Systemd, the eponymous system-daemon turned system-everything is known for its ever growing list of included system management functionality, from the core init daemon to container management. With the release of version 209, systemd introduced systemd-networkd, the simple network device manager, which was then improved upon in version 215 with the addition of DHCP support and other features. Unfortunately, as of systemd-233-r1, the latest version available in Gentoo as at the time of writing, the ability to easily manage wireless devices still relies upon wpa_supplicant and support for VPNs is non-existent.

Because of this, often one was left with the choice of either having two network management utilities installed, one completely unused; or having to manually configure VPNs and wireless devices. Further, if you use NetworkManager to manage your devices, systemd can have some issues with integrating networking into other services like container management, which in turn means configuring external networking in containers can be problematic.

Ignorance is bliss

Luckily, both network management utilities have the ability to ignore things. It's one of my favourite abilities. Specifically, you can tell NetworkManager to not manage whichever devices you would prefer remain managed by systemd-networkd.

To do this, you will need to edit the /etc/NetworkManager/NetworkManager.conf file to add content similar to the following:

[keyfile]
unmanaged-devices=interface-name:em4
unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth2

Using the above examples, you can tell NetworkManager to not attempt to manage network devices based on either their interface name or MAC address. You only need to specify one rule to match a device - no need to list both name and MAC - and you can list whichever devices you need, allowing others to remain managed. This should allow NetworkManager to remain running, taking care of any VPNs you might need, and even have it connecting your wireless while systemd-networkd manages the wired network.

The other shoe

While NetworkManager should now be ignoring your physical network devices, it still leaves systemd-networkd potentially trying to grab things it shouldn't, like your VPN interface. To prevent this, you will need to create a network file for it in systemd's network configuration directory, /etc/systemd/network, that matches the device name and tells systemd-networkd to ignore it. For example, you might create the file /etc/systemd/network/ppp0.network with the following content:

[Match]
Name=ppp0

[Network]
Unmanaged=yes

And that's it. NetworkManager and systemd-networkd should both ignore whichever devices you configured it to ignore, allowing the other to work its magic - two network management systems working side-by-side. You can check this by running their respective command line utilities:

$ nmcli dev
DEVICE  TYPE      STATE      CONNECTION
eno1    ethernet  unmanaged  --         
lo      loopback  unmanaged  --         
wlo1    wifi      unmanaged  --

$ networkctl
IDX LINK             TYPE               OPERATIONAL SETUP     
  1 lo               loopback           carrier     unmanaged
  2 eno1             ether              off         unmanaged
  3 wlo1             wlan               routable    configured

Now, don't forget to enable systemd-resolved and systemd-timesyncd - you know, since it just makes sense to have init manage your name resolution and time synchronisation...