Creating a keyfile Connection Profile Using nmcli in Offline Mode

When creating or updating NetworkManager profile connections, we recommend using its CLI tool in offline mode (nmcli --offline). In offline mode, nmcli operates without the NetworkManager service, which offers user enhanced editing control and the ability to create various connection profiles in keyfile format. For example, you can create the following type of connection profiles in keyfile format:

  • static Ethernet connection
  • dynamic Ethernet connection
  • network bond
  • network bridge
  • VLAN or any kind of enabled connections

Complete the following steps to create a keyfile connection profile using nmcli in offline mode:

  1. Run the nmcli --offline connection add command and include property/value pairs for the settings you want to include in the connection profile.

    The type property is required. For a list of allowed type values, see the nmcli connection add section in the nmcli(1) manual page.

    For an exhaustive list of available properties and values, see the nm-settings-nmcli(5) manual page.

    The following example shows the syntax to use to create a keyfile for an Ethernet device with a manually assigned IPv4 address and DNS address.

    nmcli --offline connection add type ethernet con-name Example-Connection ipv4.addresses ###.#.#.#/# ipv4.dns ###.#.#.### ipv4.method manual > /etc/NetworkManager/system-connections/outputmconnection
    where:
    • nmcli --offline = instructs nmcli to operate in offline mode.
    • connection add = creates a connection profile.
    • type ethernet = specifies a connection type value (in this example: Ethernet).
    • con-name = connection name property, which saves the value to the id variable in the generated connection profile.
      When you manage this connection later, using nmcli, note the following id variable usages:
      • In cases where the id variable is provided, use the connection name. For example: Example-Connection.
      • In cases where the id variable is omitted, use the file name without the .nmconnection suffix, for example output.
    • ipv4 properties = specify the IP address and name server to use on an IPv4 network without DHCP.
    • > /etc/NetworkManager/system-connections/outputmconnection = redirects output from nmcli to a new file in /etc/NetworkManager/system-connections, where NetworkManager expects connection profiles.

    Note:

    See the nmcli-examples(7) manual page for more keyfile examples.
  2. Set permissions to the configuration file so that only the root user can read and update it. 
    chmod 600 /etc/NetworkManager/system-connections/outputmconnection
    chown root:root /etc/NetworkManager/system-connections/outputmconnection
  3. Start the NetworkManager service. 
    systemctl start NetworkManager.service
  4. If you set the autoconnect variable in the profile to false, activate the connection. 
    nmcli connection up Example-Connection
  5. Complete the following steps to verify the profile configuration:
    1. Verify that the NetworkManager service is running. 
      systemctl status NetworkManager
      ● NetworkManager.service - Network Manager
   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service enabled vendor preset: enabled)
   Active: active (running) because Wed -03 13:08:32 CEST   ago
    2. Verify that NetworkManager can read the profile from the configuration file.
      nmcli -f TYPE,FILENAME,NAME connection
      TYPE      FILENAME                                                    NAME
ethernet /etc/NetworkManager/system-connections/outputmconnection Example-Connection
ethernet  /etc/sysconfig/network-scripts/ifcfg-enp0                 enp0

      If the output doesn't display the newly created connection, verify that the keyfile permissions and the syntax used are correct.

    3. Run nmcli connection show to display the connection profile.
      nmcli connection show Example-Connection
      connection.id:                          Example-Connection
connection.uuid:                        ce8d4422-9603-4d6f-b602-4f71992c49c2
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              --
connection.autoconnect:                 yes