Re: WPA/WPA2 Enterprise details

[Jan Grulich]

On Monday 14 of September 2015 12:51:01 Jirka Klimes wrote:
> On Mon, 14 Sep 2015 10:36:59 +0200
> 
> Jan Grulich  wrote:
> > Hi,
> > 
> > I'm trying to improve our WPA/WPA2 Enterprise support in KDE and I
> > have few questions regarding 802-11x security setting.
> > 
> > 1) When phase2-foo properties should be used instead of just foo
> > properties (e.g phase2-private-key/private-key) ? In implementation
> > of gnome-applet I see they are used when phase2 property is set to
> > true, but it's always set to false as I can see.
> 
> phase2-foo properties are used for EAP methods that have 2 phases. In
> the first phase a tunnel is established, and then, in phase 2, the
> authentication is done inside the tunnel using the inner method that
> uses the phase2 properties.
> NM uses that for PEAP, TTLS and FAST EAP methods for which you can
> specify inner methods.
> 
> I am not aware of gnome-shell applet implementation. You can look at
> nm-applet/nm-connection-editor code here:
> https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-securi
> ty/eap-method.c
> https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-secur
> ity/eap-method-peap.c

I actually meant nm-applet and not gnome-applet.

I see only phase2_auth property used in PEAP, FAST PEAP and TTLS, but in TLS 
there 
are other phase2-foo properties used only when parent->phase2 is true. I just 
don't 
understand why this property is always set to false in 
https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/wireless-security.c[1]
by passing false as third parameter to eap_method_tls_new (line 428).

Is there any place where this property gets changed?

> > 2) Are subjectMatch/altSubjectMatch properties still valid and used?
> > I don't see this implemented in gnome-applet, but we had this
> > implemented in the old KDE networkmanagement applet. I'm asking
> > because we got a bug report about missing implementation of these
> > properties for the new applet and I would like to be sure how this
> > should be implemented.
> 
> https://developer.gnome.org/NetworkManager/1.0/ref-settings.html
> 
> Yes, the properties are valid and used for matching the certificates.
> They are passed to wpa_supplicant that performs the certificates
> matching.
> http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/supplican
> t-manager/nm-supplicant-config.c#n971
> 
> It seems that nm-connection-editor/nn-applet did not handle the
> properties. But they can be set via nmcli.
> 
> Jirka
> 

Regards,
Jan



[1] 
https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/wireless-security.c
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: vpn and stuff

[Thomas Haller]

You bring up so many different points, that it's hard to keep track of
them. It would be better to discuss them individually or open Bugs for
it.


> I managed to also integrate it with the plasma applet thing for KDE
> 4, 
> which is really nice in user interface terms for the largest part
> (after 
> you realise the non-button-like tool icon is not decoration but a
> vital 
> part of its configuration).

> Which is not a NM issue but KDE, it is one of the least intuïtive
> ways 
> to present a button and pretend to hope that the user will understand
> to 
> click on it. The argument against the argument against was probably 
> "well, he just has to hover over it, doesn't he"?. Anyway.

KDE/plasma-nm design decision. Please open a bug.



> I happened to create a kind of forward shell script that added the 
> option --cipher none to NM's openvpn invocation. This may be the
> cause 
> of my current problems, in that NM constantly loses track of an
> existing 
> openvpn connection/process.

From your wrapper script, do you invoke the openvpn binary with "exec",
contrary to "call"? That seems important.




> Symptoms I've seen were:
> 
> * OpenVPN takes longer to connect due to an issue. When finally it 
> connects (as it keeps running in the background) this happens:
> 
> /usr/lib/nm-openvpn-service-openvpn-helper --tun -- tun0 1500 1528 
> 10.8.0.6 10.8.0.5 init
> 
> Could not send configuration information: The name 
> org.freedesktop.NetworkManager.openvpn was not provided by any
> .service 
> files".

your installation seems broken.








> So basically what I see is that if OpenVPN disconnects, it notifies
> NM, 
> but once it reconnects, NM doesn't know and the process becomes like
> a 
> ghost process.
> 
> And I have to manually shut it down each and every time.
> 
> At least if I run my VPN manually I have NO ISSUES except for the one
> issue that NM will not allow me to remove the default route for its 
> managed connection.
> 
> So whatever way you frame it, NM is really my only issue ;-). OpenVPN
> itself works without a hitch.
> 
> 
> ==
> 
> Then you have the problem that NM doesn't know about OpenVPN's
> "cipher 
> none" mode. You cannot get it (I cannot get it) to pass that
> parameter 
> to OpenVPN.

It's a UI bug only (https://git.gnome.org/browse/network-manager-openvp
n/commit/?id=be63c404a146704e3e4840f050d5bdd63bc94826)
You can still use the none cipher by configuring it either with nmcli
or by editing the connection file under /etc/NetworkManager/system
-connections/.


> 
> ==
> 
> The only benefit for NM for me at this point is its gui. Without the 
> lock icon in the system tray, it is hard for me to know whether I am 
> running VPN or not. And because of its interface it's easier to start
> and stop it. Using the console to do that is not fun.
> 
> ==
> 
> Sometimes my tunnel fails and since it is a simple SSH tunnel using 
> /root/.ssh/config but with a custom startup script, I have to check
> on 
> its status using the console. That is tiresome by itself, but OpenVPN
> is 
> capable of just picking up where it left; it's just that NM mostly is
> not.
> 
> ==
> 
> I have a custom dispather.d script that sets another route on vpn-up.
> I 
> need this for my tunnel host (which is also the VPN host). I think I
> can 
> also do this using VPN options (extra routes) but my problem at this 
> point is this:
> 
> Is there a way to obtain the equivalent of OpenVPN variable 
> "net_gateway"? _ net_gateway _ is a variable that indicates the OLD 
> gateway address before VPN is activated. I know there is IP4_ROUTE_N
> and 
> IP4_NUM_ROUTES. But at best this is a list of all routes. Do I have
> to 
> manually search it for the route to 0.0.0.0? Same for VPN_, I don't
> know 
> if it contains the new route or the old routes. Maybe both even.

IP4_GATEWAY environment variable. See `man NetworkManager`
Or `nmcli -t -f IP4.GATEWAY connection show uuid $CONNECTION_UUID`


> In OpenVPN the program gives me the required route target so I don't 
> have to fix it in any script. With NM I have to write a custom script
> or 
> add a route to the config that seems to have to be fixed.
> 
> ==
> 
> When NM has a connection as managed, manual interference with IP
> address 
> and such becomes impossible. I consider this a big problem. The
> problem 
> does not arise with adding new IP addresses to any device.

What is your basis to claim "impossible". It is possible. What issues
did you encounter?






