ssl_capath /etc/ssl/certs -network freenode -port 6697 chat.freenode.net<br />
/NETWORK ADD -sasl_mechanism plain -sasl_username ''username'' -sasl_password ''password'' freenode<br />
<br />
{{Note|<br />
* Make sure to use the correct capitalization for the network name.<br />
* First command line is for adding server with [[#TLS Connection]]<br />
* If you have an existing network, then type second command line only.<br />
* If your password contains {{ic|$}}, you have to prefix it with another {{ic|$}} for ''irssi'' to properly parse it.}}<br />
<br />
Restart irssi, connect network and look for ''SASL authentication succeeded''.<br />
<br />
=== Automatically connect to #archlinux on startup ===<br />
<br />
Start irssi and then type the following in it:<br />
<br />
/server add -auto -network freenode chat.freenode.net<br />
<br />
{{ic|freenode}} can be substituted for any preferred word, such as the common abbreviation {{ic|fn}}.<br />
<br />
Ensure [[#Authenticating with SASL|SASL]] is configured correctly. You may use NickServ manually with {{ic|-autosendcmd}} instead of SASL, but this causes a race condition when automatically joining channels. If desired, authenticate using SSL certificates, instead of passwords with NickServ.<br />
<br />
/channel add -auto #archlinux freenode<br />
/channel add -auto #archlinux-offtopic freenode<br />
<br />
=== TLS Connection ===<br />
<br />
{{Style|Freenode is a bad example because it's already present by default.}}<br />
<br />
Freenode uses port 6697, 7000 and 7070 for SSL/TLS connections ('''not''' 6667). To connect to Freenode IRC network via TLS you have to setup a new connection. Start {{ic|irssi}} and run:<br />
<br />
/server add -auto -tls -tls_verify -network freenode -port 6697 chat.freenode.net<br />
<br />
Save your new settings with:<br />
<br />
/save<br />
<br />
If everything works you will see the "Z" mode set. It should look like this: "Mode change (+Zi) for user your-nick"<br />
<br />
==== Client certificates ====<br />
<br />
Freenode and OFTC support authentication using SSL certificates, providing an alternative to plaintext passwords. See Freenode's [https://freenode.net/kb/answer/certfp Identifying with CERTFP] for more extensive details.<br />
<br />
To create an password-less certificate that is valid for 730 days (when requested to enter details like state or even Common Name (CN), you can fill anything you want):<br />
<br />
$ openssl req -newkey rsa:2048 -days 730 -x509 -keyout irssi.key -out irssi.crt -nodes <br />
$ cat irssi.crt irssi.key > ~/.irssi/irssi.pem<br />
$ chmod 600 ~/.irssi/irssi.pem<br />
$ rm irssi.crt irssi.key<br />
<br />
Next, find out the corresponding fingerprint:<br />
<br />
$ openssl x509 -sha1 -fingerprint -noout -in ~/.irssi/irssi.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'<br />
<br />
This will write the fingerprint to stdout. (The sed command is there to format the fingerprint correctly by removing unwanted text and characters.) <br />
Copy the fingerprint string as you will register it in irssi shortly.<br />
<br />
In irssi, disconnect from the network and add the client certificate and keys. Omit the -ssl_pass option if your certificate was built without a password:<br />
<br />
/disconnect Freenode<br />
/server add -ssl_cert ~/.irssi/irssi.pem -ssl_pass <irssi.pem_password> -network freenode chat.freenode.net 6697<br />
<br />
Now connect (not {{ic|/reconnect}}) and register your fingerprint<br />
<br />
/connect Freenode<br />
/msg NickServ identify YOUR_PASSWORD<br />
/msg NickServ cert add YOUR_FINGERPRINT<br />
<br />
At this point, you can remove your password from the configuration file (if you saved it in there) and save your config with:<br />
<br />
/save<br />
<br />
=== Automatic logging ===<br />
<br />
/SET autolog ON<br />
/save<br />
<br />
=== Hide joins, parts, and quits ===<br />
<br />
In order to ignore showing of joining, leaving and quiting of users for all channels type the following in irssi:<br />
<br />
/ignore * joins parts quits<br />
<br />
See [https://github.com/lifeforms/irssi-smartfilter smartfilter] to restrict join messages to active users.<br />
<br />
=== Mouse scrolling ===<br />
<br />
To enable the mouse, type the following in irssi:<br />
<br />
/run scriptassist<br />
/script install mouse.pl<br />
<br />
To permanently enable it at startup:<br />
<br />
/script autorun mouse.pl<br />
<br />
== Tips and tricks ==<br />
<br />
=== HTTP Proxy ===<br />
<br />
To use ''irssi'' behind a HTTP proxy, the following commands are required:<br />
<br />
/SET use_proxy ON<br />
/SET proxy_address <Proxy host address><br />
/SET proxy_port <Proxy port><br />
/SET -clear proxy_string<br />
/SET proxy_string_after conn %s %d<br />
/EVAL SET proxy_string CONNECT %s:%d HTTP/1.0\n\n<br />
<br />
''irssi'' should then alter its config file correspondingly; if the proxy is not required, just set use_proxy to OFF.<br />
<br />
Should the proxy require a password, try:<br />
<br />
/SET proxy_password your_pass<br />
<br />
Otherwise:<br />
<br />
/SET -clear proxy_password<br />
<br />
{{Note|SSL behind a proxy will fail with these settings.}}<br />
<br />
=== irssi with nicklist in tmux ===<br />
<br />
The ''irssi'' plugin '[https://scripts.irssi.org/scripts/nicklist.pl nicklist]' offers to add a pane listing the users on the channel currently viewed. It has two methods to do this:<br />
<br />
* '''screen''', which simply adds the list to the right of ''irssi'', but brings the disadvantage that the entire window gets redrawn every time ''irssi'' prints a line.<br />
<br />
* '''fifo''', which like the name suggests writes the list into a fifo that can then be continuously read with e. g. ''cat ~/.irssi/nicklistfifo''.<br />
<br />
nicklist will use the more efficient ''fifo'' with:<br />
<br />
/NICKLIST FIFO<br />
<br />
This fifo can be used in a [[tmux]] window split vertically with ''irssi'' in its left pane and the ''cat'' from above in a small one in its right. Since the pane is dependent on its creating tmux session's geometry, a subsequent session with a different one needs to recreate it (which also implies a switch in ''irssi'' windows to refill the fifo).<br />
<br />
E.g., the following script first checks for a running ''irssi'', presumed to have been run by a previous execution of itself. Unless found it creates a new tmux session, a window named after and running ''irssi'' and then the pane with ''cat''. If however ''irssi'' was found it merely attaches to the session and recreates the ''cat'' pane.<br />
<br />
#!/bin/bash<br />
<br />
T3=$(pgrep -u $USER -x irssi)<br />
<br />
irssi_nickpane() {<br />
tmux setw main-pane-width $(( $(tput cols) - 21));<br />
tmux splitw -v "cat ~/.irssi/nicklistfifo";<br />
tmux selectl main-vertical;<br />
tmux selectw -t irssi;<br />
tmux selectp -t 0;<br />
}<br />
<br />
irssi_repair() {<br />
tmux selectw -t irssi<br />
(( $(tmux lsp | wc -l) > 1 )) && tmux killp -a -t 0<br />
irssi_nickpane<br />
}<br />
<br />
if [ -z "$T3" ]; then<br />
tmux new-session -d -s main;<br />
tmux new-window -t main -n irssi irssi;<br />
irssi_nickpane ;<br />
fi<br />
tmux attach-session -d -t main;<br />
irssi_repair ;<br />
exit 0<br />
<br />
{{Tip|Instead of doing all this work, [http://anti.teamidiot.de/static/nei/*/Code/Irssi/tmux-nicklist-portable.pl this plugin] does all the work needed for a nice nicklist inside tmux.}}<br />
<br />
=== Virtual hostname (vhost) ===<br />
<br />
A vhost can be used to change your hostname when connected to an IRC-server, commonly viewed when joining/parting or doing a whois. This is most commonly done on a server that has a static IP address. Without a vhost it would commonly look like so when doing a 'whois':<br />
<br />
nick@123.456.78.90.isp.com<br />
<br />
The result of a successful vhost could be like so if you have the domain example.com available:<br />
<br />
nick@example.com<br />
<br />
Keep in mind that not every IRC-server supports the use of vhost. This might be individually set between the servers and not the network, so if you are experiencing issues with one server try another on the same network.<br />
<br />
