Network manager and split DNS for a VPN?

Tom H tomh0665 at gmail.com
Thu Apr 13 05:36:13 UTC 2017


On Wed, Apr 12, 2017 at 1:27 PM, Xen <list at xenhideout.nl> wrote:
> Tom H schreef op 12-04-2017 17:27:


>> root at localhost ~ # cat nm.sh
>> #!/bin/sh
>> echo "#### using uuid ####"
>> nmcli -f IP4 c sh uuid $(nmcli -t -f UUID c sh --active)
>> echo
>> echo "#### using id ####"
>> nmcli -f IP4 c sh id "$(nmcli -t -f NAME c sh --active)"
>>
>> root at localhost ~ # ./nm.sh
>> #### using uuid ####
>> IP4.ADDRESS[1]:                         192.168.0.108/24
>> IP4.GATEWAY:                            192.168.0.1
>> IP4.DNS[1]:                             8.8.8.8
>> IP4.DNS[2]:                             8.8.4.4
>>
>> #### using id ####
>> IP4.ADDRESS[1]:                         192.168.0.108/24
>> IP4.GATEWAY:                            192.168.0.1
>> IP4.DNS[1]:                             8.8.8.8
>> IP4.DNS[2]:                             8.8.4.4
>
> Yah, maybe it's just me, but I still don't consider NetworkManager to
> be the "trusted party" to go to for information.

If you're trusting NM to set up your network, including the
nameservers. You should trust it to return accurate information about
your network setup, including the nameservers.


> There is probably a shorter command than the above that does the same,
> I once used it. And I had forgotten since how to do it. NM is to me
> just not a "central" thing to remember and based yourself on.

I thought that I'd said in my original email that previous versions of
NM had "nm-tool". It's too bad that it was removed, although I'd have
preferred it to be "nmtool"...


> That's probably just me (right? ;-)) but the above is pretty
> convoluted as a form of "standard" way to find some information.
>
> I understand that NM manages DNSmasq and therefore knows this
> information and is the frontend that dnsmasq itself lacks.

The reason that dnsmasq lacks a frontend is that it's not the "full"
package, dnsmasq, that's used by NM; it's dnsmasq-base.

dnsmasq-base installs "/usr/sbin/dnsmasq" and
"/etc/dbus-1/system.d/dnsmasq.conf".

dnsmasq installs "/etc/dnsmasq.conf", "/etc/init.d/dnsmasq", and
"/lib/systemd/system/dnsmasq.service".

If you use dnsmasq and resolvconf, IIRC, you can run "cat
/run/resolvconf/resolv.conf" (or possibly "cat
/run/dnsmasq/resolv.conf"; I don't have them installed to check,
sorry).


> nmcli itself has a syntax I find impossible to remember.

The above is the only nmcli command that I know and use.

I remember them because

"c sh" is short for "connection show" and is similar to ip's "a
sh"/address show".

"-f" stands for "field(s)". I sometimes type "ipv4" rather than "IP4"
for the first one and then realize that I've screwed up...

I prefer the "uuid ... UUID" version because they correspond, whereas
in the "id ... NAME" I have to remember that the output of "NAME" is
the input of "id".


> I once suggested they turn nmcli into a graphical tool and then
> perfect the interface of the graphical tool and then use that to
> inform any changes to nmcli, in the sense of having a secondary thing
> to work on that doesn't have to "be" anything yet.
>
> Turns out they already had one. Or were thinking of one.

I don't understand.

There's also "nmtui" but it's not the same thing as "nmcli". The GUI
tools are "nm-applet" and "nm-connection-editor".

I've never actually checked but I suspect that the different panes of
one the GUI applications correspond to the nmcli verbs.


> The NetworkManager people are really quite responsive and helpful and
> they are one of the few teams I have ever seen that conduct surveys as
> to their popularity and user-friendliness in that sense.

I only "know" the lead developer, Dan Williams. I've never dealt with
him directly but I've noticed in various posts that he's helpful and
open to suggestions and requests in spite of all of the NM bashing.




More information about the ubuntu-users mailing list