> ==
> 
> When manually using OpenVPN from/above/on top of a connection that is
> managed, I cannot remove the default route of the managed connection,
> whereas that is mostly 'necessary' for the main type of VPN use.
> 
> NM should honour user decisions more instead of forcing correctness
> from 
> its own model, which is (or very 

Re: vpn and stuff

[Thomas Haller]

On Sat, 2015-09-12 at 19:56 +0200, Xen wrote:

> ==
> 
> Requesting OpenVPN listens at port 1194 for the management console
> might 
> not be the most rad choice as a user may want to use that port for 
> tunneling to a remote OpenVPN server. So you get a conflict between
> the 
> tunnel listening socket and OpenVPN opening a port there to receive 
> commands. It seems wrong to use the same port number for both. Right
> now 
> I'm having to put my tunnel at 1193 (for example) just so OpenVPN 
> (nonconfigurable? --) runs at 1194. This is a parameter choice of NM:
> 
> --management 127.0.0.1 1194


1194 is the default port where Openvpn listens for VPN traffic. It has
nothing to do with the --management port.
While openvpn allows --management to use tcp, nm-openvpn uses a unix
domain socket:

  --mangement /run/NetworkManager/nm-openvpn-UUID unix

Especially, it does not use 1194 port.



Thomas


signature.asc
Description: This is a digitally signed message part
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: WPA/WPA2 Enterprise details

[Jirka Klimes]

On Mon, 14 Sep 2015 10:36:59 +0200
Jan Grulich  wrote:

> Hi,
> 
> I'm trying to improve our WPA/WPA2 Enterprise support in KDE and I
> have few questions regarding 802-11x security setting.
> 
> 1) When phase2-foo properties should be used instead of just foo
> properties (e.g phase2-private-key/private-key) ? In implementation
> of gnome-applet I see they are used when phase2 property is set to
> true, but it's always set to false as I can see.
> 
phase2-foo properties are used for EAP methods that have 2 phases. In
the first phase a tunnel is established, and then, in phase 2, the
authentication is done inside the tunnel using the inner method that
uses the phase2 properties.
NM uses that for PEAP, TTLS and FAST EAP methods for which you can
specify inner methods.

I am not aware of gnome-shell applet implementation. You can look at 
nm-applet/nm-connection-editor code here:
https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/eap-method.c
https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/eap-method-peap.c

> 2) Are subjectMatch/altSubjectMatch properties still valid and used?
> I don't see this implemented in gnome-applet, but we had this
> implemented in the old KDE networkmanagement applet. I'm asking
> because we got a bug report about missing implementation of these
> properties for the new applet and I would like to be sure how this
> should be implemented. 
> 

https://developer.gnome.org/NetworkManager/1.0/ref-settings.html

Yes, the properties are valid and used for matching the certificates.
They are passed to wpa_supplicant that performs the certificates
matching.
http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/supplicant-manager/nm-supplicant-config.c#n971

It seems that nm-connection-editor/nn-applet did not handle the
properties. But they can be set via nmcli.

Jirka

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: WPA/WPA2 Enterprise details

[Jirka Klimes]

On Mon, 14 Sep 2015 13:23:14 +0200
Jan Grulich  wrote:

> On Monday 14 of September 2015 12:51:01 Jirka Klimes wrote:
> > On Mon, 14 Sep 2015 10:36:59 +0200
> > 
> > Jan Grulich  wrote:
> > > Hi,
> > > 
> > > I'm trying to improve our WPA/WPA2 Enterprise support in KDE and I
> > > have few questions regarding 802-11x security setting.
> > > 
> > > 1) When phase2-foo properties should be used instead of just foo
> > > properties (e.g phase2-private-key/private-key) ? In
> > > implementation of gnome-applet I see they are used when phase2
> > > property is set to true, but it's always set to false as I can
> > > see.
> > 
> > phase2-foo properties are used for EAP methods that have 2 phases.
> > In the first phase a tunnel is established, and then, in phase 2,
> > the authentication is done inside the tunnel using the inner method
> > that uses the phase2 properties.
> > NM uses that for PEAP, TTLS and FAST EAP methods for which you can
> > specify inner methods.
> > 
> > I am not aware of gnome-shell applet implementation. You can look at
> > nm-applet/nm-connection-editor code here:
> > https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-securi
> > ty/eap-method.c
> > https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-secur
> > ity/eap-method-peap.c
> 
> I actually meant nm-applet and not gnome-applet.
> 
> I see only phase2_auth property used in PEAP, FAST PEAP and TTLS, but
> in TLS there are other phase2-foo properties used only when
> parent->phase2 is true. I just don't understand why this property is
> always set to false in
> https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/wireless-security.c[1]
> by passing false as third parameter to eap_method_tls_new (line 428).
> 
> Is there any place where this property gets changed?
> 
As I said, phase 2 is only used for some of the methods, that have
an inner authentication. Those are PEAP, TTLS and FAST.
TLS if used by itself does not have phase 2, so the phase2 properties
are not used.
I think that the phase2 parameter in the eap_method_tls_new() is there
just for the case EAP-TLS is used as an inner authentication method.
However, nm-connection-editor does not support this configuration. And
I am not sure if it is a common setup.

http://www.opus1.com/www/whitepapers/8021xinnerauthmethods.pdf

Jirka

> > > 2) Are subjectMatch/altSubjectMatch properties still valid and
> > > used? I don't see this implemented in gnome-applet, but we had
> > > this implemented in the old KDE networkmanagement applet. I'm
> > > asking because we got a bug report about missing implementation
> > > of these properties for the new applet and I would like to be
> > > sure how this should be implemented.
> > 
> > https://developer.gnome.org/NetworkManager/1.0/ref-settings.html
> > 
> > Yes, the properties are valid and used for matching the
> > certificates. They are passed to wpa_supplicant that performs the
> > certificates matching.
> > http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/supplican
> > t-manager/nm-supplicant-config.c#n971
> > 
> > It seems that nm-connection-editor/nn-applet did not handle the
> > properties. But they can be set via nmcli.
> > 
> > Jirka
> > 
> 
> Regards,
> Jan
> 
> 
> 
> [1]
> https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/wireless-security.c
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: vpn and stuff

[Dan Williams]

On Sat, 2015-09-12 at 19:56 +0200, Xen wrote:
> Seriously I would suggest to get rid of the CamelCase name. It breaks 
> compatibility or congruency with a lot of other things and as a user you 
> are constantly wondering what the name is going to be. NetworkManager? 
> networkmanager? network-manager? It changes from situation to situation. 
> There is no reason for NetworkManager to be capitalized (least of all 
> the binary) because this is no user-friendly system where NM sits inside 
> some sort of pretty application catalogue. Linux packages are always 
> lowercased. Most Linux directories are lowercased (and they should be). 
> You have to follow convention. This only creates problems. This is not 
> Microsoft Windows where each program sits in C:\Programs or C:\Program 
> Files and where filenames are CASE INSENSITIVE. Even the KDE convention 
> to name the "Documents" and "Pictures" folders with upper cases creates 
> issue because of the case sensitivity, which means that "cd documents" 
> won't work. If you want this in Linux, you have to ensure that the 
> actual names are lower case, but that you create a representation in the 
> GUI (!!!) that is capitalized. I know other packages do this as well, 
> notably PackageKit and UPower, but it is bad habit and bad choice and 
> makes it harder for everyone, because most of what you do in Linux is 
> still done using the COMMAND LINE.