==== Required preconfigurations ====<br />
<br />
irssi supports using a vhost as long as the required configurations has been set. This includes especially that your host supports [[wikipedia:Reverse_DNS_lookup|Recursive DNS Lookup (rDNS)]] using [[wikipedia:List_of_DNS_record_types|Pointer record (PTR)]]. Additionally you should add an appropriate line to your {{ic|/etc/hosts}} file. <br />
<br />
To see if this is working, test with the 'host' DNS lookup utility included in {{Pkg|bind-tools}} like so (where ''ip'' is a normal IPv4 address):<br />
<br />
host ''ip''<br />
<br />
If this returns something in the lines of this then you know that your rDNS is working.<br />
<br />
''ip''.in-addr.arpa domain name pointer example.com<br />
<br />
==== Enabling the vhost ====<br />
<br />
There are a couple of ways to connect to a server with a given hostname. One is using the 'server' command with a -host argument like so:<br />
/server -host example.com irc.freenode.org<br />
Another way would be to set your hostname (vhost) with the 'set' command which will save your hostname to {{ic|~/.irssi/config}}:<br />
<br />
/set hostname example.com<br />
/save<br />
/server irc.freenode.org<br />
<br />
== See also ==<br />
<br />
* [https://irssi.org/ Official website]<br />
* [https://scripts.irssi.org/ Official Irssi script repository]<br />
* [https://linuxtidbits.wordpress.com/2008/01/09/setting-up-irssi/ Setting up Irssi]<br />
* [https://quadpoint.org/articles/irssi/ Guide to efficiently using Irssi and screen] by Matt Sparks<br />
* [http://jasonwryan.com/blog/2011/11/07/irc-dzen/ IRC notifications with dzen2] by Jason Ryan<br />
* [https://pthree.org/2010/02/02/irssis-channel-network-server-and-connect-what-it-means/ Irssi’s /channel, /network, /server and /connect – What it means] by Aaron Toponce<br />
* [https://web.archive.org/web/20160227121906/http://awesome.naquadah.org/wiki/Irssi_tips awesome Wiki Irssi tips] (Wayback Machine)<br />
* [https://gist.github.com/drye/5520101 irssi systemd unit GitHub gist]</div>Eloydegenhttps://wiki.archlinux.org/index.php?title=NetworkManager&diff=564112NetworkManager2019-01-20T16:04:15Z<p>Eloydegen: added HOWTO for KDE taskbar</p>
<hr />
<div>[[Category:Network managers]]<br />
[[Category:Red Hat]]<br />
[[cs:NetworkManager]]<br />
[[de:Networkmanager]]<br />
[[es:NetworkManager]]<br />
[[fr:NetworkManager]]<br />
[[it:NetworkManager]]<br />
[[ja:NetworkManager]]<br />
[[pt:NetworkManager]]<br />
[[ru:NetworkManager]]<br />
[[zh-hans:NetworkManager]]<br />
{{Related articles start}}<br />
{{Related|Network configuration}}<br />
{{Related|Wireless network configuration}}<br />
{{Related articles end}}<br />
[https://wiki.gnome.org/Projects/NetworkManager/ NetworkManager] is a program for providing detection and configuration for systems to automatically connect to network. NetworkManager's functionality can be useful for both wireless and wired networks. For wireless networks, NetworkManager prefers known wireless networks and has the ability to switch to the most reliable network. NetworkManager-aware applications can switch from online and offline mode. NetworkManager also prefers wired connections over wireless ones, has support for modem connections and certain types of VPN. NetworkManager was originally developed by Red Hat and now is hosted by the [[GNOME]] project.<br />
<br />
{{Warning|By default, Wi-Fi passwords are stored in clear text, see [[#Encrypted Wi-Fi passwords]].}}<br />
<br />
== Installation ==<br />
<br />
NetworkManager can be [[install]]ed with the package {{Pkg|networkmanager}}, which contains a daemon, a command line interface ({{ic|nmcli}}) and a curses‐based interface ({{ic|nmtui}}). It has functionality for basic DHCP support. For full featured DHCP and if you require IPv6 support, {{Pkg|dhclient}} integrates it. After installation, you should [[#Enable NetworkManager|enable the daemon]].<br />
<br />
Additional interfaces:<br />
* {{Pkg|nm-connection-editor}} for a graphical user interface,<br />
* {{Pkg|network-manager-applet}} for a system tray applet ({{ic|nm-applet}}).<br />
<br />
{{Note|You must ensure that no other service that wants to configure the network is running; in fact, multiple networking services will conflict. You can find a list of the currently running services with {{ic|1=systemctl --type=service}} and then [[stop]] them. See [[#Configuration]] to enable the NetworkManager service.}}<br />
<br />
=== Mobile broadband support ===<br />
<br />
[[Install]] {{Pkg|modemmanager}}, {{Pkg|mobile-broadband-provider-info}} and {{Pkg|usb_modeswitch}} packages for mobile broadband connection support. See [[USB 3G Modem#Network Manager]] for details.<br />
<br />
=== PPPoE / DSL support ===<br />
<br />
[[Install]] {{Pkg|rp-pppoe}} package for PPPoE / DSL connection support. To actually add PPPoE connection, use {{ic|1=nm-connection-editor}} and add new DSL/PPPoE connection.<br />
<br />
=== VPN support ===<br />
<br />
NetworkManager VPN support is based on a plug-in system. If you need VPN support via NetworkManager, you have to install one of the following packages:<br />
<br />
* {{Pkg|networkmanager-openconnect}} for [[OpenConnect]]<br />
* {{Pkg|networkmanager-openvpn}} for [[OpenVPN]]<br />
* {{Pkg|networkmanager-pptp}} for [[PPTP Client]]<br />
* {{Pkg|networkmanager-vpnc}} for [[Vpnc]]<br />
* {{Pkg|networkmanager-strongswan}} for [[strongSwan]]<br />
* {{AUR|networkmanager-fortisslvpn-git}}<br />
* {{AUR|networkmanager-iodine-git}}<br />
* {{AUR|networkmanager-libreswan}}<br />
* {{AUR|networkmanager-l2tp}}<br />
* {{AUR|networkmanager-ssh-git}}<br />
* {{AUR|networkmanager-sstp}}<br />
* {{AUR|networkmanager-wireguard-git}} for [[WireGuard]]<br />
<br />
{{Warning|1=VPN support is [https://bugzilla.gnome.org/buglist.cgi?quicksearch=networkmanager%20vpn unstable], check the daemon processes options set via the GUI correctly and double-check with each package release.[https://bugzilla.gnome.org/show_bug.cgi?id=755350]}}<br />
<br />
== Usage ==<br />
<br />
NetworkManager comes with {{man|1|nmcli}} and {{man|1|nmtui}}.<br />
<br />
=== nmcli examples ===<br />
<br />
List nearby wifi networks:<br />
<br />
$ nmcli device wifi list<br />
<br />
Connect to a wifi network:<br />
<br />
$ nmcli device wifi connect ''SSID'' password ''password''<br />
<br />
Connect to a hidden network:<br />
<br />
$ nmcli device wifi connect ''SSID'' password ''password'' hidden yes<br />
<br />
Connect to a wifi on the {{ic|wlan1}} wifi interface:<br />
<br />
$ nmcli device wifi connect ''SSID'' password ''password'' ifname wlan1 ''profile_name''<br />
<br />
Disconnect an interface:<br />
<br />
$ nmcli device disconnect ifname eth0<br />
<br />
Reconnect an interface marked as disconnected:<br />
<br />
$ nmcli connection up uuid ''UUID''<br />
<br />
Get a list of UUIDs:<br />
<br />
$ nmcli connection show<br />
<br />
See a list of network devices and their state:<br />
<br />
$ nmcli device<br />
<br />
Turn off wifi:<br />
<br />
$ nmcli radio wifi off<br />
<br />
== Front-ends ==<br />
<br />
To configure and have easy access to NetworkManager, most users will want to install an applet. This GUI front-end usually resides in the system tray (or notification area) and allows network selection and configuration of NetworkManager. Various desktop environments have their own applet. Otherwise you can use [[#nm-applet]].<br />
<br />
=== GNOME ===<br />
<br />
[[GNOME]] has a built-in tool, accessible from the Network settings.<br />
<br />
=== KDE Plasma ===<br />
<br />
[[Install]] the {{Pkg|plasma-nm}} package. After that, add it to the KDE taskbar with Panel options -> Add widgets -> Network <br />
<br />
=== nm-applet ===<br />
<br />
{{Pkg|network-manager-applet}} is a GTK+ 3 front-end which works under Xorg environments with a systray.<br />
<br />
To store connection secrets install and configure [[GNOME/Keyring]].<br />
<br />
Be aware that after enabling the tick-box option {{ic|Make available to other users}} for a connection, NetworkManager stores the password in plain-text, though the respective file is accessible only to root (or other users via {{ic|nm-applet}}). See [[#Encrypted Wi-Fi passwords]].<br />
