Support for NetworkManager

[leleobhz]

Is your feature request related to a problem? Please describe. On Linux, ZeroTier does not have a GUI to handle it. Since NetworkManager is a standard manager for all modern Linux distributions, NetworkManager is very desirable.

Describe the solution you'd like A NetworkManager plugin to be able to Join, Remove, Track (Show informations, etc), handle L2 and L3 interfaces - much like OpenVPN plugin, but for Zerotier.

Describe alternatives you've considered The only way to handle ZT within Linux is using CLI.

Additional context This feature request was made in Reddit

[jclds139]

I would like to add that integrating with NetworkManager would also enable things like configuring custom DNS for a ZT network, since NetworkManager typically manages resolv.conf, making manual edits pointless.

[adamierymenko]

Is it actually ubiquitous? Last time I installed a minimal Debian install it wasn't there.

[jclds139]

There are other network management packages, but NetworkManager is by far the most commonly used for end-user devices (systemd-networkd is more ubiquitous, but also has no GUI so it's mostly for servers with static config). It's the integrated option for both GNOME, KDE, and Cinnamon, plus it has applets that integrate with just about everything else. For a GUI manager, it's as close to ubiquitous as anything.

[adamierymenko]

Sounds like the Debian and CentOS/RHEL static config methods plus systemd are the standard for servers/VMs and NetworkManager is the most common for desktop.

[karlisk]

Just leaving a note here after unsuccessful zerotier-cli tests on openSUSE Tumbleweed I found this GitHub issue.

If I'm interpreting 'static config methods' correctly as the old ifup scripts and configs for setting up static configurations then...

On RHEL/CentOS/Oracle Linux the static config methods through the old ifup scripts has been deprecated with the release 8.x - this is true for both the Workstation and Server install presets.

Network scripts are deprecated in RHEL 8

Network scripts are deprecated in Red Hat Enterprise Linux 8 and they are no longer provided by default. The basic installation provides a new version of the ifup and ifdown scripts which call the NetworkManager service through the nmcli tool. In Red Hat Enterprise Linux 8, to run the ifup and the ifdown scripts, NetworkManager must be running.

Source: CHAPTER 10. DEPRECATED FUNCTIONALITY

As noted in that resource, they can still be used, but because of NetworkManager this will likely cause problems for the existing configuration. For unattended NetworkManager configuration nmcli should be used. When it comes to Debian, I believe it too now uses NetworkManager as default on both the Workstation/Desktop and Server install profiles, but it may still provide compatibility for the old configuration methods for LTS purposes.

As for Ubuntu, latest server edition releases since 18.04 have been defaulting to cloudinit, desktop edition relies on NetworkManager, ifup scripts too have been deprecated.

And just to make things even more interesting, SUSE / openSUSE has created their own 'wicked' network managment solution, which, has been added to SUSE and openSUSE for users of both server, workstation/desktop install profiles to select during or after OS setup. So you may encounter either NetworkManager or Wicked on this Distro, Wicked may just become the default and replace NetworkManager in the future too.

[leleobhz]

Since it will only use networking stack for DNS configuration, Isn't the case to create code for check each "famous" configuration system and apply the DNS configuration with it without other concerns - almost a dumb manager?

[palonsoro]

There is also another interesting thing: NetworkManager delegates DNS management into different DNS plugins, in order to provide advanced features like split-dns in OpenVPN. The ones I know about are systemd-resolved and dnsmasq. ArchLinux wiki is a good reference

Recent Fedora versions switched from dnsmasq one to systemd-resolved by default, but it is possible for users to choose to go back to dnsmasq and some users (including me) did. Not sure about other distros.

[luni3359]

I'm a systemd user myself but wouldn't that be bad for those not using it?

[palonsoro]

@luni3359 not sure to understand what you mean. Do you mean that it would be bad to focus only on systemd-resolved when there are users using other solutions?

In that case, I would agree. I'd see at least reasonable to support both systemd-resolved and dnsmasq plugins at least, plus others that some other folks around can find interesting for a number of users.

[laduke]

side note re dns: https://github.com/zerotier/zerotier-systemd-manager

[palonsoro]

Ok, so we kind of have it already for systemd-networkd. It would be good to also have something similar but for dnsmasq, then.

[iMonZ]

Any news here?

[D4rk4]

Any updates?

[Jachimo]

Another frustrated user... I would honestly be satisfied just with good documentation explaining exactly how to set up split-horizon DNS on a handful of common distributions in their default configurations.

E.g. the default configuration for Ubuntu 22.04 is an (IMO rather unfortunate) mix of NetworkManager for connection management, but Systemd's "Resolved" as a local stub DNS resolver. And there's very little good documentation (that I have found yet) on how to do reliable split-horizon DNS in this configuration, which isn't specific to WireGuard or some other VPN client that does stuff ZeroTier doesn't do.

In particular, I have found that on Ubuntu 22.04, even if you set a per-interface DNS resolver using resolvectl and then set a DNS search domain using nmcli (using sudo nmcli conn modify...), it just... doesn't work. No error messages, no clue what's wrong, it's just broken.

Having to pass around /etc/hosts files or memorize IP addresses is one of the big downsides of ZeroTier at present, and while I'm glad that there's now easy ways to populate an upstream DNS server with a ZT network's IP addresses, client machines need some way of being forced to actually use that server. Slamming ZeroTier addresses into a network's main DNS server, or running all DNS queries over ZeroTier and through the "private" DNS resolver, is really not a viable solution in many, many situations.