I happen to disagree, but everyone is entitled to their opinion.  As it
stands, the official name is "NetworkManager", but distributions apply
their own packaging guidelines and some distributions disallow CamelCase
names, but certainly not all Linux distributions.  So distributions that
choose to allow only lower-case names will then obviously create
confusion between the package name and the project name.

Dan

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: vpn and stuff

[Xen]

Hi, thanks for your responses.

On 09/14/2015 02:10 PM, Thomas Haller wrote:

You bring up so many different points, that it's hard to keep track of
them. It would be better to discuss them individually or open Bugs for
it.


I know, just imagine having to file bug reports for all of them ;-).


KDE/plasma-nm design decision. Please open a bug.


Useless. It even seems to be a theme default. I don't know, it's 
system-wide. And I just don't know how much use it still is to 
contribute to KDE 4 Anyway I just wanted to mention it. I just 
mentioned everything.




 From your wrapper script, do you invoke the openvpn binary with "exec",
contrary to "call"? That seems important.


I tried changing it to exec, but that didn't seem to make a difference.



/usr/lib/nm-openvpn-service-openvpn-helper --tun -- tun0 1500 1528
10.8.0.6 10.8.0.5 init

Could not send configuration information: The name
org.freedesktop.NetworkManager.openvpn was not provided by any
.service
files".


your installation seems broken.


This happened when OpenVPN connected after the link had been lost for a 
while due to the tunnel disappearing, remember. Killing and reopening 
openvpn reinstates (reinstores, restores) it perfectly and then the 
error does not arise. I just don't know enough about NM to appreciate or 
evaluate or to be able to do something meaningful with your statement 
here; I just don't know what it means. All I know is that  the error 
is related to this 'openvpn going ghost' thing.




Then you have the problem that NM doesn't know about OpenVPN's
"cipher
none" mode. You cannot get it (I cannot get it) to pass that
parameter
to OpenVPN.


It's a UI bug only (https://git.gnome.org/browse/network-manager-openvp
n/commit/?id=be63c404a146704e3e4840f050d5bdd63bc94826)
You can still use the none cipher by configuring it either with nmcli
or by editing the connection file under /etc/NetworkManager/system
-connections/.


Is it an older version problem? I had already tried what you suggest, in 
that I edited /etc/NetworkManager/system-connections/MyVPNThing by 
adding "cipher=none" to the [vpn] section. See, I wasn't entirely 
unprepared before sending this email.


The point was that by inspecting the resulting command line of the 
OpenVPN process, I could see no --cipher option being added.


/usr/sbin/openvpn --remote localhost --comp-lzo --nobind --dev tun 
--proto tcp-client --port 1193 --auth-nocache --syslog nm-openvpn 
--script-security 2 --up /usr/lib/nm-openvpn-service-openvpn-helper 
--tun -- --up-restart --persist-key --persist-tun --management 127.0.0.1 
1194 --management-query-passwords --route-noexec --ifconfig-noexec 
--client --auth-user-pass --ca /etc/openvpn/cert.crt


And indeed my OpenVPN is defunct. This is why I added the wrapper 
script. Now I can turn off cipherless mode but it's a drag on my OpenVPN 
server since it's just a little machine.


My NM version is 0.9.10.0. Wah, you committed that today? :P.




IP4_GATEWAY environment variable. See `man NetworkManager`
Or `nmcli -t -f IP4.GATEWAY connection show uuid $CONNECTION_UUID`


Again, older version. I was looking to upgrading to 1.0 but the library 
thing confused me and I just wanted to compile myself. And I wasn't sure 
how to get it right with plasma-nm.


So I thought I'd just ask first. Replacing distribution-supplied 
packages with files you compile yourself is not always the easiest thing


Currently installing a prepackaged 1.0.6.

It now has --cipher none. My apologies, I was just still on the "stable" 
version supplied by distros. :(.


IP4_GATEWAY is now also there (in the manual, and it works. Integrated).



When NM has a connection as managed, manual interference with IP
address
and such becomes impossible. I consider this a big problem. The
problem
does not arise with adding new IP addresses to any device.


What is your basis to claim "impossible". It is possible. What issues
did you encounter?


Maybe it can be done by /CONFIGURING/ NM to keep its hands off it. But 
that's the same as first making it managed and then unmanaging it. It is 
not possible by default. (How should anyone know about it? It's just 
hidden mystery).



The fallacy is to think or consider that NM is always fully
configured.


You can configure default-routes externally. NM should not interfere if
you set "ipv4.never-default=yes".


But that means NM will NEVER set the default route for that interface. 
Look, with OpenVPN you create like an inner block in which some local 
variables are changed, so to speak. When OpenVPN enters, it wants to 
change the default route for the existing interface (say wlan0) by 
removing that route (in a default config) and then adding a new route 
(default route) to another interface (call it tun0).


Then, when OpenVPN disconnects, this situation is reversed: tun0 0.0.0.0 
is removed, and the original is reinstated.


But without using NM's openvpn shit, NM is just going to be oblivious to 
any of that. It will 

Re: WPA/WPA2 Enterprise details

[Dan Williams]

