NetworkManager
NetworkManager is a daemon and associated tool suite for Linux operating systems that provides automatic detection, configuration, and management of network connections, supporting a broad array of setups from desktop computers to servers and embedded devices.[1] Originally developed by Red Hat in the early 2000s to simplify and automate network configuration—particularly for wireless connections—it has evolved into the default networking service across major Linux distributions, replacing manual scripting approaches with dynamic control.[2][3] As a core component of many Linux environments, NetworkManager sits atop kernel interfaces like libudev to monitor hardware changes, maintain active connections, and handle transitions between wired, wireless, VPN, and mobile broadband links without user intervention.[4] Its key features include support for IPv4/IPv6, DNS resolution, static routes, and bonding/team interfaces, alongside a D-Bus-based API for programmatic integration and libraries like libnm for application developers.[5][6] For user interaction, it offers command-line tools such as nmcli for scripting and querying connections, nmtui for text-based configuration, and graphical applets integrated into desktop environments like GNOME and KDE.[4] Widely adopted in distributions including Fedora, Ubuntu, Debian, and Red Hat Enterprise Linux, NetworkManager ensures reliable "just works" connectivity while allowing advanced customization through configuration files and plugins.[7][8]Introduction
Overview
NetworkManager is a free and open-source service designed for Linux operating systems that automates the management of network connections, including Ethernet, Wi-Fi, mobile broadband, and VPNs such as Cisco-compatible, OpenVPN, and PPTP.[9] It serves as the standard network configuration tool suite, integrating with desktop environments like GNOME and KDE, as well as server tools for a wide range of setups from laptops to embedded devices.[1] The primary goal of NetworkManager is to simplify and automate network setup and switching in dynamic environments, ensuring seamless connectivity for desktops, laptops, and servers without manual intervention.[2] By acting as a dynamic network control daemon, it maintains active network devices and establishes temporary connections as needed, supporting security protocols like WPA/WPA2/WPA3, 802.1x, and MACsec.[4][9] Key benefits include user-friendly management of multiple connections, automatic reconnection upon signal loss or device changes, and reliable hardware detection through pluggable backends for services like wpa_supplicant and pppd.[9] Developed by Red Hat, NetworkManager was initially released in 2004 as part of Fedora Core 3 to address the growing needs of modern networking, particularly for wireless setups.[10][11]Rationale
NetworkManager was developed in response to the increasing adoption of wireless networking in the early 2000s, when traditional Linux networking tools struggled with the demands of dynamic, mobile environments. Prior to its introduction, configuring networks relied on manual tools such as ifup and ifdown scripts, the ifconfig command, and static files like /etc/network/interfaces, which were designed primarily for fixed, server-like setups. These approaches required administrators or users to explicitly define and activate interfaces, often leading to errors and inefficiencies when dealing with changing hardware or networks, such as switching between Wi-Fi access points during roaming on laptops.[2][12] The core motivation for NetworkManager was to provide a centralized, policy-based system that automates network management without constant user intervention, addressing the limitations of legacy tools in handling hardware detection, DHCP lease acquisition, and secure protocols like WPA for wireless connections. By integrating with kernel subsystems like udev for consistent device naming and event-driven configuration, it enables seamless adaptation to mobility scenarios, such as plugging into new wired networks or roaming between wireless ones, which static configurations could not support effectively. This shift was particularly vital as wireless hardware became ubiquitous in desktops and laptops, rendering manual setups impractical for everyday use.[13][2] Originally initiated by Red Hat and first released in November 2004, NetworkManager targeted primarily desktop and mobile Linux users seeking plug-and-play simplicity, though its extensible architecture also suits server environments requiring automated connection profiles. It relieves users from the burden of manually configuring each new network, instead using profiles to prioritize and switch connections based on policies, thereby enhancing usability in dynamic settings like home offices or travel.[2][3]Architecture
Core Components