<br />
In order to run {{ic|nm-applet}} without a systray, you can use {{Pkg|trayer}} or {{Pkg|stalonetray}}. For example, you can add a script like this one in your path:<br />
<br />
{{hc|nmgui|<nowiki><br />
#!/bin/sh<br />
nm-applet 2>&1 > /dev/null &<br />
stalonetray 2>&1 > /dev/null<br />
killall nm-applet<br />
</nowiki>}}<br />
<br />
When you close the ''stalonetray'' window, it closes {{ic|nm-applet}} too, so no extra memory is used once you are done with network settings.<br />
<br />
The applet can show notifications for events such as connecting to or disconnecting from a WiFi network. For these notifications to display, ensure that you have a notification server installed - see [[Desktop notifications]]. If you use the applet without a notification server, you might see some messages in stdout/stderr, and the app might hang. See [https://bugzilla.gnome.org/show_bug.cgi?id=788313].<br />
<br />
In order to run {{ic|nm-applet}} with such notifications disabled, start the applet with the following command:<br />
$ nm-applet --no-agent<br />
<br />
{{Tip|{{ic|nm-applet}} might be started automatically with a [[XDG Autostart|autostart desktop file]], to add the --no-agent option modify the Exec line there, i.e.<br />
<nowiki>Exec=nm-applet --no-agent</nowiki><br />
}}<br />
<br />
==== Appindicator ====<br />
<br />
Appindicator support is available in ''nm-applet'' however it is not compiled into the official package, see {{Bug|51740}}. To use nm-applet in an Appindicator environment, replace {{Pkg|network-manager-applet}} with {{AUR|network-manager-applet-indicator}} and then start the applet with the following command:<br />
$ nm-applet --indicator<br />
<br />
=== nmcli-dmenu ===<br />
<br />
Alternatively there is {{AUR|networkmanager-dmenu-git}} which is a small script to manage NetworkManager connections with [[dmenu]] instead of {{ic|nm-applet}}. It provides all essential features such as connect to existing NetworkManager wifi or wired connections, connect to new wifi connections, requests passphrase if required, connect to existing VPN connections, enable/disable networking, launch ''nm-connection-editor'' GUI.<br />
<br />
== Configuration ==<br />
<br />
NetworkManager will require some additional steps to be able run properly. Make sure you have configured {{ic|/etc/hosts}} as described in [[Network configuration#Set the hostname]] section.<br />
<br />
=== Enable NetworkManager ===<br />
<br />
NetworkManager is [[systemd#Using units|controlled]] with the {{ic|NetworkManager.service}} [[systemd]] unit. Once the NetworkManager daemon is started, it will automatically connect to any available "system connections" that have already been configured. Any "user connections" or unconfigured connections will need ''nmcli'' or an applet to configure and connect.<br />
<br />
NetworkManager has a global configuration file at {{ic|/etc/NetworkManager/NetworkManager.conf}}. Addition configuration files can be placed in {{ic|/etc/NetworkManager/conf.d/}}. Usually no configuration needs to be done to the global defaults.<br />
<br />
=== Enable NetworkManager Wait Online ===<br />
<br />
If you have services which fail if they are started before the network is up, you may use {{ic|NetworkManager-wait-online.service}} in addition to {{ic|NetworkManager.service}}. This is, however, rarely necessary because most networked daemons start up okay, even if the network has not been configured yet.<br />
<br />
In some cases, the service will still fail to start successfully on boot due to the timeout setting in {{ic|/usr/lib/systemd/system/NetworkManager-wait-online.service}} being too short. Change the default timeout from 30 to a higher value.<br />
<br />
=== Set up PolicyKit permissions ===<br />
<br />
See [[General troubleshooting#Session permissions]] for setting up a working session.<br />
<br />
With a working session, you have several options for granting the necessary privileges to NetworkManager:<br />
<br />
* ''Option 1.'' Run a [[Polkit]] authentication agent when you log in, such as {{ic|/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1}} (part of {{Pkg|polkit-gnome}}). You will be prompted for your password whenever you add or remove a network connection.<br />
* ''Option 2.'' [[Users and groups#Group management|Add]] yourself to the {{ic|wheel}} group. You will not have to enter your password, but your user account may be granted other permissions as well, such as the ability to use [[sudo]] without entering the root password.<br />
* ''Option 3.'' [[Users and groups#Group management|Add]] yourself to the {{ic|network}} group and create the following file:<br />
<br />
{{hc|/etc/polkit-1/rules.d/50-org.freedesktop.NetworkManager.rules|<nowiki><br />
polkit.addRule(function(action, subject) {<br />
if (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 && subject.isInGroup("network")) {<br />
return polkit.Result.YES;<br />
}<br />
});<br />
</nowiki>}}<br />
<br />
: All users in the {{ic|network}} group will be able to add and remove networks without a password. This will not work under [[systemd]] if you do not have an active session with ''systemd-logind''.<br />
<br />
=== Proxy settings ===<br />
<br />
NetworkManager does not directly handle proxy settings, but if you are using [[GNOME]] or [[KDE]], you could use [http://marin.jb.free.fr/proxydriver/ proxydriver] which handles proxy settings using NetworkManager's information. proxydriver is found in the package {{AUR|proxydriver}}.<br />
<br />
In order for ''proxydriver'' to be able to change the proxy settings, you would need to execute this command, as part of the GNOME startup process (see [[GNOME#Autostart]]).<br />
<br />
xhost +si:localuser:''username''<br />
<br />
See also [[Proxy settings]].<br />
<br />
=== Checking connectivity ===<br />
<br />
{{Accuracy|"the desktop manager" might handle captive portals, but this is mostly done through {{aur|capnet-assist}}}}<br />
<br />
NetworkManager can try to reach a page on Internet when connecting to a network. {{Pkg|networkmanager}} is configured by default in {{ic|/usr/lib/NetworkManager/conf.d/20-connectivity.conf}} to check connectivity to archlinux.org. To use a different webserver or disable connectivity checking create {{ic|/etc/NetworkManager/conf.d/20-connectivity.conf}}, see "connectivity section" in {{man|5|NetworkManager.conf}}.<br />
<br />
For those behind a captive portal, the desktop manager can automatically open a window asking for credentials.<br />
<br />
=== DHCP client ===<br />
<br />
By default NetworkManager will use its internal DHCP client, based on systemd-networkd. To use a different DHCP client [[install]] one of the alternatives:<br />
<br />
* {{Pkg|dhclient}} - ISC’s DHCP client.<br />
* {{Pkg|dhcpcd}} - [[dhcpcd]]. <br />
<br />
{{Warning|NetworkManger does not support using dhcpcd for IPv6. See [https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/5 NetworkManager issue #5].}}<br />
<br />
To change the DHCP client backend, set the option {{ic|1=dhcp=''dhcp_client_name''}} in the {{ic|[main]}} section of NetworkManager's configuration file. E.g.:<br />
<br />
{{hc|1=/etc/NetworkManager/conf.d/dhcp-client.conf|2=<br />
[main]<br />
dhcp=dhclient<br />
}}<br />
<br />
=== DNS caching and split DNS ===<br />
<br />
NetworkManager has a plugin to enable DNS caching and split DNS using [[dnsmasq]] or [[systemd-resolved]], or [[Unbound]] (via dnssec-trigger). The advantages of this setup is that DNS lookups will be cached, shortening resolve times, and DNS lookups of VPN hosts will be routed to the relevant VPN's DNS servers. This is especially useful if you are connected to more than one VPN.<br />
<br />
{{Expansion|Add Unbound ({{AUR|dnssec-trigger}}).}}<br />
<br />
==== dnsmasq ====<br />
<br />
Make sure {{Pkg|dnsmasq}} has been installed. Then, create {{ic|/etc/NetworkManager/conf.d/dns.conf}} and add the following to it:<br />
<br />
{{hc|/etc/NetworkManager/conf.d/dns.conf|2=<br />
[main]<br />
dns=dnsmasq<br />
}}<br />
<br />
