 Hello everybody who's who's present This is our Community meeting for network manager. We had it also in the past like last year in DEF CONF and two years ago And also in DEF CONF US past summer So the format is very unstructured. We just Well, I thought I'd give a quick intro what happened in the past year with network manager but the focus should be on if you have any questions or Well, whatever you would like to discuss So let me just Well, I thought I'd give a quick summary of network manager what happened in the past year So just this week we really we made a new release then 1.30 release. I think that's actually pretty good as As always I had the feeling that every release is better than the previous one So this too, it's already in Fedora Fedora 34 and I think I was in Debian testing or at least unstable and What does it bring? Well when I always write the news file for the For the release or when we write it together it often strikes me that there are not so many interesting new features But that I feel that's kind of natural for such an old project, right network manager I mean we got support for Wi-Fi 10 years ago or 15 years ago So all of these normal things already work. So when we add a new feature, it's often quite well not It's quite obscure So to say but there are still a few nice features for example Maybe penny Amina would like to say something about it for example about WPA 3 support They'll Penny Amina would you like to say something? Okay, it's fine. So Well WPA 3 that is of course mostly handled by WPA supplicant so network managers just needed Hi penny Amino Hi, did you hear me? Yes Yes, I also pass Link to a blog article that we did for the one 30 release and as Thomas said Thomas said we don't have much very many exciting features, but there are there is some interesting stuff like the virtual Ethernet support that was introduced by Fernando We also have about WPA 3 We support a stronger Authentication for WPA 3 enterprise and There are a lot of improvements regarding for example the in-ear degenerator and And LibnM you can check the article for more details Yes, I think yeah, the in-ear degenerator that saw quite some improvements and it's a relatively new Part of network manager that we what it does it it basically it passes the command line from the kernel as defined by drakehead and then it runs in in-ear the run by drakehead and it It sets up the network like previously the drakehead network module it it was basically a shell script that spawned the edge client And now a network manager runs there So I think that works quite well. This is what happens in rel in recent rel versions and in in fedora And of course it happens if you use network in In it in it are the I Think it's a good way to avoid duplicating the effort so instead of having a Way to configure networking in interd and a different one in the real root We have unified that and now network manager manages with the network from the very beginning of this the boot Going on and Yes, what I think would improve another thing that improved I think our CI and testing keeps getting better. I think that's also related because now more other components use network manager, I mean like 10 years ago, there was only only nm upload and there was no CI and When we would test network manager for release, we would click around in the applet but nowadays all our that we have a lot of CI and other components that use the API Extensively and differently than a user would do in nm. Uplet like in nm. Uplet you click it doesn't work You click again, and you say okay the test best, but there were so many run time Conditions there that could happen, but if you have but we If we have all these tools that use network manager, then the API is much more used and tested so I think the biggest improvements were That network manager keeps getting more stable and more testing and also more use like we have now nm state and answer the rule Which are related broad projects that can configure network manager. Yes Fernando is one of the maintainers of nm state. Yes. Hi Fernando Hi If you have any question or anything related to suggestions or whatever related to nm state So feel free to ask we use network manager for applying the network configuration and supporting persistent state and rollback on On nm state So yeah, I will say that's without never manager state that's almost nothing just gather the Network state so We are testing a lot. Never manager in our CI. So this all of us to To collaborate even more because well never manager at the same time is running enemy state test so we can coordinate efforts and It's all of us to discover bugs More quick Yeah, I mean say that if you have any question or whatever Go ahead, please. I think I Think you will share audio to write the they could share audio if they want to talk Yeah Thank You Fernando Andreas asked the question Could we get a simple and out-of-the-box comment script or system role to quickly bridge a physical interface and pass the IP Configure of the interface forward to the bridge without rebooting the system um Well Well, first of all if the interface currently is configured with static IP configuration Then you would basically just create a profile a bridge profile with the same static IP configuration so that That kind that of course works. You just create the new profiles like the bridge and the port profiles for it With static IP configuration and then you activate them. You don't need to reboot for that and that is also for example what I'm state and And the system role does like the Ansible system role You can configure there the profiles in in yaml in the Ansible playbook and then it does it But more it I think this question was more like if you were doing DHCP on the interface and then it's And then you are not guaranteed that you get this then of course you can create a profile for the bridge that also does DHCP And if you do everything right Then you might