NetworkManager employs a modular architecture centered around its main daemon, which operates as a system service to oversee network configuration and connectivity. The daemon, typically launched by init systems such as systemd, continuously monitors hardware changes and device states using the Linux kernel's netlink interface in conjunction with udev for event notifications, enabling automatic detection of network interfaces like Ethernet and wireless adapters.[14] It maintains an internal state machine to track connection profiles, device availability, and activation status, ensuring seamless transitions between managed networks while prioritizing user-defined policies for connectivity.[9] At the heart of this modularity are backend plugins that handle device-specific operations, allowing NetworkManager to interface with diverse hardware without monolithic code. For Ethernet devices, the daemon interacts directly with kernel modules to manage link states and IP configurations, while for Wi-Fi, it delegates authentication and association tasks to external services like wpa_supplicant via dedicated plugins.[14] These plugins, configurable through the main configuration file at/etc/NetworkManager/NetworkManager.conf under the [main] section's plugins key, extend support to other device types such as mobile broadband or VPN interfaces, promoting extensibility and vendor-agnostic operation.[12]
Inter-process communication is facilitated primarily through the D-Bus interface, which exposes a structured object model for external applications and services to query and control NetworkManager's operations. This model includes objects representing devices (e.g., org.freedesktop.NetworkManager.Device), connections (e.g., org.freedesktop.NetworkManager.Connection), and settings (e.g., org.freedesktop.NetworkManager.Settings), enabling front-end tools and system services to retrieve real-time status, activate profiles, or modify configurations dynamically.[14] The daemon persists connection profiles in directories like /etc/NetworkManager/system-connections/ for system-wide use, ensuring consistent behavior across reboots while integrating with init systems for reliable startup and dependency resolution.[9] This design decouples the core logic from user interfaces and specialized backends, fostering a robust and scalable network management framework.[12]
Configuration System
NetworkManager's configuration system manages network settings through a combination of persistent profiles, runtime modifications, and backend plugins, providing an abstraction layer over traditional Linux network configuration methods. The system prioritizes dynamic and automated configurations while allowing integration with legacy formats, enabling seamless management of interfaces across diverse environments. The default backend for storing connection profiles is the keyfile plugin, which uses a simple .ini-style format in files with the .nmconnection extension, typically located in /etc/NetworkManager/system-connections/. These files are organized into sections such as [connection] for profile metadata like id, uuid, and type; [ipv4] for IP settings including method=auto or static addresses; and [802-11-wireless] for Wi-Fi specifics like ssid and security options. This format supports all connection types and is always enabled, ensuring broad compatibility while ignoring insecure files for security reasons.[15][15] To support legacy systems, NetworkManager employs backend plugins that read and write configurations in distribution-specific formats. The ifcfg-rh plugin, used on Red Hat and Fedora distributions, handles /etc/sysconfig/network-scripts/ifcfg-* files, translating them to internal profiles while allowing NetworkManager to abstract and prioritize dynamic DHCP over static setups defined therein. Similarly, the ifupdown plugin on Debian and Ubuntu systems reads from /etc/network/interfaces, managing only interfaces not explicitly configured there by default to avoid conflicts with the traditional ifupdown tool. Without NetworkManager, these legacy files directly control interfaces via scripts like ifup/ifdown, but with it enabled, the daemon takes precedence, applying profiles dynamically and reducing manual intervention.[16][17][17] Dispatcher scripts extend the configuration system by executing custom actions after network events, such as connection establishment or teardown. Placed in /etc/NetworkManager/dispatcher.d/, these executable scripts (owned by root and run in alphabetical order) receive the interface name and action (e.g., up, down) as arguments, along with environment variables like CONNECTION_UUID and IP4_ADDRESS. They are ideal for post-connection tasks, such as updating firewall rules via iptables or notifying services of IP changes, and run asynchronously without blocking the main daemon. Subdirectories like pre-up.d/ allow phased execution, enhancing flexibility for system-specific integrations.[18][18] Configuration can occur at runtime through the D-Bus API, enabling in-memory changes to active profiles without persistence, or via saved profiles for reboot survival. Runtime modifications, applied using tools like nmcli or direct API calls, store temporary profiles in /run/NetworkManager/system-connections/, which are discarded on restart, contrasting with persistent ones in /etc/NetworkManager/system-connections/. To persist changes, explicit saving is required, often copying profiles to the persistent directory. Conflicts with external tools, such as dhclient, are mitigated by NetworkManager's default internal DHCP client; when using external clients like dhclient (configured via /etc/NetworkManager/conf.d/dhcp-client.conf), only one manages an interface to prevent duplicate lease requests or IP overlaps, with NetworkManager killing conflicting processes if needed.[19][19][20]Core Functionality
