2.3. Using NetworkManager with the GNOME Graphical User Interface

In Red Hat Enterprise Linux 7, NetworkManager does not have its own graphical user interface (GUI). The network connection icon on the top right of the desktop is provided as part of the GNOME Shell and the Network settings configuration tool is provided as part of the new GNOME control-center GUI. The nm-connection-editor GUI applies the functionality which is not provided the GNOME control-center such as configuring bonds and teaming connections.

2.3.1. Connecting to a Network Using a GUI

There are two ways to access the Network settings window of the control-center application:
  • Press the Super key to enter the Activities Overview, type control network, and then press Enter. The Network settings tool appears. Proceed to Section 2.3.2, “Configuring New and Editing Existing Connections”.
  • Click on the GNOME Shell network connection icon in the top right-hand corner of the screen to open its menu.
    The Network utility being selected in GNOME

    Figure 2.5. The Network utility being selected in GNOME

When you click on the GNOME Shell network connection icon, you are presented with:
  • a list of categorized networks you are currently connected to (such as Wired and Wi-Fi);
  • a list of all Available Networks that NetworkManager has detected;
  • options for connecting to any configured Virtual Private Networks (VPNs); and,
  • an option for selecting the Network Settings menu entry.
If you are connected to a network, this is indicated by a black bullet on the left of the connection name.
Click Network Settings. The Network settings tool appears. Proceed to Section 2.3.2, “Configuring New and Editing Existing Connections”.

2.3.2. Configuring New and Editing Existing Connections

The Network settings window shows the connection status, its type and interface, its IP address and routing details, and so on.
Configure Networks Using the Network Settings Window

Figure 2.6. Configure Networks Using the Network Settings Window

The Network settings window has a menu on the left-hand side showing the available network devices or interfaces. This includes software interfaces such as for VLANs, bridges, bonds, and teams. On the right-hand side, the connection profiles are shown for the selected network device or interface. A profile is a named collection of settings that can be applied to an interface. Below that is a plus and a minus button for adding and deleting new network connections, and on the right a gear wheel icon will appear for editing the connection details of the selected network device or VPN connection. To add a new connection, click the plus symbol to open the Add Network Connection window and proceed to Section 2.3.2.1, “Configuring a New Connection”.

Editing an Existing Connection

Clicking on the gear wheel icon of an existing connection profile in the Network settings window opens the Network details window, from where you can perform most network configuration tasks such as IP addressing, DNS, and routing configuration.
Configure Networks Using the Network Connection Details Window

Figure 2.7. Configure Networks Using the Network Connection Details Window

To apply changes after a connection modification, you can click the button from ON to OFF to deactivate and set it to ON again to reactivate the device. See Section 2.3.2, “Configuring New and Editing Existing Connections” for more details.

2.3.2.1. Configuring a New Connection

In the Network settings window, click the plus sign below the menu to open the Add Network Connection window. This displays a list of connection types that can be added.
Then, to configure:

2.3.3. Connecting to a Network Automatically

For any connection type you add or configure, you can choose whether you want NetworkManager to try to connect to that network automatically when it is available.

Procedure 2.1. Configuring NetworkManager to Connect to a Network Automatically When Detected

  1. Press the Super key to enter the Activities Overview, type control network and then press Enter. The Network settings tool appears.
  2. Select the network interface from the left-hand-side menu.
  3. Click on the gear wheel icon of a connection profile on the right-hand side menu. If you have only one profile associated with the selected interface the gear wheel icon will be in the lower right-hand-side corner. The Network details window appears.
  4. Select the Identity menu entry on the left. The Network window changes to the identity view.
  5. Select Connect automatically to cause NetworkManager to auto-connect to the connection whenever NetworkManager detects that it is available. Clear the check box if you do not want NetworkManager to connect automatically. If the check box is clear, you will have to select that connection manually in the network connection icon's menu to cause it to connect.