On Mon, 2015-09-14 at 15:02 +0200, Jirka Klimes wrote:
> On Mon, 14 Sep 2015 13:23:14 +0200
> Jan Grulich  wrote:
> 
> > On Monday 14 of September 2015 12:51:01 Jirka Klimes wrote:
> > > On Mon, 14 Sep 2015 10:36:59 +0200
> > > 
> > > Jan Grulich  wrote:
> > > > Hi,
> > > > 
> > > > I'm trying to improve our WPA/WPA2 Enterprise support in KDE and I
> > > > have few questions regarding 802-11x security setting.
> > > > 
> > > > 1) When phase2-foo properties should be used instead of just foo
> > > > properties (e.g phase2-private-key/private-key) ? In
> > > > implementation of gnome-applet I see they are used when phase2
> > > > property is set to true, but it's always set to false as I can
> > > > see.
> > > 
> > > phase2-foo properties are used for EAP methods that have 2 phases.
> > > In the first phase a tunnel is established, and then, in phase 2,
> > > the authentication is done inside the tunnel using the inner method
> > > that uses the phase2 properties.
> > > NM uses that for PEAP, TTLS and FAST EAP methods for which you can
> > > specify inner methods.
> > > 
> > > I am not aware of gnome-shell applet implementation. You can look at
> > > nm-applet/nm-connection-editor code here:
> > > https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-securi
> > > ty/eap-method.c
> > > https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-secur
> > > ity/eap-method-peap.c
> > 
> > I actually meant nm-applet and not gnome-applet.
> > 
> > I see only phase2_auth property used in PEAP, FAST PEAP and TTLS, but
> > in TLS there are other phase2-foo properties used only when
> > parent->phase2 is true. I just don't understand why this property is
> > always set to false in
> > https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/wireless-security.c[1]
> > by passing false as third parameter to eap_method_tls_new (line 428).
> > 
> > Is there any place where this property gets changed?
> > 
> As I said, phase 2 is only used for some of the methods, that have
> an inner authentication. Those are PEAP, TTLS and FAST.
> TLS if used by itself does not have phase 2, so the phase2 properties
> are not used.
> I think that the phase2 parameter in the eap_method_tls_new() is there
> just for the case EAP-TLS is used as an inner authentication method.
> However, nm-connection-editor does not support this configuration. And
> I am not sure if it is a common setup.

Yeah, I don't think we had an actual case of TTLS+TLS before.  There is
a valid reason for doing this (in plain one-phase EAP-TLS the identity
is transmitted in the clear, using TTLS+TLS fixes that) but most
locations seem to use PEAP or TTLS+(something else) since certificates
are fairly difficult to administer at scale.  Could be added though.

Dan

> http://www.opus1.com/www/whitepapers/8021xinnerauthmethods.pdf
> 
> Jirka
> 
> > > > 2) Are subjectMatch/altSubjectMatch properties still valid and
> > > > used? I don't see this implemented in gnome-applet, but we had
> > > > this implemented in the old KDE networkmanagement applet. I'm
> > > > asking because we got a bug report about missing implementation
> > > > of these properties for the new applet and I would like to be
> > > > sure how this should be implemented.
> > > 
> > > https://developer.gnome.org/NetworkManager/1.0/ref-settings.html
> > > 
> > > Yes, the properties are valid and used for matching the
> > > certificates. They are passed to wpa_supplicant that performs the
> > > certificates matching.
> > > http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/supplican
> > > t-manager/nm-supplicant-config.c#n971
> > > 
> > > It seems that nm-connection-editor/nn-applet did not handle the
> > > properties. But they can be set via nmcli.
> > > 
> > > Jirka
> > > 
> > 
> > Regards,
> > Jan
> > 
> > 
> > 
> > [1]
> > https://git.gnome.org/browse/network-manager-applet/tree/src/wireless-security/wireless-security.c
> ___
> networkmanager-list mailing list
> networkmanager-list@gnome.org
> https://mail.gnome.org/mailman/listinfo/networkmanager-list


___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: vpn and stuff

[Xen]

On 09/14/2015 01:35 PM, Thomas Haller wrote:

On Sat, 2015-09-12 at 19:56 +0200, Xen wrote:


==

Seriously I would suggest to get rid of the CamelCase name. It
breaks compatibility or congruency with a lot of other things and
as a user you are constantly wondering what the name is going to
be. NetworkManager? networkmanager? network-manager? It changes
from situation to situation.




well... I don't like it either, but changing it now is painful too.

Thomas



It's probably quite easy. I take it your binary is not depended upon, 
nor your configuration directories, by external tools. I haven't seen 
anything thus far that was different e.g. between my Kubuntu and 
OpenSUSE systems. Except that the dispatcher.d/ in Kubuntu contained a 
script to run /etc/network/ifup.d/ things.


I rather doubt there are any external tools, or at least not a lot of 
them, that would need to change /etc/NetworkManager to /etc/network-manager.


Even if you keep the Binary name intact, you could still change the 
config dir /etc/ ... but I don't see for what purpose, that is to say, 
what reason is there for the process name to be a pretty name? It seems 
to want to be very important, but that is not in a user's interest.


Soon you'll have all sorts of programs vying for attention: no, look at 
mee! I don't see where the pain would be.


Just use a semi-major release like 1.2.

It's shame no one in Gnome and KDE ever thought of a way to get better 
process info for a user in a user friendly way. You can say, could say, 
and might very well say, that it is nicer for a user to see 
NetworkManager and ModemManager in the process list when you hit ctrl-esc.


But Gnome has all these pretty names that are unrelated to the real 
process name. "File Browser" is actually called Nautilus, so any user is 
readily confused and made powerless.


But as a basic service that should not be as important as you are making 
it out to be (or that generally just shouldn't be of any more 
outstanding importance than all the rest of the system's processes or 
services) there is no point for it to be standing out.


So question: why /should/ the binary be user-pretty?

It's supposed to be a transparent, invisible system right. Not vying for 
attention and recognition.


If it considered itself less important, my life would be easier too ;-) !.

On 09/14/2015 04:44 PM, Dan Williams wrote:>

I happen to disagree, but everyone is entitled to their opinion. As
it stands, the official name is "NetworkManager", but distributions
apply their own packaging guidelines and some distributions disallow
CamelCase names, but certainly not all Linux distributions. So
distributions that choose to allow only lower-case names will then
obviously create confusion between the package name and the project
name.

Dan



But I don't see why the Project Name could not be simply different from 
the config-dir-name and the binary-name.


I mean, just because e.g. the name for Kubuntu is capital Kubuntu, 
doesn't mean all packages with Kubuntu in it should also be init cap.


It would pretty much create a visual nightmare. You're just apparently 
trying to stand out, but if everyone (and everything) did that you'd 
just get a race for attention. Where everyone is trying to top all the 
other projects.


The main reason is simply also that because (or because) many systems 
are case sensitive. You get usability nightmares. How to remember which 
package or process name or directory tree is capitalized and which is not?


And typing capitals is tiresome anyway. There is a reason they invented 
caps lock ;-).


openSUSE does allow and invite caps in packages. The current result is 
that when a package list is sorted alphabetically, the ones that start 
with an initial cap, end up in front.


The only reason it works well for "openSUSE" is because it does not 
start with an initial cap.


Also for the package names it is just ugly, but all the same, as soon as 
case sensitivity doesn't matter it is not so much an issue anymore.


In a command line shell you will just never learn or remember to write 
Ne instead of ne..


So you could easily keep packages and even the Binary as NetworkManager

but change the /etc/... to network-manager. No matter how incongruent 
that would be.


Personally?

I would change both binary and config dir to lowercase.
I would keep all end-user representation as NetworkManager (but it is 
nowhere to be seen, being "invisible").


If your thing is invisible, why should it stand out?.

I would keep your internet name and project name as NetworkManager.

I would invite packagers to keep using NetworkManager if they wish to 
(doesn't happen in Debian). I would keep your config script/file as 
NetworkManager.conf.


If I had a say in my system I would never allow it to use capital names

Anyway.









___
networkmanager-list mailing list

How to make NM call dnsmsaq with --bind-dynamic ?

[Jean-Christian de Rivaz]

Hello,

I use NetworkManager on a embedded Debian Jessie system that have 
multiples interfaces, some of them going up dynamically. The system is 
acting as a router between the interfaces and have the relevant iptables 
rules to do NAT masquerading and MSSTCP handling. The only remaining 
point is to have a DNS server on the system accessibly from any 
interface at any time. To do that I have added the 
/etc/NetworkManager/dnsmasq.d/interface file with this content:


interface=*

It do the expected work, but only until the interface list change: At 
this point dnsmasq will not bind new interfaces. According to the 
dnsmasq manual there is a --bind-dynamic to handle this.
Unfortunately NM call dnsmasq with the --bind-interfaces option that is 
incompatible with the --bind-dynamic option. And NM don't restart 
dnsmasq when the interfaces list change.


Is there any solution to this ?

Best Regards,
Jean-Christian de Rivaz

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: WiFi interface disappeared

[Jim]

Dan

Thanks for replying.  As I mentioned the WiFi on the same box runs fine 
from Ubuntu or from Windows.


Here are the lspci and lsusb

Jim$lspci
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor 
Family DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core 
Processor Family Integrated Graphics Controller (rev 09)
00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series 
Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset 
Family USB Enhanced Host Controller #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset 
Family High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 1 (rev b4)
00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 2 (rev b4)
00:1c.2 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 3 (rev b4)
00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 4 (rev b4)
00:1c.7 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 8 (rev b4)
00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset 
Family USB Enhanced Host Controller #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation HM65 Express Chipset Family LPC 
Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset 
Family 6 port SATA AHCI Controller (rev 04)
00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family 
SMBus Controller (rev 04)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. 
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)
03:00.0 System peripheral: Ricoh Co Ltd PCIe SDXC/MMC Host Controller 
(rev 07)
08:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE 
802.11b/g/n WiFi Adapter (rev 01)

Jim$
Jim$lsusb
Bus 002 Device 003: ID 0a5c:217f Broadcom Corp. BCM2045B (BDC-2.1)
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 5986:03b3 Acer, Inc
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Jim$


In addition, here is lsmod
Jim$lsmod
Module  Size  Used by
i915  958755  3
i2c_algo_bit   13250  1 i915
drm_kms_helper 93604  1 i915
crct10dif_pclmul   14307  0
crc32_pclmul   13133  0
crc32c_intel   22094  0
drm   300858  5 i915,drm_kms_helper
ghash_clmulni_intel13230  0
r8169  71639  0
mii13527  1 r8169
video  19825  1 i915
sunrpc279333  1
Jim$



On 09/14/2015 03:17 PM, Dan Williams wrote:

On Mon, 2015-09-14 at 14:10 -0400, JimR wrote:

Fedora Core 21, KDE spin, all patches up to date.

Have run for many months using WiFi almost exclusively. Started using OpenVPN a 
couple of months ago with a commercial VPN provider. (Not sure if that 
matters). That has worked fine.

Got notification from Apper that some packages needed updating, including 
kernel. Performed the update from the Apper UI.  I don't know if Networkmanager 
was in the list.

After reboot, WiFi no longer works, in fact, the whole WiFi interface has 
disappeared from ifconfig and from the NetworkServices UI. I plugged in an 
ethernet cable, and it works fine. Machine is triple-boot, FC21, Win7 and 
Ubuntu LTS 14.04. WiFi works fine in Win and Ubu.

I tried re-adding the interface, wlp8s0 using the Connection Editor. Seemed 
happy, but it still won't start nor  list in ifconfig

If the device isn't listed in ifconfig the the kernel cannot see it, and
thus NetworkManager can't see it.  It seems like there is either a
hardware problem with your wifi device, or the kernel has been updated
and no longer recognizes the wifi device.  What is the output of 'lsusb'
and 'lspci' when those commands are run in a terminal on your machine?

Dan


I found this in the messages log around the time of the failure, but googling 
this does not produce any meaningful help:

Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): device state change: 
activated -> deactivating (reason 'removed') [100 110 36]
Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  NetworkManager state is now 
CONNECTED_LOCAL
Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): device state change: 
deactivating -> unmanaged (reason 'removed') [110 10 36]
Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): deactivating 
device (reason 'removed') [36]

Help!
JimR
___ networkmanager-list mailing 
list networkmanager-list@gnome.org 
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: WiFi interface disappeared

[Dan Williams]

On Mon, 2015-09-14 at 17:32 -0400, Jim wrote:
> Dan
> 
> Thanks for replying.  As I mentioned the WiFi on the same box runs fine 
> from Ubuntu or from Windows.
> 
> Here are the lspci and lsusb
> 
> Jim$lspci
...
> 08:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE 
> 802.11b/g/n WiFi Adapter (rev 01)

So you have a Realtek 8188CE device.

> In addition, here is lsmod
> Jim$lsmod
> Module  Size  Used by
> i915  958755  3
> i2c_algo_bit   13250  1 i915
> drm_kms_helper 93604  1 i915
> crct10dif_pclmul   14307  0
> crc32_pclmul   13133  0
> crc32c_intel   22094  0
> drm   300858  5 i915,drm_kms_helper
> ghash_clmulni_intel13230  0
> r8169  71639  0
> mii13527  1 r8169
> video  19825  1 i915
> sunrpc279333  1

This shows there is no kernel driver loaded for your device.  Yes, r8169
is a realtek driver, but it's for ethernet devices not wifi.  I'd expect
to see an rtl81xx (maybe rtl8192) or similar module.  Next step is:

dmesg | grep rtl

and lets see what we get.