Now [[restart]] {{ic|NetworkManager.service}}. NetworkManager will automatically start dnsmasq and add {{ic|127.0.0.1}} to {{ic|/etc/resolv.conf}}. The actual DNS servers can be found in {{ic|/run/NetworkManager/resolv.conf}}. You can verify dnsmasq is being used by doing the same DNS lookup twice with {{ic|drill example.com}} and verifying the server and query times.<br />
<br />
{{Note|You do not need to start {{ic|dnsmasq.service}} or edit {{ic|/etc/dnsmasq.conf}}. NetworkManager will start dnsmasq by itself without using the systemd service and without reading the dnsmasq's default configuration file(s).}}<br />
<br />
===== Custom configuration =====<br />
<br />
Custom configurations can be created for ''dnsmasq'' by creating configuration files in {{ic|/etc/NetworkManager/dnsmasq.d/}}. For example, to change the size of the DNS cache (which is stored in RAM):<br />
<br />
{{hc|/etc/NetworkManager/dnsmasq.d/cache.conf|2=<br />
cache-size=1000<br />
}}<br />
<br />
{{Tip|Check the configuration file syntax with {{ic|1=dnsmasq --test --conf-file=/dev/null --conf-dir=/etc/NetworkManager/dnsmasq.d}}.}}<br />
<br />
See {{man|8|dnsmasq}} for all available options.<br />
<br />
===== IPv6 =====<br />
<br />
{{Accuracy|This does not solve the issue because NetworkManager does not add {{ic|::1}} to {{ic|/etc/resolv.conf}}. Unless {{ic|@::1}} is manually passed to drill, it will still fail with {{ic|Error: error sending query: No (valid) nameservers defined in the resolver}}.}}<br />
<br />
Enabling {{ic|dnsmasq}} in NetworkManager may break IPv6-only DNS lookups (i.e. {{ic|drill -6 [hostname]}}) which would otherwise work. In order to resolve this, creating the following file will configure ''dnsmasq'' to also listen to the IPv6 loopback:<br />
<br />
{{hc|/etc/NetworkManager/dnsmasq.d/ipv6_listen.conf|2=<br />
listen-address=::1<br />
}}<br />
<br />
In addition, {{ic|dnsmasq}} also does not prioritize upstream IPv6 DNS. Unfortunately NetworkManager does not do this ([https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/936712 Ubuntu Bug]). A workaround would be to disable IPv4 DNS in the NetworkManager config, assuming one exists<br />
<br />
===== DNSSEC =====<br />
<br />
The dnsmasq instance started by NetworkManager by default will not validate [[DNSSEC]] since it is started with the {{ic|--proxy-dnssec}} option. It will trust whatever DNSSEC information it gets from the upstream DNS server.<br />
<br />
For dnsmasq to properly validate DNSSEC, create the following configuration file:<br />
<br />
{{hc|/etc/NetworkManager/dnsmasq.d/dnssec.conf|2=<br />
conf-file=/usr/share/dnsmasq/trust-anchors.conf<br />
dnssec<br />
}}<br />
<br />
==== systemd-resolved ====<br />
<br />
NetworkManager can use [[systemd-resolved]] as a DNS resolver and cache. Make sure that ''systemd-resolved'' is properly configured and that {{ic|systemd-resolved.service}} is [[started]] before using it.<br />
<br />
systemd-resolved will be used automatically if {{ic|/etc/resolv.conf}} is a [[Systemd-resolved#DNS|symlink]] to {{ic|/run/systemd/resolve/stub-resolv.conf}}, {{ic|/run/systemd/resolve/resolv.conf}} or {{ic|/usr/lib/systemd/resolv.conf}}.<br />
<br />
You can enable it explicitly by setting the {{ic|1=dns=}} option in {{man|5|NetworkManager.conf}}:<br />
<br />
{{hc|/etc/NetworkManager/conf.d/dns.conf|2=<br />
[main]<br />
dns=systemd-resolved<br />
}}<br />
<br />
==== Other methods ====<br />
<br />
{{Tip|If [[openresolv]] has a subscriber for the [[Domain name resolution#Resolvers|local DNS resolver]], set the local server address in {{ic|/etc/resolvconf.conf}} and [[#Use openresolv|configure NetworkManager to use openresolv]].}}<br />
<br />
With an already working caching DNS server, the DNS server address can be specified in NetworkManager's settings (usually by right-clicking the applet). Setup will depend on the type of front-end used; the process usually involves right-clicking on the applet, editing (or creating) a profile, and then choosing DHCP type as ''Automatic (specify addresses)''. The DNS addresses will need to be entered and are usually in this form: {{ic|127.0.0.1, ''DNS-server-one'', ...}}.<br />
<br />
== Network services with NetworkManager dispatcher ==<br />
<br />
There are quite a few network services that you will not want running until NetworkManager brings up an interface. NetworkManager has the ability to start services when you connect to a network and stop them when you disconnect (e.g. when using [[NFS]], [[SMB]] and [[NTPd]]).<br />
<br />
To activate the feature you need to [[enable]] and [[start]] the {{ic|NetworkManager-dispatcher.service}}.<br />
<br />
Once the service is active, scripts can be added to the {{ic|/etc/NetworkManager/dispatcher.d}} directory.<br />
<br />
Scripts must be owned by '''root''', otherwise the dispatcher will not execute them. For added security, set group [[ownership]] to root as well:<br />
<br />
# chown root:root /etc/NetworkManager/dispatcher.d/''10-script.sh''<br />
<br />
Make sure the file has correct permissions:<br />
<br />
# chmod 755 /etc/NetworkManager/dispatcher.d/''10-script.sh''<br />
<br />
The scripts will be run in alphabetical order at connection time, and in reverse alphabetical order at disconnect time. To ensure what order they come up in, it is common to use numerical characters prior to the name of the script (e.g. {{ic|10-portmap}} or {{ic|30-netfs}} (which ensures that the ''portmapper'' is up before NFS mounts are attempted).<br />
<br />
Scripts will receive the following arguments:<br />
* '''Interface name:''' e.g. {{ic|eth0}}<br />
* '''Interface status:''' ''up'' or ''down''<br />
* '''VPN status:''' ''vpn-up'' or ''vpn-down''<br />
<br />
{{Warning|If you connect to foreign or public networks, be aware of what services you are starting and what servers you expect to be available for them to connect to. You could make a security hole by starting the wrong services while connected to a public network.}}<br />
<br />
=== Avoiding the dispatcher timeout ===<br />
<br />
If the above is working, then this section is not relevant. However, there is a general problem related to running dispatcher scripts which take longer to be executed. Initially an internal timeout of three seconds only was used. If the called script did not complete in time, it was killed. Later the timeout was extended to about 20 seconds (see the [https://bugzilla.redhat.com/show_bug.cgi?id=982734 Bugtracker] for more information). If the timeout still creates the problem, a work around may be to modify the dispatcher service file {{ic|/usr/lib/systemd/system/NetworkManager-dispatcher.service}} to remain active after exit: <br />
<br />
{{hc|/etc/systemd/system/NetworkManager-dispatcher.service.d/remain_after_exit.conf|2=<br />
[Service]<br />
RemainAfterExit=yes<br />
}}<br />
<br />
Now start and enable the modified {{ic|NetworkManager-dispatcher}} service.<br />
<br />
{{Warning|Adding the {{ic|RemainAfterExit}} line to it will prevent the dispatcher from closing. Unfortunately, the dispatcher '''has''' to close before it can run your scripts again. With it the dispatcher will not time out but it also will not close, which means that the scripts will only run once per boot. Therefore, do not add the line unless the timeout is definitely causing a problem.}}<br />
<br />
=== Dispatcher examples ===<br />
<br />
==== Mount remote folder with sshfs ====<br />
<br />
As the script is run in a very restrictive environment, you have to export {{ic|SSH_AUTH_SOCK}} in order to connect to your SSH agent. There are different ways to accomplish this, see [https://bbs.archlinux.org/viewtopic.php?pid=1042030#p1042030 this message] for more information. The example below works with [[GNOME Keyring]], and will ask you for the password if not unlocked already. In case NetworkManager connects automatically on login, it is likely ''gnome-keyring'' has not yet started and the export will fail (hence the sleep). The {{ic|UUID}} to match can be found with the command {{ic|nmcli connection status}} or {{ic|nmcli connection list}}. <br />
<br />
{{bc|<nowiki><br />
#!/bin/sh<br />
USER='username'<br />
REMOTE='user@host:/remote/path'<br />
LOCAL='/local/path'<br />
<br />
interface=$1 status=$2<br />
if [ "$CONNECTION_UUID" = "</nowiki>''uuid''<nowiki>" ]; then<br />
case $status in<br />