2.3.4. Common Configuration Options in nm-connection-editor

If you are using the nm-connection-editor utility, there are five configuration options which are common to the most connection types (ethernet, wifi, mobile broadband, DSL):
  1. Run the nm-connection-editor. Then, click the Add button to choose a connection type:
    Add a connection type

    Figure 2.8. Add a connection type

    Choose a connection type

    Figure 2.9.  Choose a connection type

    Alternatively for an existing connection type, click the Edit button from the Network Connections dialog.
  2. Select the General tab in the Editing dialog:
    Configuration options in nm-connection-editor

    Figure 2.10. Configuration options in nm-connection-editor

  • Connection name — Enter a descriptive name for your network connection. This name will be used to list this connection in the menu of the Network window.
  • Automatically connect to this network when it is available — Select this box if you want NetworkManager to auto-connect to this connection when it is available. See Section 2.3.3, “Connecting to a Network Automatically” for more information.
  • All users may connect to this network — Select this box to create a connection available to all users on the system. Changing this setting may require root privileges. See Section 2.3.5, “System-wide and Private Connection Profiles” for details.
  • Automatically connect to VPN when using this connection — Select this box if you want NetworkManager to auto-connect to a VPN connection when it is available. Select the VPN from the drop-down menu.
  • Firewall Zone — Select the firewall zone from the drop-down menu. See the Red Hat Enterprise Linux 7 Security Guide for more information on firewall zones.

Note

For the VPN connection type, only three of the above configuration options are available: Connection name, All users may connect to this network and Firewall Zone.

2.3.5. System-wide and Private Connection Profiles

NetworkManager stores all connection profiles. A profile is a named collection of settings that can be applied to an interface. NetworkManager stores these connection profiles for system-wide use (system connections), as well as all user connection profiles. Access to the connection profiles is controlled by permissions which are stored by NetworkManager. See the nm-settings(5) man page for more information on the connection settings permissions property. The permissions correspond to the USERS directive in the ifcfg files. If the USERS directive is not present, the network profile will be available to all users. As an example, the following command in an ifcfg file will make the connection available only to the users listed:
USERS="joe bob alice"
This can also be set using graphical user interface tools. In nm-connection-editor, there is the corresponding All users may connect to this network check box on the General tab, and in the GNOME control-center Network settings Identity window, there is the Make available to other users check box.
NetworkManager's default policy is to allow all users to create and modify system-wide connections. Profiles that should be available at boot time cannot be private because they will not be visible until the user logs in. For example, if user user creates a connection profile user-em2 with the Connect Automatically check box selected but with the Make available to other users not selected, then the connection will not be available at boot time.
To restrict connections and networking, there are two options which can be used alone or in combination:
  • Clear the Make available to other users check box, which changes the connection to be modifiable and usable only by the user doing the changing.
  • Use the polkit framework to restrict permissions of general network operations on a per-user basis.
The combination of these two options provides fine-grained security and control over networking. See the polkit(8) man page for more information on polkit.
Note that VPN connections are always created as private-per-user, since they are assumed to be more private than a Wi-Fi or Ethernet connection.

Procedure 2.2. Changing a Connection to Be User-specific Instead of System-Wide, or Vice Versa

Depending on the system's policy, you may need root privileges on the system in order to change whether a connection is user-specific or system-wide.
  1. Press the Super key to enter the Activities Overview, type control network and then press Enter. The Network settings tool appears.
  2. Select the network interface from the left-hand-side menu.
  3. Click on the gear wheel icon of a connection profile on the right-hand side menu. If you have only one profile associated with the selected interface the gear wheel icon will be in the lower right-hand-side corner. The Network details window appears.
  4. Select the Identity menu entry on the left. The Network window changes to the identity view.
  5. Select the Make available to other users check box to cause NetworkManager to make the connection available system-wide.
    Conversely, clear the Make available to other users check box to make the connection user-specific.