Dan



> 
> On 09/14/2015 03:17 PM, Dan Williams wrote:
> > On Mon, 2015-09-14 at 14:10 -0400, JimR wrote:
> >> Fedora Core 21, KDE spin, all patches up to date.
> >>
> >> Have run for many months using WiFi almost exclusively. Started using 
> >> OpenVPN a couple of months ago with a commercial VPN provider. (Not sure 
> >> if that matters). That has worked fine.
> >>
> >> Got notification from Apper that some packages needed updating, including 
> >> kernel. Performed the update from the Apper UI.  I don't know if 
> >> Networkmanager was in the list.
> >>
> >> After reboot, WiFi no longer works, in fact, the whole WiFi interface has 
> >> disappeared from ifconfig and from the NetworkServices UI. I plugged in an 
> >> ethernet cable, and it works fine. Machine is triple-boot, FC21, Win7 and 
> >> Ubuntu LTS 14.04. WiFi works fine in Win and Ubu.
> >>
> >> I tried re-adding the interface, wlp8s0 using the Connection Editor. 
> >> Seemed happy, but it still won't start nor  list in ifconfig
> > If the device isn't listed in ifconfig the the kernel cannot see it, and
> > thus NetworkManager can't see it.  It seems like there is either a
> > hardware problem with your wifi device, or the kernel has been updated
> > and no longer recognizes the wifi device.  What is the output of 'lsusb'
> > and 'lspci' when those commands are run in a terminal on your machine?
> >
> > Dan
> >
> >> I found this in the messages log around the time of the failure, but 
> >> googling this does not produce any meaningful help:
> >>
> >> Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): device state 
> >> change: activated -> deactivating (reason 'removed') [100 110 36]
> >> Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  NetworkManager state is 
> >> now CONNECTED_LOCAL
> >> Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): device state 
> >> change: deactivating -> unmanaged (reason 'removed') [110 10 36]
> >> Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): deactivating 
> >> device (reason 'removed') [36]
> >>
> >> Help!
> >> JimR
> >> ___ networkmanager-list 
> >> mailing list networkmanager-list@gnome.org 
> >> https://mail.gnome.org/mailman/listinfo/networkmanager-list
> >
> 


___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: WiFi interface disappeared

[Larry Finger]

On 09/14/2015 06:12 PM, Jim wrote:

Dan

On FC21, the dmesg | grep rtl returns nothing.

In contrast, I booted Ubuntu and ran the same commands, which clearly show an
8192 (see below).  Now how do I restore that device?

Thanks,
Jim

(From Ubuntu)
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor Family DRAM
Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core
Processor Family Integrated Graphics Controller (rev 09)
00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series Chipset
Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family
USB Enhanced Host Controller #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High
Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI
Express Root Port 1 (rev b4)
00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI
Express Root Port 2 (rev b4)
00:1c.2 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI
Express Root Port 3 (rev b4)
00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI
Express Root Port 4 (rev b4)
00:1c.7 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI
Express Root Port 8 (rev b4)
00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family
USB Enhanced Host Controller #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation HM65 Express Chipset Family LPC Controller
(rev 04)
00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset Family 6
port SATA AHCI Controller (rev 04)
00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family SMBus
Controller (rev 04)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411
PCI Express Gigabit Ethernet Controller (rev 06)
03:00.0 System peripheral: Ricoh Co Ltd MMC/SD Host Controller (rev 07)
08:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE
802.11b/g/n WiFi Adapter (rev 01)
Bus 002 Device 003: ID 0a5c:217f Broadcom Corp. BCM2045B (BDC-2.1)
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 5986:03b3 Acer, Inc
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Module  Size  Used by
ctr13049  2
ccm17773  2
rfcomm 69160  8
bnep   19624  2
snd_hda_codec_hdmi 46368  1
snd_hda_codec_conexant57486 1
uvcvideo   80885 0
videobuf2_vmalloc  13216  1 uvcvideo
videobuf2_memops   13362  1 videobuf2_vmalloc
videobuf2_core 40664  1 uvcvideo
videodev  134688  2 uvcvideo,videobuf2_core
snd_hda_intel  56531  3
snd_hda_codec 193017  3
snd_hda_codec_hdmi,snd_hda_codec_conexant,snd_hda_intel
snd_hwdep  13602  1 snd_hda_codec
arc4   12608  2
intel_rapl 18773  0
x86_pkg_temp_thermal14205  0
intel_powerclamp   14705  0
coretemp   13435  0
snd_pcm   102099  3 snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel
kvm_intel 143187  0
kvm   455843  1 kvm_intel
snd_page_alloc 18710  2 snd_pcm,snd_hda_intel
crct10dif_pclmul   14289  0
snd_seq_midi   13324  0
crc32_pclmul   13113  0
snd_seq_midi_event 14899  1 snd_seq_midi
ghash_clmulni_intel13216  0
cryptd 20359  1 ghash_clmulni_intel
joydev 17381  0
snd_rawmidi30144  1 snd_seq_midi
btusb  32412  0
serio_raw  13462  0
bluetooth 391136  22 bnep,btusb,rfcomm
snd_seq61560  2 snd_seq_midi_event,snd_seq_midi
thinkpad_acpi  81013  1
nvram  14411  1 thinkpad_acpi
rtl8192ce  53550  0
rtl_pci26690  1 rtl8192ce
rtlwifi63475  2 rtl_pci,rtl8192ce
rtl8192c_common53172  1 rtl8192ce
snd_seq_device 14497  3 snd_seq,snd_rawmidi,snd_seq_midi
mac80211  630728  3 rtl_pci,rtlwifi,rtl8192ce
snd_timer  29482  2 snd_pcm,snd_seq
snd69322  18
snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_hda_codec_conexant,snd_pcm,snd_seq,snd_rawmidi,snd_hda_codec,snd_hda_intel,thinkpad_acpi,snd_seq_device,snd_seq_midi

cfg80211  484040  2 mac80211,rtlwifi
i915  788212  3
mac_hid13205  0
video  19476  1 i915
drm_kms_helper 55071  1 i915
drm   303102  4 i915,drm_kms_helper
mei_me 18627  0
lpc_ich21080  0
mei82276  1 mei_me
i2c_algo_bit   13413  1 i915
shpchp 37032  0
soundcore  12680  1 snd

Re: WiFi interface disappeared

[Jim]

Aha!  Moments before your message arrived, I did uname -a.  It showed 
3.17.4-301.  I was scratching my head trying to figure that out.


Looking at your message, I checked the /boot/config, and it correctly 
shows 4.1.6-100.  I started poring over /var/log/messages, and I see 
that when the problem started, my BOOT_IMAGE changed to 
/boot/vmlinuz-rescue-0...


What I *hadn't mentioned* (because I didn't think it could be relevant) 
was that I had also done an upgrade of all of the Ubuntu packages.  As 
part of that process, Ubuntu took over grub.  Since I still saw Fedora 
on the grub boot menu, I thought all was fine. Little did I know that 
the evil Ubuntu had changed the Fedora entry to it's rescue image!


Now I just have to figure out how to get grub back to where it should 
be, and I think everything will fall back into place!


Thanks for the help guys, this one was a tough nut for me.

JimR

On 09/14/2015 07:34 PM, Larry Finger wrote:

On 09/14/2015 06:12 PM, Jim wrote:

Dan

On FC21, the dmesg | grep rtl returns nothing.

In contrast, I booted Ubuntu and ran the same commands, which clearly 
show an

8192 (see below).  Now how do I restore that device?