up)<br />
SSH_AUTH_SOCK=$(find /tmp -maxdepth 1 -type s -user "$USER" -name 'ssh')<br />
export SSH_AUTH_SOCK<br />
su "$USER" -c "sshfs $REMOTE $LOCAL"<br />
;;<br />
down)<br />
fusermount -u "$LOCAL"<br />
;;<br />
esac<br />
fi<br />
</nowiki>}}<br />
<br />
==== Mounting of SMB shares ====<br />
<br />
Some [[SMB]] shares are only available on certain networks or locations (e.g. at home). You can use the dispatcher to only mount SMB shares that are present at your current location.<br />
<br />
The following script will check if we connected to a specific network and mount shares accordingly:<br />
{{hc|/etc/NetworkManager/dispatcher.d/30-mount-smb.sh|<nowiki><br />
#!/bin/sh<br />
<br />
# Find the connection UUID with "nmcli connection show" in terminal.<br />
# All NetworkManager connection types are supported: wireless, VPN, wired...<br />
if [ "$2" = "up" ]; then<br />
if [ "$CONNECTION_UUID" = "uuid" ]; then<br />
mount /your/mount/point & <br />
# add more shares as needed<br />
fi<br />
fi<br />
</nowiki>}}<br />
<br />
The following script will unmount all shares before a disconnect from a specific network:<br />
<br />
{{hc|/etc/NetworkManager/dispatcher.d/pre-down.d/30-mount-smb.sh|<nowiki><br />
#!/bin/sh<br />
umount -a -l -t cifs<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* Make sure this script is located in the {{ic|pre-down.d}} sub-directory as shown above, otherwise it will unmount all shares on any connection state change.<br />
* Since NetworkManager 0.9.8, the ''pre-down'' and ''down'' events are not executed on shutdown or restart, see [https://bugzilla.gnome.org/show_bug.cgi?id&#61;701242 this bug report] for more info.}}<br />
<br />
An alternative is to use the script as seen in [[NFS#Using a NetworkManager dispatcher]]:<br />
<br />
{{hc|/etc/NetworkManager/dispatcher.d/30-smb.sh|<nowiki><br />
#!/bin/bash<br />
<br />
# Find the connection UUID with "nmcli con show" in terminal.<br />
# All NetworkManager connection types are supported: wireless, VPN, wired...<br />
WANTED_CON_UUID="CHANGE-ME-NOW-9c7eff15-010a-4b1c-a786-9b4efa218ba9"<br />
<br />
if [[ "$CONNECTION_UUID" == "$WANTED_CON_UUID" ]]; then<br />
<br />
# Script parameter $1: NetworkManager connection name, not used<br />
# Script parameter $2: dispatched event<br />
<br />
case "$2" in<br />
"up")<br />
mount -a -t cifs<br />
;;<br />
"pre-down");&<br />
"vpn-pre-down")<br />
umount -l -a -t cifs >/dev/null<br />
;;<br />
esac<br />
fi<br />
</nowiki>}}<br />
<br />
{{Note|This script ignores mounts with the {{ic|noauto}} option, remove this mount option or use {{ic|auto}} to allow the dispatcher to manage these mounts.}}<br />
<br />
Create a symlink inside {{ic|/etc/NetworkManager/dispatcher.d/pre-down}} to catch the {{ic|pre-down}} events:<br />
<br />
# ln -s /etc/NetworkManager/dispatcher.d/30-smb.sh /etc/NetworkManager/dispatcher.d/pre-down.d/30-smb.sh<br />
<br />
==== Mounting of NFS shares ====<br />
<br />
See [[NFS#Using a NetworkManager dispatcher]].<br />
<br />
==== Use dispatcher to automatically toggle wireless depending on LAN cable being plugged in ====<br />
<br />
The idea is to only turn Wi-Fi on when the LAN cable is unplugged (for example when detaching from a laptop dock), and for Wi-Fi to be automatically disabled, once a LAN cable is plugged in again. <br />
<br />
Create the following dispatcher script ([https://superuser.com/questions/233448/disable-wlan-if-wired-cable-network-is-available Source]), replacing {{ic|1=LAN_interface}} with yours.<br />
{{hc|/etc/NetworkManager/dispatcher.d/wlan_auto_toggle.sh|<nowiki><br />
#!/bin/sh<br />
<br />
if [ "$1" = "LAN_interface" ]; then<br />
case "$2" in<br />
up)<br />
nmcli radio wifi off<br />
;;<br />
down)<br />
nmcli radio wifi on<br />
;;<br />
esac<br />
fi<br />
</nowiki>}}<br />
{{Note|You can get a list of interfaces using [[#nmcli examples|nmcli]]. The ethernet (LAN) interfaces start with {{ic|en}}, e.g. {{ic|1=enp0s5}}}}<br />
<br />
==== Use dispatcher to connect to a VPN after a network connection is established ====<br />
<br />
In this example we want to connect automatically to a previously defined VPN connection after connecting to a specific Wi-Fi network. First thing to do is to create the dispatcher script that defines what to do after we are connected to the network.<br />
<br />
{{Note|This script will require {{Pkg|wireless_tools}} in order to use {{ic|iwgetid}}.}}<br />
<br />
{{hc|/etc/NetworkManager/dispatcher.d/vpn-up|<nowiki><br />
#!/bin/sh<br />
VPN_NAME="name of VPN connection defined in NetworkManager"<br />
ESSID="Wi-Fi network ESSID (not connection name)"<br />
<br />
interface=$1 status=$2<br />
case $status in<br />
up|vpn-down)<br />
if iwgetid | grep -qs ":\"$ESSID\""; then<br />
nmcli connection up id "$VPN_NAME"<br />
fi<br />
;;<br />
down)<br />
if iwgetid | grep -qs ":\"$ESSID\""; then<br />
if nmcli connection show --active | grep "$VPN_NAME"; then<br />
nmcli connection down id "$VPN_NAME"<br />
fi<br />
fi<br />
;;<br />
esac<br />
</nowiki>}}<br />
<br />
If you would like to attempt to automatically connect to VPN for all Wi-Fi networks, you can use the following definition of the ESSID: {{ic|1=ESSID=$(iwgetid -r)}}. Remember to set the script's permissions [[#Network services with NetworkManager dispatcher|accordingly]]. <br />
<br />
Trying to connect with the above script may still fail with {{ic|NetworkManager-dispatcher.service}} complaining about 'no valid VPN secrets', because of [https://developer.gnome.org/NetworkManager/0.9/secrets-flags.html the way VPN secrets are stored]. Fortunately, there are different options to give the above script access to your VPN password.<br />
<br />
1: One of them requires editing the VPN connection configuration file to make NetworkManager store the secrets by itself rather than inside a keyring [https://bugzilla.redhat.com/show_bug.cgi?id=710552 that will be inaccessible for root]: open up {{ic|/etc/NetworkManager/system-connections/''name of your VPN connection''}} and change the {{ic|password-flags}} and {{ic|secret-flags}} from {{ic|1}} to {{ic|0}}.<br />
<br />
If that alone does not work, you may have to create a {{ic|passwd-file}} in a safe location with the same permissions and ownership as the dispatcher script, containing the following:<br />
{{hc|/path/to/passwd-file|<nowiki><br />
vpn.secrets.password:YOUR_PASSWORD<br />
</nowiki>}}<br />
<br />
The script must be changed accordingly, so that it gets the password from the file:<br />
<br />
{{hc|/etc/NetworkManager/dispatcher.d/vpn-up|<nowiki><br />
#!/bin/sh<br />
VPN_NAME="name of VPN connection defined in NetworkManager"<br />
ESSID="Wi-Fi network ESSID (not connection name)"<br />
<br />
interface=$1 status=$2<br />
case $status in<br />
up|vpn-down)<br />
if iwgetid | grep -qs ":\"$ESSID\""; then<br />
nmcli connection up id "$VPN_NAME" passwd-file /path/to/passwd-file<br />
fi<br />
;;<br />
down)<br />
if iwgetid | grep -qs ":\"$ESSID\""; then<br />
if nmcli connection show --active | grep "$VPN_NAME"; then<br />
nmcli connection down id "$VPN_NAME"<br />
fi<br />
fi<br />
;;<br />
esac<br />
</nowiki>}}<br />
<br />
2: Alternatively, change the {{ic|password-flags}} and put the password directly in the configuration file adding the section {{ic|vpn-secrets}}:<br />
<br />
[vpn]<br />
....<br />
password-flags=0<br />
<br />
[vpn-secrets]<br />
password=''your_password''<br />
<br />
{{Note|It may now be necessary to re-open the NetworkManager connection editor and save the VPN passwords/secrets again.}}<br />
<br />
==== OpenNTPD ====<br />
<br />
See [[OpenNTPD#Using NetworkManager dispatcher]].<br />
<br />
== Testing ==<br />
<br />
NetworkManager applets are designed to load upon login so no further configuration should be necessary for most users. If you have already disabled your previous network settings and disconnected from your network, you can now test if NetworkManager will work. The first step is to [[start]] {{ic|NetworkManager.service}}.<br />
<br />