2.3.6. Configuring a Wired (Ethernet) Connection

To configure a wired network connection, press the Super key to enter the Activities Overview, type control network and then press Enter. The Network settings tool appears.
Select the Wired network interface from the left-hand-side menu if it is not already highlighted.
The system creates and configures a single wired connection profile called Wired by default. A profile is a named collection of settings that can be applied to an interface. More than one profile can be created for an interface and applied as needed. The default profile cannot be deleted but its settings can be changed. You can edit the default Wired profile by clicking the gear wheel icon. You can create a new wired connection profile by clicking the Add Profile button. Connection profiles associated with a selected interface are shown on the right-hand side menu.
When you add a new connection by clicking the Add Profile button, NetworkManager creates a new configuration file for that connection and then opens the same dialog that is used for editing an existing connection. The difference between these dialogs is that an existing connection profile has a Details and Reset menu entry. In effect, you are always editing a connection profile; the difference only lies in whether that connection previously existed or was just created by NetworkManager when you clicked Add Profile.

Basic Configuration Options

You can see the following configuration settings in the Wired dialog, by selecting the Identity menu entry on the left:
Basic Configuration options of a Wired Connection

Figure 2.11.  Basic Configuration options of a Wired Connection

  • Name — Enter a descriptive name for your network connection. This name will be used to list this connection in the menu of the Network window.
  • MAC Address — Select the MAC address of the interface this profile must be applied to.
  • Cloned Address — If required, enter a different MAC address to use.
  • MTU — If required, enter a specific maximum transmission unit (MTU) to use. The MTU value represents the size in bytes of the largest packet that the link layer will transmit. This value defaults to 1500 and does not generally need to be specified or changed.
  • Firewall Zone — If required, select a different firewall zone to apply. See the Red Hat Enterprise Linux 7 Security Guide for more information on firewall zones.
  • Connect automatically — Select this box if you want NetworkManager to auto-connect to this connection when it is available. See Section 2.3.3, “Connecting to a Network Automatically” for more information.
  • Make available to other users — Select this box to create a connection available to all users on the system. Changing this setting may require root privileges. See Section 2.3.5, “System-wide and Private Connection Profiles” for details.

Saving Your New (or Modified) Connection and Making Further Configurations

Once you have finished editing your wired connection, click the Apply button to save your customized configuration. If the profile was in use while being edited, restart the connection to make NetworkManager apply the changes. If the profile is OFF, set it to ON or select it in the network connection icon's menu. See Section 2.3.1, “Connecting to a Network Using a GUI” for information on using your new or altered connection.
You can further configure an existing connection by selecting it in the Network window and clicking the gear wheel icon to return to the editing dialog.
Then, to configure:

2.3.7. Configuring a Wi-Fi Connection

This section explains how to use NetworkManager to configure a Wi-Fi (also known as wireless or 802.11a/b/g/n) connection to an Access Point.
To configure a mobile broadband (such as 3G) connection, see Section 2.5, “Establishing a Mobile Broadband Connection”.

Quickly Connecting to an Available Access Point

The easiest way to connect to an available access point is to click on the network connection icon to activate the network connection icon's menu, locate the Service Set Identifier (SSID) of the access point in the list of Wi-Fi networks, and click on it. A padlock symbol indicates the access point requires authentication. If the access point is secured, a dialog prompts you for an authentication key or password.
NetworkManager tries to auto-detect the type of security used by the access point. If there are multiple possibilities, NetworkManager guesses the security type and presents it in the Wi-Fi security drop-down menu. For WPA-PSK security (WPA with a passphrase) no choice is necessary. For WPA Enterprise (802.1X) you have to specifically select the security, because that cannot be auto-detected. If you are unsure, try connecting to each type in turn. Finally, enter the key or passphrase in the Password field. Certain password types, such as a 40-bit WEP or 128-bit WPA key, are invalid unless they are of a requisite length. The Connect button will remain inactive until you enter a key of the length required for the selected security type. To learn more about wireless security, see Section 2.7.3, “Configuring Wi-Fi Security”.
If NetworkManager connects to the access point successfully, the network connection icon will change into a graphical indicator of the wireless connection's signal strength.
You can also edit the settings for one of these auto-created access point connections just as if you had added it yourself. The Wi-Fi page of the Network window has a History button. Clicking it reveals a list of all the connections you have ever tried to connect to. See the section called “Editing a Connection or Creating a New One”

