Roaming Profiles with NetworkManager
Skill: Intermidiate Complexity: Moderate EstTimeToComplete: 1.5 hours
RelatedMod: DynamicFirewall OptionalMod: AnonymizingNetworkMACAddresses
This guide is aimed at laptop/portable systems with a single wifi interface and a single wired interface. However, the methods are applicable to varied other system setups. I also recommend installing the DynamicFirewall to help secure and offer a layer of protection while you are roaming about. Optionally you may consider AnonymizingNetworkMACAddresses to afford some privacy.
Sometimes there are specific local settings depending on the network you've associated to. For example, when on the work network you have default printers, unique firewall rules or other applications with location specific settings that are substantially different for home network settings. This guide will illustrate a way to provide roaming profiles via NetworkManager.
NetworkManager is fantastic, if you let it completely manage the network. Laptop-net is fantastic at managing profiles. However things just don't work well using laptop-net and NetworkManager together.
So, rather than force laptop-net to accomodate NetworkManager's penchant for total control, I've devised some procedural additions that work within NetworkManager's methodology.
With the following configuration examples you can change most system settings, except static ip address management. I attempted to utilize the NetworkManager interface status system to force the static ip assignment but failed at every attempt. Accomodating for static addresses will hopefully be resolved in 0.7 of NetworkManager. There is a kludge to force static ip assignments after NetworkManager completes.
Regardless, the following examples illustrate ways to change profiles using NetworkManager alone. The examples emulate the behaviour of laptop-net. While not as complete as what laptop-net it at least cooperates with NetworkManager.
Attachments are provided containing the initial file heiarchy. Download the tarball archives and review prior to installation.
You will have to edit/add/remove the script files to make them fit your environment.
You will have to edit/add/remove the script files to make them fit your environment.
You will have to edit/add/remove the script files to make them fit your environment.
Commands in the guide assume you have sudo'ed root. i.e., sudo -i after each login.
Load TarBall Archives
Save the tarball: nmprofiles.tar.gz
cd / tar xvfzp nmprofiles.tar.gz
File Descriptions and Behavior
This set of files is for the static IP address assignment kludge described later on. Includes the firewall reload.
etc/network/ etc/network/interfaces_home-wired etc/network/force_work-wired etc/network/interfaces_work-wired etc/network/force_home-wired
This is the location and example file set for your roaming network profile scripts that move files, restart services and reload the firewall.
The nm-dispatcher and the dispatcher.d scripts work together. Files in dispatcher.d are called in alpha order. The 99* scripts have an include for code from nm-dispatcher. The 99* scripts are only executed if the interface name and ip addresses of the passed interface match.
NetworkManager Device Order and if-*.d Files
The files in /etc/nm-profiles/<PROFILENAME>/if*.d are called from /etc/NetworkManager/dispatcher.d/99* scripts. The device state determines the group of scripts to call.
When a device is activated the call order is:
pre-up up
When a device is deactivated the call order is:
down
* It has been my experience that post-down is never reached/called when a device is deactivated.
The files are called in alpha order. The script examples copy location specific files, reloads the firewall (refer to DynamicFirewall), and restarts services who's configuration files were altered.
Dispatcher.d Files
You'll need to edit the 99* files to reflect the network ip numbers and interface names of your particular environments. Also, create any custom dispatcher.d files for other profiles you need. The profile script files in dispatcher.d have an evident section which requires set values for determining which network you've connected.
This setting names the profile. Change to suit your needs. Just remember to update/add to /etc/nm-profiles/NMPROFNAME.
NMPROFNAME="home-wifi"
This sets the profiles phase scripts and location specific files directory.
NMPROFDIR="/etc/nm-profiles"
This is a PERL regex to match the activated devices ip address to. It can as complex as you need. But, in most instances a partial subnet of the location specific network address is all that is needed to differentiate networks.
IPMATCH="10.10.10"
This is also a PERL regex to match the activated devices name. It can as complex as you need. But, in most instances a single interface name will suffice to differentiate profiles.
IFMATCH="eth0"
* Complex example where you want ANY of these address masks and matching interface names to activate the named profile.
IPMATCH="10.10.11|192.168.10|172.16.10"
* Complex example where you want ANY of the interface names and matching ip address masks to activate the named profile.
IFMATCH="ath0|eth0|eth1"
Active Phase Range
As the scripts are currently setup the only phases to ever be reached for profile scripting are up.
Dispatcher Worker and 99* Actions
NetworkManager passes the acting interface name and phase to the dispatcher.d scripts. Your 99* profile scripts armed with the interface name and phase then make a determination about where you are.
To simplify your scripting a worker shell script nm-dispatchworker is installed and called by the dispatcher scripts. The worker script gathers the current interface ip address assignment and matches the current interface name to determine when a location profile is matched.
Only when the IP ADDRESS and INTERFACE NAME matches the acting interface will the named profile phase scripts be called.
Example: NetworkManager is activating eth0. NetworkManager(NM) passes phase pre-up and interface name eth0 to every script in /etc/NetworkManager/dispatcher.d. 99home-wifi is called which attempts to get the current ip address assignment for eth0. Since there is no ip address assignment for eth0 yet, the check for a match against the defined IPMATCH will fail. Therefore the /etc/nm-profiles/home-wifi/if-pre-up.d scripts will not be called.
NetworkManager(NM) then passes phase up and interface name eth0 to the dispatcher.d scripts. 99home-wifi is called which then gets the current ip address assignment for eth0. Now that there is an address assigned to eth0 it is checked against IPMATCH. If the ip address mask and interface name match then the /etc/nm-profiles/home-wifi/if-up.d scripts are called in alpha order.
NetworkManager does not pass on post-up.
This example applies to the deactivation of an interface where matched interface name and ip addresses will call down, post-down profile scripts.
In general, unless you severly modify the dispatcher.d scripts, post-up, pre-down profile scripts will not be activated since either the ip address hasn't yet been assigned or was released.
Static IP Assignment Kludge
A home-wired and work-wired script are included to force a static ip assignment. I have not been able to force it using the NetworkManager methods. Once the network assignments are completed run the scripts to force the static ip assignment. Adjust to your needs.
Create GNOME Custom Application Launch
Right-click on the system bar and select Add to panel....
Select Custom Application Launcher.
When the dialoge window appears select Type: Application in Terminal
Provide a meaningfull Name: label.
Enter the Command: sudo -i /etc/network/<forceScriptName> where the script is one of:
force_work-wired force_home-wired
These scripts reconfigure the interfaces for a static ip address assignment using ifup. Once re-assignment is complete the firewall script is run to reload with the static ip address.
You will need to edit these files to reference your firewall script file.
* I didn't include forced static for wirless but you could certainly setup up such scripts.
Offline Profile
There is an offline profile which will be called with the device is in action but there is no associated ip address assignment. Taylor to your requirements.
Creative Commons License
Author: James B. Crocker
EMail: james@constantsc.net
http://i.creativecommons.org/l/by-sa/3.0/88x31.png
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License.