Interface Management
NetworkManager manages the lifecycle of network devices, transitioning them through distinct states to ensure reliable connectivity. Devices initially enter an unmanaged state (NM_DEVICE_STATE_UNMANAGED, value 10), where NetworkManager recognizes the interface but does not control it, often due to explicit user settings, external management, or system boot phases.[21] Upon becoming managed—triggered by events like device availability or policy changes—the state shifts to unavailable (20) if the device is present but not ready (e.g., hardware powered off), then to disconnected (30) when idle and ready for use.[21] For wireless interfaces, NetworkManager performs scanning for available networks during the preparation phase, querying access points via kernel APIs to identify viable connections without manual intervention.[22] The activation workflow for a device follows a structured sequence of states to establish a functional connection. It begins in the prepare state (40), where NetworkManager initializes hardware and applies basic settings. Authentication occurs in the config state (50), handling protocols such as WPA for secure wireless links by interfacing with supplicants like wpa_supplicant to negotiate credentials.[22] If additional secrets are required, the process pauses in need auth (60) to prompt for input. IP address assignment follows in IP config (70), using DHCP for dynamic allocation or static configuration from profiles to obtain addresses, routes, and DNS.[22] The IP check state (80) verifies connectivity, followed by the secondaries state (90), where NetworkManager waits for or activates secondary connections such as IPv6 configurations or VPNs, before activation (100), where traffic routing is enabled over the interface, establishing full network access.[22] When handling multiple interfaces, NetworkManager prioritizes connections based on profile settings, with higher priority values (default 0) favoring certain links during autoconnect.[23] It supports bonding to aggregate interfaces into a single logical device, enabling modes like active-backup for automatic failover if a primary link fails, or balance-rr for load distribution, all configured transparently without user input during runtime.[24] Failover in bonded setups detects link loss and switches slaves seamlessly to maintain connectivity.[24] NetworkManager integrates with the Linux kernel through RTNetlink (a netlink socket family) to monitor real-time events, such as interface link up or down, enabling rapid state updates and reconfiguration without polling.[25] This bidirectional communication allows NetworkManager to react to kernel notifications, like carrier changes, by adjusting device states accordingly.[25] For error handling, failed activations transition the device to the failed state (120), with NetworkManager attempting auto-retries configurable per connection (default -1, deferring to global value of 4 attempts) or globally via autoconnect-retries-default.[26] Authentication errors, such as invalid WPA keys, retry up to 3 times before failure.[23] All events, including failures, are logged through systemd-journald when the journal backend is enabled (default syslog otherwise), accessible via journalctl -u NetworkManager, with levels from INFO to TRACE for diagnostics.[26]Connection Handling
NetworkManager manages network connections through persistent profiles known as connection objects, each uniquely identified by a UUID, which ensures stable referencing across sessions and devices. These profiles encapsulate configuration settings tailored to specific network types, such as the SSID for wireless networks, pre-shared keys (PSK) or other authentication credentials like WEP keys for security, and MTU values to control packet fragmentation. Additionally, each profile includes an auto-connect flag that determines whether NetworkManager should automatically activate the connection when suitable hardware is available, along with an auto-connect priority to resolve conflicts among multiple eligible profiles.[27][28][29] Profile management in NetworkManager occurs primarily through its D-Bus API, enabling applications and administrators to add new connections by supplying a settings dictionary to the AddConnection method on the Settings interface, edit existing ones via the Update method on the profile's object path after retrieving it with GetConnectionByUuid, and delete them using the Delete method. Selection priority favors profiles with higher autoconnect-priority values (ranging from -999 to 999, default 0), falling back to the most recently used based on timestamp if priorities tie; user-preferred profiles, explicitly configured with details like SSID or BSSID, take precedence over auto-detected ones derived from scans.