Connecting to a Hidden Wi-Fi Network

All access points have a Service Set Identifier (SSID) to identify them. However, an access point may be configured not to broadcast its SSID, in which case it is hidden, and will not show up in NetworkManager's list of Available networks. You can still connect to a wireless access point that is hiding its SSID as long as you know its SSID, authentication method, and secrets.
To connect to a hidden wireless network, press the Super key to enter the Activities Overview, type control network and then press Enter. The Network window appears. Select Wi-Fi from the menu and then select Connect to Hidden Network to cause a dialog to appear. If you have connected to the hidden network before, use the Connection drop-down to select it, and click Connect. If you have not, leave the Connection drop-down as New, enter the SSID of the hidden network, select its Wi-Fi security method, enter the correct authentication secrets, and click Connect.
For more information on wireless security settings, see Section 2.7.3, “Configuring Wi-Fi Security”.

Editing a Connection or Creating a New One

You can edit an existing connection that you have tried or succeeded in connecting to in the past by opening the Wi-Fi page of the Network dialog and selecting the gear wheel icon to the right of the Wi-Fi connection name. If the network is not currently in range, click History to display past connections. When you click the gear wheel icon the editing connection dialog appears. The Details window shows the connection details.
To configure a new connection whose SSID is in range, first attempt to connect to it by opening the Network window, selecting the Wi-Fi menu entry, and clicking the connection name (by default, the same as the SSID). If the SSID is not in range, see the section called “Connecting to a Hidden Wi-Fi Network” for more information. If the SSID is in range, the procedure is as follows:
  1. Press the Super key to enter the Activities Overview, type control network and then press Enter. The Network settings tool appears.
  2. Select the Wi-Fi interface from the left-hand-side menu entry.
  3. Click the Wi-Fi connection profile on the right-hand side menu you want to connect to. A padlock symbol indicates a key or password is required.
  4. If requested, enter the authentication details.

Basic Configuration Options for a Wi-Fi Connection

To edit a Wi-Fi connection's settings, select Wi-Fi in the Network page and then select the gear wheel icon to the right of the Wi-Fi connection name. Select Identity. The following settings are available:
Basic Configuration Options for a Wi-Fi Connection

Figure 2.12. Basic Configuration Options for a Wi-Fi Connection

SSID
The Service Set Identifier (SSID) of the access point (AP).
BSSID
The Basic Service Set Identifier (BSSID) is the MAC address, also known as a hardware address, of the specific wireless access point you are connecting to when in Infrastructure mode. This field is blank by default, and you are able to connect to a wireless access point by SSID without having to specify its BSSID. If the BSSID is specified, it will force the system to associate to a specific access point only.
For ad-hoc networks, the BSSID is generated randomly by the mac80211 subsystem when the ad-hoc network is created. It is not displayed by NetworkManager
MAC address
Select the MAC address, also known as a hardware address, of the Wi-Fi interface to use.
A single system could have one or more wireless network adapters connected to it. The MAC address field therefore allows you to associate a specific wireless adapter with a specific connection (or connections).
Cloned Address
A cloned MAC address to use in place of the real hardware address. Leave blank unless required.
The following settings are common to the most connection types:

Saving Your New (or Modified) Connection and Making Further Configurations

Once you have finished editing the wireless connection, click the Apply button to save your configuration. Given a correct configuration, you can connect to your modified connection by selecting it from the network connection icon's menu. See Section 2.3.1, “Connecting to a Network Using a GUI” for details on selecting and connecting to a network.
You can further configure an existing connection by selecting it in the Network window and clicking the gear wheel icon to reveal the connection details.
Then, to configure: