1service-name.config(5)        File Formats Manual       service-name.config(5)
2
3
4

NAME

6       service-name.config - ConnMan service provisioning file
7

SYNOPSIS

9       /var/lib/connman/service-name.config
10

DESCRIPTION

12       ConnMan's  services  are configured with so called "provisioning files"
13       which reside under /var/lib/connman/.  The files can be named anything,
14       as  long as they end in .config.  The provisioning files can be used to
15       configure for example secured wireless access points which need complex
16       authentication,  for example eduroam, or for static IPs and so on. Each
17       provisioning file can be used for multiple services at once.
18

FILE FORMAT

20       The configuration file format is key file format.  It consists of  sec‐
21       tions  (groups)  of  key-value  pairs.   Lines beginning with a '#' and
22       blank lines are considered comments.  Sections are started by a  header
23       line  containing the section enclosed in '[' and ']', and ended implic‐
24       itly by the start of the next section or the end of the file. Each key-
25       value pair must be contained in a section.
26
27       Description of sections and available keys follows:
28
29   [global]
30       This  section is optional, and can be used to describe the actual file.
31       The two allowed fields for this section are:
32
33       Name=name
34              Name of the network.
35
36       Description=description
37              Description of the network.
38
39   [service_*]
40       Each provisioned service must start with  a  [service_*]  tag,  with  *
41       replaced by an unique name within the file.  The allowed fields are:
42
43       Type=ethernet | wifi
44              Mandatory. Other types than ethernet or wifi are not supported.
45
46       IPv4=off | dhcp | network/netmask/gateway
47              IPv4  settings  for  the  service.  If set to off, IPv4 won't be
48              used.  If set to dhcp, dhcp will be used to obtain  the  network
49              settings.  netmask can be specified as length of the mask rather
50              than the mask itself. The gateway can be omitted  when  using  a
51              static IP.
52
53       IPv6=off | auto | network/prefixlength/gateway
54              IPv6  settings  for  the  service.  If set to off, IPv6 won't be
55              used.  If set to auto, settings will be obtained from  the  net‐
56              work.
57
58       IPv6.Privacy=disabled | enabled | preferred
59              IPv6 privacy settings as per RFC3041.
60
61       MAC=address
62              MAC  address  of the interface to be used. If not specified, the
63              first   found   interface   is   used.   Must   be   in   format
64              ab:cd:ef:01:23:45.
65
66       Nameservers=servers
67              Comma separated list of nameservers.
68
69       SearchDomains=domains
70              Comma separated list of DNS search domains.
71
72       Timeservers=servers
73              Comma separated list of timeservers.
74
75       Domain=domain
76              Domain name to be used.
77
78       The following keys can only be used for wireless networks:
79
80       Name=name
81              A string representation of an network SSID. If the SSID field is
82              present, the Name field is ignored. If the  SSID  field  is  not
83              present, this field is mandatory.
84
85       SSID=ssid
86              SSID:  A  hexadecimal representation of an 802.11 SSID. Use this
87              format to encode special characters including starting or ending
88              spaces.
89
90       Passphrase=passphrase
91              RSN/WPA/WPA2 Passphrase.
92
93       Security=type
94              The  security  type  of  the  network.  Possible  values are psk
95              (WPA/WPA2 PSK), ieee8021x (WPA EAP), none  and  wep.   When  not
96              set,  the  default  value is ieee8021x if an EAP type is config‐
97              ured, psk if a passphrase is present and none otherwise.
98
99       Hidden=true | false
100              If set to true, then this AP is hidden. If  missing  or  set  to
101              false, then AP is not hidden.
102
103       EAP=tls | ttls | peap
104              EAP type to use. Only tls, ttls and peap are supported.
105
106       CACertFile=file
107              Path  to  the  CA certificate file. Only PEM and DER formats are
108              supported.
109
110       PrivateKeyFile=file
111              Path to the private key file. Only PEM, DER and PFX formats  are
112              supported.
113
114       PrivateKeyPassphrase=passphrase
115              Passphrase of the private key.
116
117       PrivateKeyPassphraseType=fsid
118              If  specified, use the private key's fsid as the passphrase, and
119              ignore the PrivateKeyPassphrase field.
120
121       Identity=identity
122              Identity string for EAP.
123
124       AnonymousIdentity=identity
125              Anonymous identity string for EAP.
126
127       Phase2=type
128              Inner authentication type with for EAP=tls or  EAP=ttls.  Prefix
129              the  value  with EAP- to indicate usage of EAP-based authentica‐
130              tion method (should only be used with EAP=ttls).
131

EXAMPLE

133   Eduroam
134       This is a configuration file for eduroam networks. This file could  for
135       example  be  /var/lib/connman/eduroam.config.  Your  university's exact
136       settings might be different.
137
138       [service_eduroam]
139       Type = wifi
140       Name = eduroam
141       EAP = peap
142       Phase2 = MSCHAPV2
143       CACertFile = /etc/ssl/certs/UNIV_CA.crt
144
145   Complex networking
146       This is a configuration file for a network providing EAP-TLS,  EAP-TTLS
147       and EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and
148       peap_ssid and the file name could be /var/lib/connman/complex.config.
149
150       Please note that the SSID entry is for hexadecimal encoded  SSID  (e.g.
151       "SSID  =  746c735f73736964").  If your SSID does not contain any exotic
152       character then you should use the Name  entry  instead  (e.g.  "Name  =
153       tls_ssid").
154
155       [global]
156       Name = Example
157       Description = Example network configuration
158
159       [service_tls]
160       Type = wifi
161       SSID = 746c735f73736964
162       EAP = tls
163       CACertFile = /home/user/.certs/ca.pem
164       ClientCertFile = /home/user/devlp/.certs/client.pem
165       PrivateKeyFile = /home/user/.certs/client.fsid.pem
166       PrivateKeyPassphraseType = fsid
167       Identity = user
168
169       [service_ttls]
170       Type = wifi
171       Name = ttls_ssid
172       EAP = ttls
173       CACertFile = /home/user/.cert/ca.pem
174       Phase2 = MSCHAPV2
175       Identity = user
176
177       [service_peap]
178       Type = wifi
179       Name = peap_ssid
180       EAP = peap
181       CACertFile = /home/user/.cert/ca.pem
182       Phase2 = MSCHAPV2
183       Identity = user
184
185       [service_home_ethernet]
186       Type = ethernet
187       IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
188       IPv6 = 2001:db8::42/64/2001:db8::1
189       MAC = 01:02:03:04:05:06
190       Nameservers = 10.2.3.4,192.168.1.99
191       SearchDomains = my.home,isp.net
192       Timeservers = 10.172.2.1,ntp.my.isp.net
193       Domain = my.home
194
195       [service_home_wifi]
196       Type = wifi
197       Name = my_home_wifi
198       Passphrase = password
199       IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
200       MAC = 06:05:04:03:02:01
201

SEE ALSO

203       connman(8)
204
205
206
207                                  2015-10-15            service-name.config(5)
Impressum