Some applets will provide you with a {{ic|.desktop}} file so that the NetworkManager applet can be loaded through the application menu. If it does not, you are going to either have to discover the command to use or logout and login again to start the applet. Once the applet is started, it will likely begin polling network connections with for auto-configuration with a DHCP server.<br />
<br />
To start the GNOME applet in non-xdg-compliant window managers like [[awesome]]:<br />
<br />
nm-applet --sm-disable &<br />
<br />
For static IP addresses, you will have to configure NetworkManager to understand them. The process usually involves right-clicking the applet and selecting something like 'Edit Connections'.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Encrypted Wi-Fi passwords ===<br />
<br />
By default, NetworkManager stores passwords in clear text in the connection files at {{ic|/etc/NetworkManager/system-connections/}}. To print the stored passwords, use the following command:<br />
<br />
# grep -H '^psk=' /etc/NetworkManager/system-connections/*<br />
<br />
The passwords are accessible to the root user in the filesystem and to users with access to settings via the GUI (e.g. {{ic|nm-applet}}). <br />
<br />
It is preferable to save the passwords in encrypted form in a keyring instead of clear text. The downside of using a keyring is that the connections have to be set up for each user.<br />
<br />
====Using GNOME Keyring====<br />
<br />
The keyring daemon has to be started and the keyring needs to be unlocked for the following to work.<br />
<br />
Furthermore, NetworkManager needs to be configured not to store the password for all users. Using GNOME {{ic|nm-applet}}, run {{ic|nm-connection-editor}} from a terminal, select a network connection, click {{ic|Edit}}, select the {{ic|Wifi-Security}} tab and click on the right icon of password and check {{ic|Store the password only for this user}}.<br />
<br />
====Using KDE Wallet====<br />
<br />
Using KDE's {{Pkg|plasma-nm}}, click the applet, click on the top right {{ic|Settings}} icon, click on a network connection, in the {{ic|General settings}} tab, untick {{ic|all users may connect to this network}}. If the option is ticked, the passwords will still be stored in clear text, even if a keyring daemon is running.<br />
<br />
If the option was selected previously and you un-tick it, you may have to use the {{ic|reset}} option first to make the password disappear from the file. Alternatively, delete the connection first and set it up again.<br />
<br />
=== Sharing internet connection over Wi-Fi ===<br />
<br />
You can share your internet connection (e.g. 3G or wired) with a few clicks. You will need a supported Wi-Fi card (Cards based on Atheros AR9xx or at least AR5xx are probably best choice). Please note that a [[firewall]] may interfere with internet sharing.<br />
<br />
* [[Install]] the {{Pkg|dnsmasq}} package to be able to actually share the connection.<br />
<br />
Create the shared connection:<br />
<br />
* Click on applet and choose ''Create new wireless network''.<br />
* Follow wizard (if using WEP, be sure to use 5 or 13 character long password, different lengths will fail).<br />
** Choose either [[Fedora:Features/RealHotspot|Hotspot]] or Ad-hoc as Wi-Fi mode.<br />
<br />
The connection will be saved and remain stored for the next time you need it.<br />
<br />
{{Note|Android does not support connecting to Ad-hoc networks. To share a connection with Android use infrastructure mode (i.e. set Wi-Fi mode to "Hotspot").}}<br />
<br />
=== Sharing internet connection over Ethernet ===<br />
<br />
Scenario: your device has internet connection over wi-fi and you want to share the internet connection to other devices over ethernet.<br />
<br />
Requirements:<br />
* [[Install]] the {{Pkg|dnsmasq}} package to be able to actually share the connection.<br />
* Your internet connected device and the other devices are connected over a suitable ethernet cable (this usually means a cross over cable or a switch in between).<br />
* Internet sharing is not blocked by a [[firewall]].<br />
<br />
Steps:<br />
* Run {{ic|nm-connection-editor}} from terminal.<br />
* Add a new ethernet connection.<br />
* Give it some sensible name. For example "Shared Internet"<br />
* Go to "IPv4 Settings".<br />
* For "Method:" select "Shared to other computers".<br />
* Save<br />
<br />
Now you should have a new option "Shared Internet" under the Wired connections in NetworkManager.<br />
<br />
=== Checking if networking is up inside a cron job or script ===<br />
<br />
{{out of date|''nm-tool'' was remove from NetworkManager for long time now<br />
[https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commit/bb8c75bd536d4f8fb80a4366025a279078f0ec81]. ''nmcli'' should be used instead.}}<br />
<br />
Some ''cron'' jobs require networking to be up to succeed. You may wish to avoid running these jobs when the network is down. To accomplish this, add an '''if''' test for networking that queries NetworkManager's ''nm-tool'' and checks the state of networking. The test shown here succeeds if any interface is up, and fails if they are all down. This is convenient for laptops that might be hardwired, might be on wireless, or might be off the network.<br />
<br />
{{bc|<nowiki><br />
if [ $(nm-tool|grep State|cut -f2 -d' ') == "connected" ]; then<br />
#Whatever you want to do if the network is online<br />
else<br />
#Whatever you want to do if the network is offline - note, this and the else above are optional<br />
fi<br />
</nowiki>}}<br />
<br />
This useful for a {{ic|cron.hourly}} script that runs ''fpupdate'' for the F-Prot virus scanner signature update, as an example. Another way it might be useful, with a little modification, is to differentiate between networks using various parts of the output from ''nm-tool''; for example, since the active wireless network is denoted with an asterisk, you could grep for the network name and then grep for a literal asterisk.<br />
<br />
=== Connect to network with secret on boot ===<br />
<br />
By default, NetworkManager will not connect to networks requiring a secret automatically on boot. This is because it locks such connections to the user who makes it by default, only connecting after they have logged in. To change this, do the following:<br />
<br />
# Right click on the {{ic|nm-applet}} icon in your panel and select Edit Connections and open the Wireless tab<br />
# Select the connection you want to work with and click the Edit button<br />
# Check the boxes “Connect Automatically” and “Available to all users”<br />
Log out and log back in to complete.<br />
<br />
=== Automatically unlock keyring after login ===<br />
<br />
{{Remove|Out of scope of this article.}}<br />
<br />
NetworkManager requires access to the login keyring to connect to networks requiring a secret. Under most circumstances, this keyring is unlocked automatically at login, but if it is not, and NetworkManager is not connecting on login, you can try the following.<br />
<br />
==== GNOME ====<br />
<br />
{{Merge|GNOME/Keyring|Out of scope of the NetworkManager article.}}<br />
<br />
{{Out of date|The following method is dated and known not to work on at least one machine.}}<br />
<br />
* In {{ic|/etc/pam.d/gdm}} (or your corresponding daemon in {{ic|/etc/pam.d}}), add these lines at the end of the "auth" and "session" blocks if they do not exist already: <br />
auth optional pam_gnome_keyring.so<br />
session optional pam_gnome_keyring.so auto_start<br />
<br />
* In {{ic|/etc/pam.d/passwd}}, use this line for the 'password' block:<br />
password optional pam_gnome_keyring.so<br />
<br />
:Next time you log in, you should be asked if you want the password to be unlocked automatically on login.<br />
<br />
==== SLiM login manager ====<br />
<br />
{{Remove|A note in [[SLiM#Gnome Keyring]] says that staring with slim 1.3.5-1 no configuration is required.}}<br />
<br />
See [[SLiM#Gnome Keyring]].<br />
<br />
=== OpenConnect with password in KWallet ===<br />
<br />
While you may type both values at connection time, {{Pkg|plasma-nm}} 0.9.3.2-1 and above are capable of retrieving OpenConnect username and password directly from [[KWallet]].<br />
<br />
Open "KDE Wallet Manager" and look up your OpenConnect VPN connection under "Network Management|Maps". Click "Show values" and <br />