get the same IP address there, but yeah For example did the IP address that you get depends on your MAC address, right? So you need to take care that the bridge has the same MAC address Hmm I think this is all possible By for example, if you use the Ansible system role That you just create the right profiles Yes As you said with with the ACP it's a bit more difficult because you have to if you want to guarantee that the IP is the same For example, you have to use the same MAC address, but also if you use IPv6, I think you need to Check that you use a do it and IAID based on the MAC address so It's a bit more difficult Regarding The question so providing a command. Yeah, I don't think it should be in network manager But maybe in something at an upper layer like an M-state or Yes For that case we have introduced For bridges and bonds etc. We have introduced a new property, which is copy MAC from So it's allowed you to specify the MAC of the interface that you that you want to copy the the MAC address So I think if that is the case and someone configure a bridge with the ACP and copy the MAC address from one of the boards The Mac that the IP will be confused as the Correctly, I think I I should look more close at this use case But if you are if you are interested on having this support on NMS state Because it could be useful for you Let us know down github Yes, I think I think this is possible but yeah indicating with NMCLI. I think it's possible with NMS state so if you want to Do to check this father, I will pass it that you have a possibility of NMS state And the recommendation so you can take a look to it and I think it could be possible to do with a simple stating in NMS state this data procedure I Encourage you to try it out and it should be straightforward if something that's not wrong that does not work on your side Let us know only you have issue or by IRC or email and we could have you Yeah, I think Yes, and there's also suggested is an NMCLI comment and yeah the difficulty Is we are always very slow at adding new and this NMCLI comments because this is kind of our API and Then usually later later turns out to not be flexible enough or so Yeah That's it's a good idea How to improve that Did you hi, hi, I'm I covered the I opened it a mere request to network manager to add support To guide why were two NM GUI? If you want to talk a little bit about this much request it will be nice Yes, I saw the merge request. Thank you. That's really great Especially because NMCLI currently cannot configure why I got peers So if you could do that with NM GUI at least it would be very helpful So we're looking forward to to finalize this one Thank you. I currently I'm trying to To add the peer support. I'm I took a look to the code that That let you Configure the IP roots in for example in in in any in any interface and I'm trying to Take this code and adapt to to add The support to the to the peers I'm I Basically, I'm and now I have some kind of monster code Because I copied the the files. Let me see the files. I used to to Just start with the with the peer support Sorry, I'm searching I I'm taking a sample and Mt root editor dot C and dot H and Mt root entry dot C and Mt root table dot C and I'm trying to adapt this code like I copied this code change the name to to guy guard peer entry or table or editor and And I'm trying to to add the the peer support And Then taking us this this other code as As the base or as a sample I mean, I'm not sure if this is the Decorate the path or the crossway, but this is really what I'm trying to Yes That I don't know but I would think that Like for the routes if you look at the UI in and in three for the routes. It's relatively simple. It's like a list or like a table and That also would work for wire guard beers, but it might not I don't know if for wire guard beers There are so many properties, right? So I'm not sure how you could how you could have them all in one line Okay, so It might look confusing So I'm not sure I guess there should be like a list of all the peers by their and then you could Edit one and it would open a new window Or maybe you could select one and below there are the the fields of the of the selected beer that you can then edit like not opening a new window but in the same window to Use up there is a list of all the peers and then below there are the The properties of the beer I also take a look to them to I think was a Beniamio's commit that they are the he had Had it Where would wire guard support to and and then connects your connector editor and the Graphical user interface and I My my plan was to more or less replicate the the graphical user Editor it to the text user editor Yeah That sounds good. I Would also think that the slaves or the like if you have a bridge if you edit a bridge Configuration then you see there a list of all the ports and those and I think that is similar There should be a list of all the peers and then you can select one of them and edit Okay, right. So I think a better example are the list of the ports for a bridge then the list of routes because the routes are Yeah, it's from the ui is just different and If the routes is not the the better code to to take as an example, do you know any other any other files in the MM and an empty UI that maybe It could be similar to what are you but what do you want in? in in the the peer editor I Don't know which file now. I'm not familiar with any three code But if you open the if you create a bridge profile, then you will see there are the list of all the slaves Okay, okay, and now I understand that The only difference is that when the new slave you click to add a new slave in the bridge for example Sponsor new It reuses the ad connection the connection editor for internet So it's simple in it's a bit simpler in that in that case you instead have to add a new dialogue for the peers Okay Yeah, but I think the bridges and bonds are good are a good good example Okay, I