Raspberry Pi OS moves to Network Manager

There has been a major change on network configuration coming on Raspberry Pi OS for quite some time now. Along with the introduction of Debian Bookworm, the old dhcpcd has been replaced with Network Manager. This changes the way how I connect back to my parents that requires new configuration. Some of the configuration is similar to that of Inovato's Quadra that I used during the Raspberry Pi shortage.

To demonstrate the configuration here I used my 4GB Raspberry Pi 4 for which Imager 1.8.3 recommends Raspberry Pi OS 64-bit based on Debian Bookworm now. While this image includes desktop, I still prefer to use text based user interface to configure Network Manager. Please note the elegant way 5GHz is used hence higher speed and less interference.

jordana@pi4g:~ $ sudo nmtui
Edit a connection
<Add>
Device wlan0
SSID broadcom
Mode <Access Point>
Channel <A (5 GHz)>
Security <WPA & WPA2 Personal>
Password ********************
IPv4 CONFIGURATION <Shared>
<Show>
Addresses 192.168.3.1/24
<OK>
<Back>
Quit

This configuration automatically sets up DHCP on the access point with dnsmasq built into Network Manager hence separate dnsmasq should not be installed from apt package repository. However we will need to use Google DNS server as DHCP option hence we need to add a configuration file for that.

jordana@pi4g:~ $ sudo nano /etc/NetworkManager/dnsmasq-shared.d/server.conf
dhcp-option=6,8.8.8.8

Text based user interface does not allow setting the necessary IPv4 routing rules so for that I need to use command line interface of Network Manager. First we need to check UUID for the connection created above on wlan0 device.

jordana@pi4g:~ $ nmcli connection
NAME                UUID           TYPE      DEVICE     
Wi-Fi connection 1  6a55d164-xxxx  wifi      wlan0      
jordana@pi4g:~ $ sudo nmcli connection modify 6a55d164-xxxx ipv4.routing-rules "priority 1 from 192.168.3.0/24 table 1"

Next we need to install zerotier and set up its IP address and authorization on Zerotier Central web console to get the interface and IP address we want.

jordana@pi4g:~ $ ip a
4: zt5u4vfg76: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    inet 192.168.193.3/24 brd 192.168.193.255 scope global zt5u4vfg76

Finally, after setting up Managed Routes 192.168.3.0/24 via 192.168.193.3 on Zerotier Central web console we need to dispatch default route towards my parents Raspberry Pi.

jordana@pi4g:~ $ sudo nano /etc/NetworkManager/dispatcher.d/10-zt5u4vfg76-up
#!/bin/bash
if [ "$1" = "zt5u4vfg76" ] && [ "$2" = "up" ]; then
  sudo /sbin/ip route add default via 192.168.193.4 table 1
fi
jordana@pi4g:~ $ sudo chmod +x /etc/NetworkManager/dispatcher.d/10-zt5u4vfg76-up

My friend struggled with the automatic choice of TKIP by Network Manager and needed the following configuration to make it work with iPad:

sudo nmcli con modify "Wi-Fi Hot" 802-11-wireless-security.proto rsn

sudo nmcli con modify "Wi-Fi Hot" 802-11-wireless-security.pairwise ccmp

UPDATE

Even though Network Manager takes care about MASQUERADE I realised that I still need this iptables rule to ensure zerotier-cli can access zerotier service locally.

quadra@inovato:~$ sudo iptables -t nat -I POSTROUTING -o lo -j ACCEPT
quadra@inovato:~$ sudo iptables-save -f /etc/iptables.rules
quadra@inovato:~$ sudo nano /etc/rc.local
iptables-restore /etc/iptables.rules