enter your credentials in key "VpnSecrets" in this form (replace ''username'' and ''password'' accordingly):<br />
<br />
form:main:username%SEP%''username''%SEP%form:main:password%SEP%''password''<br />
<br />
Next time you connect, username and password should appear in the "VPN secrets" dialog box.<br />
<br />
=== Ignore specific devices ===<br />
<br />
Sometimes it may be desired that NetworkManager ignores specific devices and does not try to configure addresses and routes for them. You can quickly and easily ignore devices by MAC or interface-name by using the following in {{ic|/etc/NetworkManager/conf.d/unmanaged.conf}}:<br />
<br />
[keyfile]<br />
unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth0<br />
<br />
After you have put this in, [[restart]] {{ic|NetworkManager.service}}, and you should be able to configure interfaces without NetworkManager altering what you have set.<br />
<br />
=== Configuring MAC address randomization ===<br />
<br />
{{Note|1=Disabling MAC address randomization may be needed to get (stable) link connection [https://bbs.archlinux.org/viewtopic.php?id=220101] and/or networks that restrict devices based on their MAC Address or have a limit network capacity.}}<br />
<br />
MAC randomization can be used for increased privacy by not disclosing your real MAC address to the network.<br />
<br />
NetworkManager supports two types MAC Address Randomization: randomization during scanning, and for network connections. Both modes can be configured by modifying {{ic|/etc/NetworkManager/NetworkManager.conf}} or by creating a separate configuration file in {{ic|/etc/NetworkManager/conf.d/}} which is recommended since the aforementioned config file may be overwritten by NetworkManager.<br />
<br />
Randomization during Wi-Fi scanning is enabled by default, but it may be disabled by adding the following lines to {{ic|/etc/NetworkManager/NetworkManager.conf}} or a dedicated configuration file under {{ic|/etc/NetworkManager/conf.d}}:<br />
<br />
{{hc|/etc/NetworkManager/conf.d/wifi_rand_mac.conf|2=<br />
[device]<br />
wifi.scan-rand-mac-address=no<br />
}}<br />
<br />
MAC randomization for network connections can be set to different modes for both wireless and ethernet interfaces. See the [https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/ GNOME blog post] for more details on the different modes. <br />
<br />
In terms of MAC randomization the most important modes are {{ic|stable}} and {{ic|random}}. {{ic|stable}} generates a random MAC address when you connect to a new network and associates the two permanently. This means that you will use the same MAC address every time you connect to that network. In contrast, {{ic|random}} will generate a new MAC address every time you connect to a network, new or previously known. You can configure the MAC randomization by adding the desired configuration under {{ic|/etc/NetworkManager/conf.d}}.<br />
<br />
[device-mac-randomization]<br />
# "yes" is already the default for scanning<br />
wifi.scan-rand-mac-address=yes<br />
<br />
[connection-mac-randomization]<br />
# Randomize MAC for every ethernet connection<br />
ethernet.cloned-mac-address=random<br />
# Generate a random MAC for each WiFi and associate the two permanently.<br />
wifi.cloned-mac-address=stable<br />
<br />
See the following [https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/ GNOME blog post] for more details.<br />
<br />
=== Enable IPv6 Privacy Extensions ===<br />
<br />
See [[IPv6#NetworkManager]].<br />
<br />
=== Working with wired connections ===<br />
<br />
By default, NetworkManager generates a connection profile for each wired ethernet connection it finds. At the point when generating the connection, it does not know whether there will be more ethernet adapters available. Hence, it calls the first wired connection "Wired connection 1". You can avoid generating this connection, by configuring {{ic|no-auto-default}} (see {{man|5|NetworkManager.conf}}), or by simply deleting it. Then NetworkManager will remember not to generate a connection for this interface again.<br />
<br />
You can also edit the connection (and persist it to disk) or delete it. NetworkManager will not re-generate a new connection. Then you can change the name to whatever you want. You can use something like nm-connection-editor for this task.<br />
<br />
=== resolv.conf ===<br />
<br />
''NetworkManager'' overwrites [[resolv.conf]] by default.<br />
<br />
This can be stopped by setting {{ic|1=dns=none}} in a configuration file:<br />
<br />
{{hc|/etc/NetworkManager/conf.d/dns.conf|2=<br />
[main]<br />
dns=none<br />
}}<br />
<br />
After that {{ic|/etc/resolv.conf}} might be a broken symlink that you will need to remove. Then, just create a new {{ic|/etc/resolv.conf}} file.<br />
<br />
''NetworkManager'' also offers hooks via so called dispatcher scripts that can be used to alter the {{ic|/etc/resolv.conf}} after network changes. See [[#Network services with NetworkManager dispatcher]] and {{man|8|NetworkManager}} for more information.<br />
<br />
==== Use openresolv ====<br />
<br />
To configure NetworkManager to use [[openresolv]], set the {{ic|rc-manager}} option to {{ic|resolvconf}} with a configuration file in {{ic|/etc/NetworkManager/conf.d/}}:<br />
<br />
{{hc|/etc/NetworkManager/conf.d/rc-manager.conf|2=<br />
[main]<br />
rc-manager=resolvconf<br />
}}<br />
<br />
Others options are available in {{man|5|NetworkManager.conf}}.<br />
<br />
=== Using iwd as the Wi-Fi backend ===<br />
<br />
To enable the experimental [[iwd]] backend create the following configuration file:<br />
<br />
{{hc|/etc/NetworkManager/conf.d/wifi_backend.conf|2=<br />
[device]<br />
wifi.backend=iwd<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== No prompt for password of secured Wi-Fi networks ===<br />
<br />
When trying to connect to a secured Wi-Fi network, no prompt for a password is shown and no connection is established. This happens when no keyring package is installed. An easy solution is to install {{Pkg|gnome-keyring}}. If you want the passwords to be stored in encrypted form, follow [[GNOME Keyring]] to set up the ''gnome-keyring-daemon''.<br />
<br />
=== No traffic via PPTP tunnel ===<br />
<br />
PPTP connection logins successfully; you see a ppp0 interface with the correct VPN IP address, but you cannot even ping the remote IP address. It is due to lack of MPPE (Microsoft Point-to-Point Encryption) support in stock Arch pppd. It is recommended to first try with the stock Arch {{Pkg|ppp}} as it may work as intended.<br />
<br />
To solve the problem it should be sufficient to install the {{AUR|ppp-mppe}}{{Broken package link|{{aur-mirror|ppp-mppe}}}} package.<br />
<br />
See also [[WPA2 Enterprise#MS-CHAPv2]].<br />
<br />
=== Network management disabled ===<br />
<br />
When NetworkManager shuts down but the pid (state) file is not removed, you will see a {{ic|Network management disabled}} message. If this happens, remove the file manually:<br />
<br />
# rm /var/lib/NetworkManager/NetworkManager.state<br />
<br />
=== Problems with internal DHCP client ===<br />
<br />
If you have problems with getting an IP address using the internal DHCP client, consider using another DHCP client, see [[#DHCP client]] for instructions. This workaround might solve problems in big wireless networks like eduroam.<br />
<br />
=== DHCP problems with dhclient ===<br />
<br />
If you have problems with getting an IP address via DHCP, try to add the following to your {{ic|/etc/dhclient.conf}}:<br />
<br />
interface "eth0" {<br />
send dhcp-client-identifier 01:''aa:bb:cc:dd:ee:ff'';<br />
}<br />
<br />
Where {{ic|''aa:bb:cc:dd:ee:ff''}} is the MAC address of this NIC. The MAC address can be found using the {{ic|ip link show ''interface''}} command from the {{Pkg|iproute2}} package.<br />
<br />
=== 3G modem not detected ===<br />
<br />
See [[USB 3G Modem#Network Manager]].<br />
<br />
=== Switching off WLAN on laptops ===<br />
<br />
Sometimes NetworkManager will not work when you disable your Wi-Fi adapter with a switch on your laptop and try to enable it again afterwards. This is often a problem with ''rfkill''. To check if the driver notifies ''rfkill'' about the wireless adapter's status, use:<br />