Thanks,
Jim

(From Ubuntu)
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor 
Family DRAM

Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core
Processor Family Integrated Graphics Controller (rev 09)
00:16.0 Communication controller: Intel Corporation 6 Series/C200 
Series Chipset

Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series 
Chipset Family

USB Enhanced Host Controller #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset 
Family High

Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI

Express Root Port 1 (rev b4)
00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI

Express Root Port 2 (rev b4)
00:1c.2 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI

Express Root Port 3 (rev b4)
00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI

Express Root Port 4 (rev b4)
00:1c.7 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI

Express Root Port 8 (rev b4)
00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series 
Chipset Family

USB Enhanced Host Controller #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation HM65 Express Chipset Family LPC 
Controller

(rev 04)
00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series 
Chipset Family 6

port SATA AHCI Controller (rev 04)
00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family 
SMBus

Controller (rev 04)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. 
RTL8111/8168/8411

PCI Express Gigabit Ethernet Controller (rev 06)
03:00.0 System peripheral: Ricoh Co Ltd MMC/SD Host Controller (rev 07)
08:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE
802.11b/g/n WiFi Adapter (rev 01)
Bus 002 Device 003: ID 0a5c:217f Broadcom Corp. BCM2045B (BDC-2.1)
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching 
Hub

Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 5986:03b3 Acer, Inc
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching 
Hub

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Module  Size  Used by
ctr13049  2
ccm17773  2
rfcomm 69160  8
bnep   19624  2
snd_hda_codec_hdmi 46368  1
snd_hda_codec_conexant57486 1
uvcvideo   80885 0
videobuf2_vmalloc  13216  1 uvcvideo
videobuf2_memops   13362  1 videobuf2_vmalloc
videobuf2_core 40664  1 uvcvideo
videodev  134688  2 uvcvideo,videobuf2_core
snd_hda_intel  56531  3
snd_hda_codec 193017  3
snd_hda_codec_hdmi,snd_hda_codec_conexant,snd_hda_intel
snd_hwdep  13602  1 snd_hda_codec
arc4   12608  2
intel_rapl 18773  0
x86_pkg_temp_thermal14205  0
intel_powerclamp   14705  0
coretemp   13435  0
snd_pcm   102099  3 
snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel

kvm_intel 143187  0
kvm   455843  1 kvm_intel
snd_page_alloc 18710  2 snd_pcm,snd_hda_intel
crct10dif_pclmul   14289  0
snd_seq_midi   13324  0
crc32_pclmul   13113  0
snd_seq_midi_event 14899  1 snd_seq_midi
ghash_clmulni_intel13216  0
cryptd 20359  1 ghash_clmulni_intel
joydev 17381  0
snd_rawmidi30144  1 snd_seq_midi
btusb  32412  0
serio_raw  13462  0
bluetooth 391136  22 bnep,btusb,rfcomm
snd_seq61560  2 snd_seq_midi_event,snd_seq_midi
thinkpad_acpi  81013  1
nvram  14411  1 

Re: How to make NM call dnsmsaq with --bind-dynamic ?

[Dan Williams]

On Mon, 2015-09-14 at 23:25 +0200, Jean-Christian de Rivaz wrote:
> Hello,
> 
> I use NetworkManager on a embedded Debian Jessie system that have 
> multiples interfaces, some of them going up dynamically. The system is 
> acting as a router between the interfaces and have the relevant iptables 
> rules to do NAT masquerading and MSSTCP handling. The only remaining 
> point is to have a DNS server on the system accessibly from any 
> interface at any time. To do that I have added the 
> /etc/NetworkManager/dnsmasq.d/interface file with this content:
> 
> interface=*
> 
> It do the expected work, but only until the interface list change: At 
> this point dnsmasq will not bind new interfaces. According to the 
> dnsmasq manual there is a --bind-dynamic to handle this.
> Unfortunately NM call dnsmasq with the --bind-interfaces option that is 
> incompatible with the --bind-dynamic option. And NM don't restart 
> dnsmasq when the interfaces list change.

I'll assume you're talking about the local caching nameserver stuff
here, not about the internet connection sharing.  Both use dnsmasq, but
in different ways.

It sounds like you're trying to use NM's dnsmasq functionality in a way
that isn't really intended; it's not supposed to be a DNS server for all
other machines on any interface, it's simply supposed to be a local
caching nameserver for the *local*  machine.  If you want a generic
forwarder for all machines, you would typically configure a separate
dnsmasq service that would read its DNS servers from /etc/resolv.conf
and watch that file for changes.  NM itself wouldn't be set up with
local caching nameserver functionality though.

Dan

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: WiFi interface disappeared

[Jim]

Dan

On FC21, the dmesg | grep rtl returns nothing.

In contrast, I booted Ubuntu and ran the same commands, which clearly 
show an 8192 (see below).  Now how do I restore that device?


Thanks,
Jim

(From Ubuntu)
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor 
Family DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core 
Processor Family Integrated Graphics Controller (rev 09)
00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series 
Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset 
Family USB Enhanced Host Controller #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset 
Family High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 1 (rev b4)
00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 2 (rev b4)
00:1c.2 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 3 (rev b4)
00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 4 (rev b4)
00:1c.7 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset 
Family PCI Express Root Port 8 (rev b4)
00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset 
Family USB Enhanced Host Controller #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation HM65 Express Chipset Family LPC 
Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset 
Family 6 port SATA AHCI Controller (rev 04)
00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family 
SMBus Controller (rev 04)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. 
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)

03:00.0 System peripheral: Ricoh Co Ltd MMC/SD Host Controller (rev 07)
08:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE 
802.11b/g/n WiFi Adapter (rev 01)

Bus 002 Device 003: ID 0a5c:217f Broadcom Corp. BCM2045B (BDC-2.1)
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 5986:03b3 Acer, Inc
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Module  Size  Used by
ctr13049  2
ccm17773  2
rfcomm 69160  8
bnep   19624  2
snd_hda_codec_hdmi 46368  1
snd_hda_codec_conexant57486 1
uvcvideo   80885 0
videobuf2_vmalloc  13216  1 uvcvideo
videobuf2_memops   13362  1 videobuf2_vmalloc
videobuf2_core 40664  1 uvcvideo
videodev  134688  2 uvcvideo,videobuf2_core
snd_hda_intel  56531  3
snd_hda_codec 193017  3 
snd_hda_codec_hdmi,snd_hda_codec_conexant,snd_hda_intel

snd_hwdep  13602  1 snd_hda_codec
arc4   12608  2
intel_rapl 18773  0
x86_pkg_temp_thermal14205  0
intel_powerclamp   14705  0
coretemp   13435  0
snd_pcm   102099  3 
snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel

kvm_intel 143187  0
kvm   455843  1 kvm_intel
snd_page_alloc 18710  2 snd_pcm,snd_hda_intel
crct10dif_pclmul   14289  0
snd_seq_midi   13324  0
crc32_pclmul   13113  0
snd_seq_midi_event 14899  1 snd_seq_midi
ghash_clmulni_intel13216  0
cryptd 20359  1 ghash_clmulni_intel
joydev 17381  0
snd_rawmidi30144  1 snd_seq_midi
btusb  32412  0
serio_raw  13462  0
bluetooth 391136  22 bnep,btusb,rfcomm
snd_seq61560  2 snd_seq_midi_event,snd_seq_midi
thinkpad_acpi  81013  1
nvram  14411  1 thinkpad_acpi
rtl8192ce  53550  0
rtl_pci26690  1 rtl8192ce
rtlwifi63475  2 rtl_pci,rtl8192ce
rtl8192c_common53172  1 rtl8192ce
snd_seq_device 14497  3 snd_seq,snd_rawmidi,snd_seq_midi
mac80211  630728  3 rtl_pci,rtlwifi,rtl8192ce
snd_timer  29482  2 snd_pcm,snd_seq
snd69322  18 
snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_hda_codec_conexant,snd_pcm,snd_seq,snd_rawmidi,snd_hda_codec,snd_hda_intel,thinkpad_acpi,snd_seq_device,snd_seq_midi

cfg80211  484040  2 mac80211,rtlwifi
i915  788212  3
mac_hid13205  0
video  19476  1 i915
drm_kms_helper 55071  1 i915
drm   303102  4 i915,drm_kms_helper
mei_me 18627  0
lpc_ich21080  0
mei82276  1 mei_me
i2c_algo_bit   13413  1 i915
shpchp 37032  0
soundcore  12680  1 snd
parport_pc   

Re: ethernet.wake-on-lan

[Beniamino Galvani]

On Mon, Sep 14, 2015 at 01:08:06AM +0200, poma wrote:
> As shown, "ethernet.wake-on-lan=0" has no effect on disabling 
> NetworkManager's WOL management.
> I wonder if such a possibility exists, at all.

NetworkManager configures on the device the options specified in
configuration file and if they are empty (ethernet.wake-on-lan=0)
assumes you want to disable Wake-on-LAN altogether.

At the moment we don't have a way to say "don't touch whatever is
already set on the interface" but I guess this could be easily added.

Beniamino


pgpMQ06W4pCnU.pgp
Description: PGP signature
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

WiFi interface disappeared

[JimR]

Fedora Core 21, KDE spin, all patches up to date.

Have run for many months using WiFi almost exclusively. Started using OpenVPN a 
couple of months ago with a commercial VPN provider. (Not sure if that 
matters). That has worked fine.

Got notification from Apper that some packages needed updating, including 
kernel. Performed the update from the Apper UI.  I don't know if Networkmanager 
was in the list.

After reboot, WiFi no longer works, in fact, the whole WiFi interface has 
disappeared from ifconfig and from the NetworkServices UI. I plugged in an 
ethernet cable, and it works fine. Machine is triple-boot, FC21, Win7 and 
Ubuntu LTS 14.04. WiFi works fine in Win and Ubu.

I tried re-adding the interface, wlp8s0 using the Connection Editor. Seemed 
happy, but it still won't start nor  list in ifconfig 

I found this in the messages log around the time of the failure, but googling 
this does not produce any meaningful help:

Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): device state 
change: activated -> deactivating (reason 'removed') [100 110 36]
Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  NetworkManager state is now 
CONNECTED_LOCAL
Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): device state 
change: deactivating -> unmanaged (reason 'removed') [110 10 36]
Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): deactivating 
device (reason 'removed') [36]

Help!
JimR___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: WiFi interface disappeared

[Dan Williams]

On Mon, 2015-09-14 at 14:10 -0400, JimR wrote:
> Fedora Core 21, KDE spin, all patches up to date.
> 
> Have run for many months using WiFi almost exclusively. Started using OpenVPN 
> a couple of months ago with a commercial VPN provider. (Not sure if that 
> matters). That has worked fine.
> 
> Got notification from Apper that some packages needed updating, including 
> kernel. Performed the update from the Apper UI.  I don't know if 
> Networkmanager was in the list.
> 
> After reboot, WiFi no longer works, in fact, the whole WiFi interface has 
> disappeared from ifconfig and from the NetworkServices UI. I plugged in an 
> ethernet cable, and it works fine. Machine is triple-boot, FC21, Win7 and 
> Ubuntu LTS 14.04. WiFi works fine in Win and Ubu.
> 
> I tried re-adding the interface, wlp8s0 using the Connection Editor. Seemed 
> happy, but it still won't start nor  list in ifconfig 

If the device isn't listed in ifconfig the the kernel cannot see it, and
thus NetworkManager can't see it.  It seems like there is either a
hardware problem with your wifi device, or the kernel has been updated
and no longer recognizes the wifi device.  What is the output of 'lsusb'
and 'lspci' when those commands are run in a terminal on your machine?

Dan

> I found this in the messages log around the time of the failure, but googling 
> this does not produce any meaningful help:
> 
> Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): device state 
> change: activated -> deactivating (reason 'removed') [100 110 36]
> Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  NetworkManager state is 
> now CONNECTED_LOCAL
> Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): device state 
> change: deactivating -> unmanaged (reason 'removed') [110 10 36]
> Sep 12 23:16:04 KD1YV1 NetworkManager[733]:  (wlp8s0): deactivating 
> device (reason 'removed') [36]
> 
> Help!
> JimR
> ___ networkmanager-list mailing 
> list networkmanager-list@gnome.org 
> https://mail.gnome.org/mailman/listinfo/networkmanager-list


___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

WPA/WPA2 Enterprise details

[Jan Grulich]

Hi,

I'm trying to improve our WPA/WPA2 Enterprise support in KDE and I have few 
questions regarding 802-11x security setting.

1) When phase2-foo properties should be used instead of just foo properties 
(e.g 
phase2-private-key/private-key) ? In implementation of gnome-applet I see they 
are 
used when phase2 property is set to true, but it's always set to false as I can 
see.

2) Are subjectMatch/altSubjectMatch properties still valid and used? I don't 
see this 
implemented in gnome-applet, but we had this implemented in the old KDE 
networkmanagement applet. I'm asking because we got a bug report about missing 
implementation of these properties for the new applet and I would like to be 
sure how 
this should be implemented. 

Bug report: https://bugs.kde.org/show_bug.cgi?id=342728[1] 

Thanks for your help.

Regards,
Jan
-- 
Jan Grulich 
Software Engineer, Desktop team
Red Hat Czech


[1] https://bugs.kde.org/show_bug.cgi?id=342728
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list