want to go to to that code and I will try to to To be used into To do the the peer the peer supper I think this is the the file that Javier is looking for the NMT slave list No, I know I will currently I'm looking for this file But but this one currently show up the list of slave Okay Then it's show up the list and I think it's implementing the get property and set property So, okay, but not sure how this work with the rest of the good. That's I'm not familiar to with an M3 Okay Yes, let's talk about this also more next week on IRC or on the merge request perfect I will keep in touch with with and We've got this further in the following day but Thank you About the previous topic Andreas also said that on on hosted system It's important that you are able to do this without cutting yourself off from the network And in general that is of course important that yes Andreas said Before also without reboot and in general It's important that you for network manager that you can change something with without rebooting So we never say the solution is to reboot the machine So definitely should be possible, but it's a bit dangerous, right? You activate the diff you it might just work especially if you use static IP addressing So you can do it via SSH you activate the other profile and it will be fine But then if you do the HCP and that other interface and you might get a different IP address that could be highly annoying right Yeah, and then currently an in-state also has an outreach. She's student and She's also here today. I hope I pronounced the name correctly Shria So hi Maybe Fernando you would like to yeah to say something about the opportunity project I would like her to introduce herself if possible, so If you want to request audio if not, I can do it Hello Hello Yes, hi, my name is Shria, and I'm from India and currently I'm contributing to NM state with Fernando and And We are we are trying we are writing codes to implement why I got support to NM state And I'm here to learn and connect to you with you all That's great. Thank you Yes, it seems why I got this quite popular nowadays Yes, indeed it is and our plans is to support you for the next big release of NM state. So There is already a draft PR which needs some work, but it's Mostly working in the main cases needs to Some conditions on peers, etc. But it's in very good shape So yeah, it's really nice doing a pretty good job here. And hopefully we can Simplify that why I got configuration using NM manager with this So only two weeks ago, Ben Yamino also did a batch to NM applet. So finally NM applet also works with why I got nice What is still missing is GNOME GNOME 3 support Like the control center and the GNOME shell But we I mean the people here we actually don't usually work on on GNOME stuff. So That is more the Yeah, we are a bit detached from the community there. I mean we usually don't contribute to GNOME control center So hopefully somebody will pick it up. So if there are any questions, right, please feel encouraged to ask In the meantime, I was thinking about what what will we do in the next year for network manager and Again, the answer is not very exciting unfortunately, it's because We just try to keep network manager to get better Okay, let me hi Andreas Andreas. Hello. It's really nice to see you For the first time. I'm only a user of network manager and I would like to share my purse Which I couldn't solve without your help Thomas. I'm working for SAP and We faced the situation where we wanted to use hotplug functionality for some network cards You know, there are different cloud environments and other environments where you can just plug in a network card and And some of my colleagues wanted to make it work As it is just plug it in get an IP address with DHCP and it was not possible on the red hat seven for the first time and Then I realized that there is a really huge Potential in network manager and and a bunch of features, but probably people just don't know about You know, like was someone asked to have a one-liner for a bonding stuff things like that and do you have any idea how I could Show examples, I mean like real life examples to my colleagues Oh, and the good news is with your help I could a bit evangelize or how to say network manager in SAP So now we started to use it in many projects here in Hungary, of course, but also in Germany, US and India With the config you helped us to make Oh, that's great. We are always happy if it works Is this is this in a cloud environment like in Amazon cloud or so we have a Own cloud environment, which is basically an open stack fork and now we use it there and and Some other places also, but my main point would be When we are just running through the documentation for the first time many things and and really nice features what network manager Has it's not obvious for the first time like I've never believed that it can match Interfaces, I mean types or names or or anything like that to apply a configuration for that interface And you know, I was using network manager for years because of my desktop, of course but Yeah, and and when you show people that listen use network manager Just look at the routing table the metrics will be much better if you start network manager and and not these Old legacy kind of and not only use this old kind of legacy Shell script network configuration files. It will be much better in many ways But for some reason people still ignore it or I guess they just don't know Do you have any ideas how to? How to let people know about the nice features which network manager has Well, unfortunately, I think we are very bad at marketing like only recently the past year We got a better website, hopefully and it's still at the infancy. I Mean, there is no content there yet. We really need to improve that so All of these things need to be improved by like more blogging more helpful. For example system D back a few years ago, Leonard wrote these These