NetworkManager 1.56 Released with WireGuard Peer Management in nmcli

Overview

The widely used Linux networking service NetworkManager has introduced version 1.56, bringing a mix of functional improvements, policy refinements, and infrastructure updates aimed at both desktop and enterprise deployments. Released six months after NetworkManager 1.54, this latest version demonstrates the project’s continued commitment to providing robust, flexible, and user-friendly network management for Linux systems across desktop and server environments.

WireGuard Management Enhancements

A practical enhancement for administrators is the expanded nmcli support for WireGuard. Users can now view and manage individual peers directly from the command line, removing the need for manual configuration edits and improving automation workflows for secure tunnel management. This enhancement significantly streamlines VPN management, particularly in environments with multiple WireGuard connections and complex peer configurations.

The improved VPN capabilities extend beyond WireGuard, with better integration for OpenVPN and other popular VPN solutions. Users will notice more reliable connection establishment and improved error handling when VPN connections fail or need to be re-established. A new libnm API function allows VPN plugins to validate certificate access rights, helping prevent accidental privilege escalation or credential misuse in multi-user systems.

DNS Behavior Refinements

DNS behavior has also been refined. The global-dns setting now overwrites DNS search domains and options from individual connections instead of merging them, providing more predictable results. NetworkManager now accepts hostnames longer than 64 characters from DNS responses, and administrators can configure DNSSEC on a per-connection basis using the new connection.dnssec property when working with systemd-resolved.

Multipath TCP Evolution

Multipath TCP support has evolved as well. A new laminar endpoint type is introduced and enabled alongside the existing subflow configuration by default, improving reliability in multi-link environments. VPN connections also now correctly inherit advanced networking properties such as mDNS, LLMNR, DNS-over-TLS, IPv6 privacy settings, and MPTCP flags.

High-Performance Networking Improvements

For high-performance networking scenarios, the release improves SR-IOV handling by allowing reapplication of the sriov.vfs property when the total number of virtual functions remains unchanged. VLAN configuration on bond ports can now be reapplied, and high-availability setups gain new options for configuring the HSR protocol version and defining an interlink interface.

Mobile broadband support sees reliability fixes as well. NetworkManager now properly reconnects broadband links even when modems briefly enter transitional states, and connections without an operator code are treated as recoverable rather than fatal errors. A new GSM device-UID option lets administrators restrict which hardware a mobile connection may use.

Early-Boot Networking

Early-boot networking improvements arrive via updates to nm-initrd-generator, which now supports specifying a DHCP client identifier through the rd.net.dhcp.client-id kernel parameter. Meanwhile, the built-in IPv4 address conflict detection component (n-acd) is now always compiled with eBPF enabled, with runtime checks determining whether kernel support is available.

Security Enhancements

Security also receives attention in this release. NetworkManager now verifies whether users have permission to access certificates and private keys referenced in 802.1X configurations. A new libnm API function allows VPN plugins to validate certificate access rights, helping prevent accidental privilege escalation or credential misuse in multi-user systems.

NetworkManager 1.56 continues the project’s steady focus on reliability, security, and modern networking features across both desktop and server deployments. Source code and release details are available from the project’s repository hosted on GitLab.