<br />
$ watch -n1 rfkill list all<br />
<br />
If one identifier stays blocked after you switch on the adapter you could try to manually unblock it with (where X is the number of the identifier provided by the above output):<br />
<br />
# rfkill event unblock X<br />
<br />
=== Static IP address settings revert to DHCP ===<br />
<br />
Due to an unresolved bug, when changing default connections to a static IP address, {{ic|nm-applet}} may not properly store the configuration change, and will revert to automatic DHCP.<br />
<br />
To work around this issue you have to edit the default connection (e.g. "Auto eth0") in {{ic|nm-applet}}, change the connection name (e.g. "my eth0"), uncheck the "Available to all users" checkbox, change your static IP address settings as desired, and click '''Apply'''. This will save a new connection with the given name.<br />
<br />
Next, you will want to make the default connection not connect automatically. To do so, run {{ic|nm-connection-editor}} ('''not''' as root). In the connection editor, edit the default connection (e.g. "Auto eth0") and uncheck "Connect automatically". Click '''Apply''' and close the connection editor.<br />
<br />
=== Cannot edit connections as normal user ===<br />
<br />
See [[#Set up PolicyKit permissions]].<br />
<br />
=== Forget hidden wireless network ===<br />
<br />
Since hidden networks are not displayed in the selection list of the Wireless view, they cannot be forgotten (removed) with the GUI. You can delete one with the following command:<br />
<br />
# rm /etc/NetworkManager/system-connections/''SSID''<br />
<br />
This works for any other connection.<br />
<br />
=== VPN not working in GNOME ===<br />
<br />
When setting up OpenConnect or vpnc connections in NetworkManager while using GNOME, you will sometimes never see the dialog box pop up and the following error appears in {{ic|/var/log/errors.log}}:<br />
<br />
localhost NetworkManager[399]: <error> [1361719690.10506] [nm-vpn-connection.c:1405] get_secrets_cb(): Failed to request VPN secrets #3: (6) No agents were available for this request.<br />
<br />
This is caused by the GNOME NM Applet expecting dialog scripts to be at {{ic|/usr/lib/gnome-shell}}, when NetworkManager's packages put them in {{ic|/usr/lib/networkmanager}}.<br />
As a "temporary" fix (this bug has been around for a while now), make the following symlink(s):<br />
<br />
* For OpenConnect: {{ic|ln -s /usr/lib/networkmanager/nm-openconnect-auth-dialog /usr/lib/gnome-shell/}}<br />
* For VPNC (i.e. Cisco VPN): {{ic|ln -s /usr/lib/networkmanager/nm-vpnc-auth-dialog /usr/lib/gnome-shell/}}<br />
<br />
This may need to be done for any other NM VPN plugins as well, but these are the two most common.<br />
<br />
=== Unable to connect to visible European wireless networks ===<br />
<br />
WLAN chips are shipped with a default [[Wireless network configuration#Respecting the regulatory domain|regulatory domain]]. If your access point does not operate within these limitations, you will not be able to connect to the network. Fixing this is easy:<br />
<br />
# [[Install]] {{Pkg|crda}}<br />
# Uncomment the correct Country Code in {{ic|/etc/conf.d/wireless-regdom}}<br />
# Reboot the system, because the setting is only read on boot<br />
<br />
=== Automatic connect to VPN on boot is not working ===<br />
<br />
The problem occurs when the system (i.e. NetworkManager running as the root user) tries to establish a VPN connection, but the password is not accessible because it is stored in the GNOME keyring of a particular user. <br />
<br />
A solution is to keep the password to your VPN in plaintext, as described in step (2.) of [[#Use dispatcher to connect to a VPN after a network connection is established]]. <br />
<br />
You do not need to use the dispatcher described in step (1.) to auto-connect anymore, if you use the new "auto-connect VPN" option from the {{ic|nm-applet}} GUI.<br />
<br />
=== Systemd Bottleneck ===<br />
<br />
Over time the log files ({{ic|/var/log/journal}}) can become very large. This can have a big impact on boot performance when using NetworkManager, see: [[Systemd#Boot time increasing over time]].<br />
<br />
=== Regular network disconnects, latency and lost packets (WiFi) ===<br />
<br />
NetworkManager does a scan every 2 minutes.<br />
<br />
Some WiFi drivers have issues when scanning for base stations whilst connected/associated. Symptoms include VPN disconnects/reconnects and lost packets, web pages failing to load and then refresh fine.<br />
<br />
Running {{ic|journalctl -f}} will indicate that this is taking place, messages like the following will be contained in the logs at regular intervals.<br />
<br />
NetworkManager[410]: <info> (wlp3s0): roamed from BSSID 00:14:48:11:20:CF (my-wifi-name) to (none) ((none))<br />
<br />
There is a patched version of NetworkManager which should prevent this type of scanning: {{AUR|networkmanager-noscan}}.<br />
<br />
Alternatively, if roaming is not important, the periodic scanning behavior can be disabled by locking the BSSID of the access point in the WiFi connection profile.<br />
<br />
=== Unable to turn on wi-fi with Lenovo laptop (IdeaPad, Legion, etc.) ===<br />
<br />
There is an issue with the {{ic|ideapad_laptop}} module on some Lenovo models due to the wi-fi driver incorrectly reporting a soft block. The card can still be manipulated with {{ic|netctl}}, but managers like NetworkManager break. You can verify that this is the problem by checking the output of {{ic|rfkill list}} after toggling your hardware switch and seeing that the soft block persists.<br />
<br />
{{Accuracy|Try to use {{ic|rfkill.default_state}} and {{ic|rfkill.master_switch_mode}} (see [https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/kernel-parameters.txt kernel-parameters.txt]) to fix the rfkill problem.}}<br />
<br />
[[modprobe|Unloading]] the {{ic|ideapad_laptop}} module should fix this. ('''warning''': this may disable the laptop keyboard and touchpad also!).<br />
<br />
=== Turn off hostname sending ===<br />
<br />
NetworkManager by default sends the hostname to the DHCP server. Hostname sending can only be disabled per connection not globally ([https://bugzilla.gnome.org/show_bug.cgi?id=768076 GNOME Bug 768076]).<br />
<br />
To disable sending your hostname to the DHCP server for a specific connection, add the following to your network connection file:<br />
<br />
{{hc|/etc/NetworkManager/system-connections/''your_connection_file''|2=<br />
...<br />
[ipv4]<br />
dhcp-send-hostname=false<br />
...<br />
[ipv6]<br />
dhcp-send-hostname=false<br />
...<br />
}}<br />
<br />
=== nm-applet disappears in i3wm ===<br />
<br />
If you use the {{ic|xfce4-notifyd.service}} for notifications you must [[edit]] the unit and add the following:<br />
<br />
{{hc|/etc/systemd/user/xfce4-notifyd.service.d/display_env.conf|2=<br />
[Service]<br />
Environment="DISPLAY=:0.0"<br />
}}<br />
<br />
After reloading the daemons [[restart]] {{ic|xfce4-notifyd.service}}. Exit i3 and start it back up again and the applet should show on the tray.<br />
<br />
=== nm-applet tray icons display wrongly ===<br />
Currently the tray icons of nm-applet are drawn on top of one another, i.e. the icon displaying wireless strength might show on top of the icon indicating no wired connection.<br />
This is apparently a GTK3 bug/problem: https://gitlab.gnome.org/GNOME/gtk/issues/1280 .<br />
<br />
A patched version of GTK3 exists in AUR, which apparently fixes the tray icon bug: {{AUR|gtk3-mushrooms}} .<br />
<br />
=== Disable NetworkManager when using dbus ===<br />
<br />
{{Accuracy|Missing sources and when should this be used?}}<br />
<br />
It might not be obvious, but the service automatically starts through ''dbus''. To completely disable it you can [[mask]] {{ic|NetworkManager.service}} and {{ic|NetworkManager-dispatcher.service}}.<br />
<br />
== See also ==<br />
<br />
* [https://blogs.gnome.org/dcbw/2015/02/16/networkmanager-for-administrators-part-1/ NetworkManager for Administrators Part 1]<br />
* [[Wikipedia:NetworkManager]]</div>Eloydegen