[30] For seamless operation, NetworkManager handles roaming and reconnection by monitoring available networks and device states. In wireless scenarios, it tracks previously seen BSSIDs to facilitate quick reassociation and supports roaming to stronger access points when the current signal degrades, though this is driver-dependent and can be disabled by locking to a specific BSSID. For Ethernet, unplugging a cable triggers immediate reconnection attempts to other available profiles, prioritizing those with matching interface names or auto-connect enabled, ensuring minimal downtime during network changes.[27] Connection handling distinguishes between system-wide and user-specific profiles to enforce security. System connections, stored in /etc/NetworkManager/system-connections/ with root-only permissions, are available to all users and persist across logins, while user connections are session-bound and accessible only to the owning user. Privileged actions, such as modifying system profiles or activating connections, require authorization via Polkit, which evaluates user credentials against defined policies to prevent unauthorized changes.[31][32] Profiles support export and import for backup and migration, typically by serializing settings into keyfile format (.nmconnection files) that can be copied between systems, with adjustments for hardware-specific details like MAC addresses to ensure compatibility.[31]Advanced Features
Wireless and Mobile Support
NetworkManager provides robust support for wireless local area network (WLAN) connections through integration with backend daemons responsible for 802.11 authentication and encryption. It primarily utilizes wpa_supplicant as the default backend for handling Wi-Fi authentication, including WPA and WPA2 protocols, while also supporting iwd (iNet Wireless Daemon) as an experimental alternative for improved performance and simplicity in resource usage.[33] This configuration is specified in thewifi.backend key within the [device] section of NetworkManager's configuration file, allowing administrators to switch between the two for compatibility with various hardware drivers.[33]
For advanced Wi-Fi scenarios, NetworkManager enables connection to hidden networks by setting the hidden property to TRUE in the 802-11-wireless connection profile, which triggers probe-scanning mechanisms to discover non-broadcasting service set identifiers (SSIDs) despite potential reliability issues in infrastructure mode.[27] Ad-hoc networking is also supported by configuring the mode property to "adhoc," requiring explicit specification of the channel and band to ensure compatibility with peer devices, though encryption in ad-hoc mode is limited to WEP due to backend constraints.[27]
NetworkManager manages Wi-Fi scanning and association by periodically querying available access points (APs) via the backend daemon, generating lists of SSIDs along with associated basic service set identifiers (BSSIDs) and signal quality metrics such as received signal strength indicator (RSSI) values.[34] These scans facilitate automatic association with preferred networks; for instance, when multiple known hotspots are available, NetworkManager prioritizes based on configured connection priorities and signal strength before attempting auto-connection to profiles flagged with autoconnect=yes.[27][35] The seen-bssids property tracks previously detected APs for read-only reference, aiding in roaming decisions without manual intervention.[27]
On the mobile broadband front, NetworkManager handles wireless wide area network (WWAN) connections by delegating control to the ModemManager daemon, which manages devices supporting GSM, UMTS, and LTE protocols for cellular data access.[36] This integration allows NetworkManager to configure and activate WWAN profiles using the gsm setting type, including specification of the access point name (APN) for GPRS/EDGE sessions and LTE-specific initial EPS bearer APNs.[37] SIM PIN management is supported through the pin property, which unlocks locked SIM cards, with flags controlling whether the PIN is stored securely or prompted at connection time.[37] Auto-configuration of APNs can be enabled via a provider database lookup, simplifying setup for common carriers.[37]
Mobile broadband support was introduced in NetworkManager version 0.7, released in 2008, which added out-of-the-box compatibility for numerous cellular modems via enhanced PPP integration and multi-device handling, marking a shift toward comprehensive wireless mobility.[38] This version laid the groundwork for reliable UMTS/HSDPA and EVDO connections. Advanced features like full 5G standalone (SA) connectivity are supported through ModemManager versions 1.14 and later (introduced in 2020), as NetworkManager depends on the daemon for NR (New Radio) bands and extensions like MBIM v3.0. As of November 2025, this provides comprehensive 5G capabilities in environments with recent ModemManager and compatible hardware.[39][36]
VPN and Security
NetworkManager provides robust support for virtual private network (VPN) connections through a plugin architecture that enables integration with various VPN protocols. Key plugins include NetworkManager-vpnc for Cisco-compatible IPsec VPNs, NetworkManager-openvpn for OpenVPN-based tunnels, and NetworkManager-strongswan for IKEv2/IPsec connections supporting EAP, pre-shared keys (PSK), and certificate authentication.[40][41][42][43] These plugins implement a D-Bus service for establishing connections and an editor dialog for configuration, allowing users to define VPN settings such as server addresses, authentication credentials, and encryption parameters. VPN configurations are managed via NetworkManager's connection profiles, which store settings persistently and support automatic activation based on network conditions or user triggers.[40] Additionally, NetworkManager offers native support for WireGuard VPNs starting from version 1.16.0, eliminating the need for a separate plugin and enabling seamless configuration through the same connection profile system. This integration simplifies WireGuard setup by handling interface creation, peer routing, and key management directly within NetworkManager's framework.[40][44] For authentication, NetworkManager supports advanced methods including WPA-EAP for Wi-Fi enterprise networks, which facilitates secure access using Extensible Authentication Protocol variants like PEAP, TTLS, and TLS with certificates or tokens. These credentials can be securely stored and retrieved via integration with GNOME Keyring, where secret agents such as nm-applet or gnome-shell handle encryption and access control to prevent unauthorized exposure.[45] NetworkManager integrates with firewall systems to enforce connection-specific rules, hooking into firewalld for dynamic zone assignments or directly using iptables/nftables backends for masquerading and filtering in shared connections. This ensures that traffic from new interfaces or VPN tunnels adheres to predefined security policies without manual intervention.[46][26] To enhance security, NetworkManager includes features like MAC address randomization for Wi-Fi connections, introduced in version 1.10, which generates a randomized hardware address during association to mitigate tracking by rogue access points and improve user privacy. This is configurable via thewifi.mac-address-randomization option in connection profiles or global settings, defaulting to disabled but recommended for public networks. Furthermore, audit logging can be enabled in the [logging] section of NetworkManager.conf to record security-relevant events, with the audit option directing records to the system's auditd daemon alongside internal logs for comprehensive monitoring.[47][26]
User Interfaces and Tools
Command-Line Interface
The primary command-line interface for NetworkManager is nmcli, a versatile tool designed for controlling the service and reporting network status, particularly suited for headless environments and automation tasks. Introduced in 2010 to provide a non-graphical alternative for managing connections and devices, nmcli enables users to create, edit, activate, and monitor network configurations without relying on desktop environments.[48][34] nmcli organizes its functionality through a hierarchical structure of subcommands, includinggeneral for overall status and permissions, networking for enabling or checking connectivity, radio for managing wireless hardware switches, connection for handling profiles (e.g., nmcli con up id <name> to activate a connection or nmcli con show to list them), device for device operations (e.g., nmcli dev wifi list to scan available Wi-Fi networks or nmcli dev status for device overview), agent for secret handling and PolicyKit interactions, and monitor for real-time activity observation. These subcommands support tab-completion and options like --terse for machine-readable output, facilitating integration into scripts. For instance, the command nmcli dev wifi connect <SSID> password <pass> establishes a Wi-Fi connection programmatically.[34][49]
Complementing nmcli, nmtui offers a text-based user interface (TUI) for simpler, interactive configuration of basic network settings, such as editing connections or toggling activations, using cursor navigation in a terminal. Launched via the nmtui command, it requires the NetworkManager-tui package and is ideal for quick adjustments without memorizing nmcli syntax, though it lacks support for advanced features like VPNs.[50]
nmcli's output can be parsed easily in scripting environments for automation, such as Bash scripts that dynamically manage connections based on events or conditions, or integration with tools like Ansible for orchestrating network setups across multiple systems. For example, a Bash script might use nmcli -t -f NAME,TYPE dev to extract device details and conditionally activate profiles, enabling reliable automation in server deployments. NetworkManager's dispatcher scripts further enhance this by triggering custom actions on events like connection changes, often invoking nmcli commands.[34][51]