really great blog articles system D for administrators So I think such blog articles are actually very useful thing So we should do more of that second our website really should improve We are aware of that but unfortunately making website is not I mean not like the content of the website. It's just Yeah, huge time sink. Yeah, I know it can be a huge time sink and we are not Yes, and in I guess a lot of people dislike network manager also that is fine. Of course, you can use whatever you want but they have a certain preconception and and I find it hard to I Think we need to fix that by by just that it works. Well, so it's not it's I So sure we should do better marketing But I also believe it should just work well for people and speak for itself But you're right people might not not discover the features Right. So, yeah, I have no answer for that, but it's a good point It's really so important just to sell your project in a in a good way I mean not sell but to make to advertise what What it just can do so that people can learn it and and and see that it is useful to them. I Don't know how to improve that But many thanks for all your help. You really helped a lot to me In my daily job. Yeah, that's great Yes, I think you also are lively IRC channel is important here we should we should really Be there when when people have questions sometimes on the mailing list our mailing list is not very active But sometimes somebody asked ask the question and it doesn't get much attention. That's also bad Somebody from the community should always reply to him to emails or on IRC channel and help out to others So that's important. Yeah but great that I mean, we obviously like network manager, so it's great if others also can appreciate it. Thank you. Thank you I mean, we were often talking about how can we even improve our I don't know. Yeah advertisement advertisement is such a bad word, but How yeah, what do other think about that like Benimino, Fernando, what do you think? or in the audience of course as you said For sure blogging would help and advertise more when you have new exciting features Or even Minor features Like for example, you said that we added support to the applet and For many people that could be very useful. So maybe we should start publishing some somewhere about it and Yes improving the documentation So people know documentation on the website, for example, so people know What are the features? and maybe also increasing our Community so the people who contribute to network manager. I don't have a Suggestion on how to improve it But that would help if we have more people contributing Or even more people reporting what they need which are the features that Can make network manager better. I think blogging is obviously something quite good We should do more blogging Also, I noticed that a lot of community a lot of people is using Nepal manager But they don't know they're using never manager if they are not Technical and have to do networking stuff because well or Fedora users use never manager Sent us or really is it so well, I will say that's Also, if I know wrong Ubuntu users also use never manager, right? That depends which flavor you use with server Ubuntu you get network D and With desktop you well you anyway can choose but I think by default Yeah, so well I think now that's Mostly all of my friends and people around me use never manager even they don't know so Maybe one one thing that I could find it's a travel shooting guide when I look for issues of never manager Well, it's it's nice to have like I don't know a guide or a wiki or something where we have the troubleshooting if you find this issue You need to do whatever other because well, I always go to the arch wiki Which is quite useful and have a lot of two troubleshooting stuff for never manager but it would be nice to have something specific for never manager issues and as straight I say as A student and new contributor. I find belongs blocks related to networking of the of the project, etc. Really helpful Maybe that is something that can really help new contributors. Yeah, I Think it's rare. You're right. It's very nice to have blocks explaining stuff about never manager And it's not only for new contributors for me. Why God was something that's Known so The block about how to configure why got interfaces using never manager was pretty helpful to understand how it work So I think for even new contributors and all contributors. This could be something good Because well never manager is too weak and it doesn't matter if you implement something You're not going to work or you're not going to understand the whole project and all the features So maybe you will need to look to the commutation from time to time Eric was asking whether the core team has some private channels or whether we use the mailing list list or ISE channels and Actually, we had our I think our main channel is the upstream ISE channel Although I must say we also like me Ben Amino and Fernando we work at redhead So we also have a redhead internal ISE channel and sometimes we discuss things there and I think this is a good reminder that we shouldn't do that So we really should limit our private discussions. We should not have many Private discussions if at all but really discuss more things on ISE on free note the mailing list is not much used for discussions because we nowadays use GitLab and Yeah, we use GitLab and we discuss the issues there I mean like a merge request on the other hand large architectural discussions. That's of course Difficult to find a place, right? There the mailing list would still be useful So, yeah, so and I think it's sorry It's a very good reminder very important to use the upstream channels like the mailing list and ISE totally Yes, we are all remote of course We have a meeting some meetings which are internal Where we discuss things, but maybe it would be useful to have a once every time week or two weeks a public meeting where