Permissions for nmcli operations are managed via PolicyKit (polkit), allowing non-root users to handle personal connections (e.g., user-specific Wi-Fi profiles) without elevated privileges in an active session, while system-wide changes typically require sudo for root access. The command nmcli general permissions displays the current user's authorized actions, ensuring secure control without full administrative rights for routine tasks.[53][34]
Graphical Interfaces
NetworkManager provides graphical user interfaces primarily through desktop environment-specific applets and editors that allow users to manage connections visually without command-line interaction. These interfaces leverage D-Bus for communication with the NetworkManager daemon, enabling seamless integration into system trays or panels for monitoring and control.[54] In the GNOME desktop environment, NetworkManager is integrated directly into the GNOME Shell's top bar system menu (accessible via the network icon), providing quick access to network status, available connections, and notifications for events like disconnections or new networks. It supports visual scanning of wireless networks, prompting users for passwords via secure dialogs, and toggling VPN connections through the menu interface. Detailed configuration is available via the Settings application under the Network panel, which uses the nm-connection-editor tool, a GTK-based application for adding, editing, or removing connection profiles, including advanced settings for wired, wireless, and mobile broadband. This integration relies on the libnm library for bindings to NetworkManager's API, facilitating real-time updates and user interactions. For environments requiring a traditional system tray applet, nm-applet can be used.[55][56][57][58] For KDE Plasma, the plasma-nm applet serves a similar role, embedding into the system tray to provide icons for connection status, quick connect/disconnect options, and notifications. It enables visual network scanning, password entry prompts, and VPN management via a context menu, with secrets stored securely using KWallet for password protection. The applet is written in QML and depends on the NetworkManager Qt bindings (networkmanager-qt) to interface with the daemon, ensuring compatibility with Plasma's workflow.[59][60] Other desktop environments, such as MATE and XFCE, typically utilize the cross-desktop nm-connection-editor for profile editing and management, often in conjunction with nm-applet for tray functionality. This tool offers a unified graphical experience for configuring connections, including visual selection of networks, secure password input, and VPN setup, without requiring environment-specific applets. These graphical components evolved significantly with NetworkManager 0.8 in 2010, which removed the dependency on the deprecated Hardware Abstraction Layer (HAL) in favor of udev for device detection, simplifying GUI-daemon interactions and improving reliability.[58][61]History and Development
Origins and Early Releases
NetworkManager was initiated in 2004 by Red Hat engineer Dan Williams as a component for the Fedora Core 2 distribution, with an initial emphasis on automating wireless network detection and connection to address the growing prevalence of Wi-Fi-enabled laptops. The project aimed to provide a user-friendly alternative to manual network configuration, integrating with the HAL (Hardware Abstraction Layer) and D-Bus for hardware events and inter-process communication. The first public release, version 0.3.1, arrived in October 2004, introducing basic automatic establishment of wired and wireless connections, wireless key management for WEP encryption, and a high-level D-Bus API for desktop environment integration.[62][63][64] From 2004 to 2007, versions 0.1 through 0.6 laid the groundwork for core functionality, adding Wi-Fi scanning and association capabilities, DHCP client integration for dynamic IP and hostname assignment, and support for external tools like wpa_supplicant for authentication. Version 0.5 in 2006 brought WPA and WPA2 security, including Enterprise modes, while 0.6 expanded to dynamic WEP keys, ISDN, and dial-up modems, enhancing portability across distributions such as Debian, Gentoo, and Slackware. During this era, the project was upstreamed to the freedesktop.org infrastructure, enabling broader community involvement and version control via Git. Adoption accelerated with its inclusion as the default networking tool in Ubuntu 7.04 (Feisty Fawn) in April 2007, where it simplified wireless and wired setup but initially struggled with seamless integration.[65][66] Early development encountered challenges, particularly conflicts with legacy static network configurations defined in files like /etc/network/interfaces, which could lead to unmanaged devices or failed activations when NetworkManager's dynamic policies overrode them. These issues prompted iterative improvements in static IP handling and compatibility modes to coexist with traditional tools.[67] A pivotal evolution occurred in version 0.7, released in December 2008, which integrated PPP support for mobile broadband, allowing automatic detection and configuration of cellular modems (including GPRS, UMTS, HSDPA, and EVDO) without additional plugins. This expanded NetworkManager's scope beyond local networks to wide-area connectivity. Version 0.8, launched in April 2010, eliminated the HAL dependency in favor of direct udev interaction for hardware enumeration, streamlining boot-time detection and reducing overhead; it also incorporated dnsmasq for local DNS caching and enhanced VPN plugin handling.[68][69][61] The release of version 1.0 in December 2014 represented a major stabilization milestone after over a decade of refinement, introducing a modern GObject-based client library (libnm) for stable API/ABI guarantees and adding native support for network teaming to aggregate multiple interfaces for higher throughput and redundancy. This version solidified NetworkManager's role as a robust, distribution-agnostic solution while addressing long-standing feedback on reliability and extensibility.[70][71][65]Recent Versions and Milestones
NetworkManager has seen steady evolution since version 1.2, with releases focusing on enhanced protocol support, privacy features, and integration with modern Linux ecosystems. Version 1.2, released in April 2016, introduced significant IPv6 improvements, including better auto-configuration stability and compatibility, alongside tighter integration with systemd for service management and dependency handling. These changes addressed previous limitations in IPv6 handling during network transitions and improved overall reliability in environments using systemd as the init system.[72][73] Subsequent releases built on this foundation, emphasizing wireless security and virtualization. In October 2017, version 1.10 added support for Wi-Fi Protected Management Frames (PMF, or 802.11w) to protect against certain attacks, Wi-Fi Protected Setup (WPS) authentication, and basic Open vSwitch integration for software-defined networking setups. Privacy enhancements, such as MAC address randomization for Wi-Fi connections, had been introduced earlier in 1.2 but were refined in later point releases to balance usability and tracking prevention. By version 1.16 in March 2019, NetworkManager gained native support for WireGuard VPN tunnels, enabling seamless configuration without external plugins, along with Wi-Fi Peer-to-Peer (P2P, or Wi-Fi Direct) for direct device connections and initial WPA3 authentication.[74][75][44] From 2020 onward, development shifted toward cloud and mobile optimizations. Version 1.22, released in March 2020, introduced the experimentalnm-cloud-setup tool for automatic configuration in cloud environments like AWS EC2, support for Wi-Fi mesh networks, and customizable IPv6 Router Advertisement timeouts to improve responsiveness in dynamic networks. In August 2022, version 1.40 brought Multipath TCP (MPTCP) support for aggregated connections, offline nmcli commands for profile management without the daemon, and structured DHCP lease files for better interoperability. Enhanced mobile broadband handling, including 5G, relies on integration with ModemManager, with improvements in versions 1.40 and later enabling better carrier aggregation and signal management for 5G modems. SELinux-related fixes, such as those addressing audit2allow denials for dispatcher scripts, appeared in various point releases around this period to ensure compatibility in secured environments.[76][77][78]
More recent milestones reflect adaptations to emerging hardware and stability needs. Version 1.46 in February 2024 added support for 6 GHz Wi-Fi bands (Wi-Fi 6E), the stable-ssid MAC randomization mode tied to specific networks for consistent privacy, and Ethtool Energy Efficient Ethernet (EEE) management to reduce power consumption on wired links. By August 2025, version 1.54 introduced per-device IPv4 forwarding configuration, IPv6 prefix delegation with subnet ID support, and WireGuard IPv6 endpoint firewall rules using nftables or iptables, alongside NBFT parsing for early boot networking in UEFI environments. The point release 1.54.1 in September 2025 followed with global DNS overwrite capabilities to override connection-specific resolvers, DHCP client ID support in initrd generators, and minor bug fixes enhancing overall stability.[79][80][81][82]
NetworkManager's development is hosted under the GNOME project at freedesktop.org, with ongoing contributions from the community and companies like Red Hat, ensuring active maintenance and compatibility with evolving kernel features. As of 2025, it remains the default network management solution in major distributions, including Fedora (since its inception in 2004) and Ubuntu (since version 7.04 in 2007), powering both desktop and server environments where the nmcli command-line tool facilitates headless administration.[1][55]