people can join and Bring problems or suggestions. I don't know That's a very good idea. We should first of all we should improve our website, but then we should also have Then we should write about such weekly or two bi-weekly meetings We use currently Google Meet for that Yes, let's do that also. Ah, okay on YouTube. Does this mean they are streamed their life or are they recorded and then Is it is it live there or is it a recording on YouTube? Okay Yeah, I'm Let's see how interesting they these meetings will be right So maybe we could even put them on YouTube But we should at least have them like I don't know office hours, so to say but but It's really not that it I always like this idea that it's a dope source community And it's not just me and Benjamin and Fernando and a few others who developed this and everybody else is the user so When I say office hour, it sounds like The developer team needs with the users. I think this should be more like a community thing So yes, we need to do more community and Such a meet-up weekly or bi-weekly would be we will we will do that Good point Hi guys, this is Gaurav. I just had a quick question So maybe some code walkthrough sessions in the upstream and the public meetings could help engaging with the new Custom and new new developers or the new contributors here That's an interesting idea. I saw once on YouTube a live stream about some gnom project Developing a feature there That was quite interesting. It's a good idea Community actually in safe storage community. We the community has regular efforts I'm just sharing an example where the developers actually go through the entire piece of code They are an entire components code So and maybe if the component is too long, they can they usually break down into two sessions So that would I mean help in engaging with the community These recorded or is it again live stream? These are live streamed and recorded Okay Because from the flow, I think it's quite different whether you do a live stream or whether you have a dream record a We have it you Okay that's a I think the biggest question that most at least for us and For many open source projects is how to attract new developers and contributors and this is Yes It's also unfortunately quite hard to get started with Development of network manager. Yes. Good point Let's think about that more just for that dev conf also been a meaner made a recording about how to use wire That is of course targeted more for users, but Such things We do that much to seldom Like it's also about the shortness. It's nice if it's only 10 minutes or less About one specific topic Eric just said okay, okay the the day That it's like a live session where they meet which is then recorded Like a lot if I understood correctly Yes As you talked about the videos that we did I did one about wire guard configuration and Thomas recorded a video about Nm cloud Set up the tool to configure Networking in cloud environments using network manager, so I think it will we could start adding a new section to the site where maybe we collect all videos That will be interesting I think for users Very good point Yes, all of these must be found via the via our website We must link our blog articles there. We must link our videos there and we must lead link our communication channels or our Weekly meetings if they are public as they would should be Good point Carol is asking a question Something technical very good How can I force search domain settings for a specific connection especially via VPN To send all DNS queries to DNS servers from that connection independently of the received search domain for this connection and in that case I think if And So I Think when this is this question is mostly about how to avoid DNS leaks I guess that you That you only access The DNS via the VPN So the first part of it is that you make sure that you route your traffic via the VPN and that is configured By setting the route metric accordingly, right? So by default already the VPN profile has a route metric of 50 Which is lower than all other Connection types so if you set the default route on the VPN you will everything will be routed Via the VPN, but of course about DNS so The real the proper solution is to set the DNS priority every profile has a DNS priority Setting and if you set that to a negative value it kind of means exclusive So you need to set that That property and that should be enough and you say you also talk about that it does not get that the DNS Servers are not received from automatically. So you can you can manually configure the DNS settings and you can there is a property. It's called Ignore DNS ignore auto DNS or something like that so that you don't get it automatically Although now I'm not sure I had the feeling there was an issue with VPN in this regard Not sure about that that that might be a bug Specific to VPN connectors, but in principle just say not automatic DNS settings and negative DNS priority. I was also I previously I wanted to talk what we are going to do in the next year and One of the things that I think currently are not well implemented is like the VPN plugins Although for many users probably VPN plugins is one of the greatest features of network manager Their implementation is not as great as it should be So for and this is how it's a lot of effort to change and we are pondering about it already for a long time But I think in the next one year. We should make some progress in this in this area There are kind of two problems one problem is that network manager spawns the VPN plugin directly instead it should Start the a separate system deservice for it so that That's VPN plugin would be sandboxed differently The second problem is how they are modeled inside network manager. That is a bit special Yeah Hi, it's already quite late. I think our time will run out very soon. So If you have any any last questions or remarks I hope this made sense. If not, please reach out on IRC