1IWD.AP(5)                     Linux Connectivity                     IWD.AP(5)
2
3
4

NAME

6       iwd.ap - Configuration of IWD access points
7

NAME

9       iwd.ap - Access point provisioning files
10

SYNOPSIS

12       Description of access point provisioning files.
13

DESCRIPTION

15       An  access  point provisioning file defines the configuration of an IWD
16       access point. These files live in $STATE_DIRECTORY/ap  (/var/lib/iwd/ap
17       by default).  They are read when the net.connman.iwd.AccessPoint.Start‐
18       Profile(ssid) DBus method is used.
19

FILE FORMAT

21       See iwd.network for details on the settings file syntax.
22

SETTINGS

24       The settings are split into several categories.  Each  category  has  a
25       group  associated  with  it and is described in the corresponding table
26       below.
27
28   General Settings
29       The group [General] contains general AP configuration.
30
31                       ┌────────┬────────────────────────────┐
32                       │Channel │ Channel number             │
33                       │        │                            │
34                       │        │ Optional  channel   number │
35                       │        │ for  the  access  point to │
36                       │        │ operate  on.    Only   the │
37                       │        │ 2.4GHz-band  channels  are │
38                       │        │ currently allowed.         │
39                       └────────┴────────────────────────────┘
40
41   Network Authentication Settings
42       The group [Security] contains settings for Wi-Fi security and authenti‐
43       cation configuration.
44
45                     ┌─────────────┬────────────────────────────┐
46                     │Passphrase   │ 8..63 character string     │
47                     │             │                            │
48                     │             │ WPA-PSK  Passphrase  to be │
49                     │             │ used  with   this   access │
50                     │             │ point.   At  least  one of │
51                     │             │ Passphrase,   PreSharedKey
52                     │             │ must be present.           │
53                     ├─────────────┼────────────────────────────┤
54                     │PreSharedKey │ 64-character hex-string    │
55                     │             │                            │
56                     │             │ Processed  passphrase  for │
57                     │             │ this network in  the  form │
58                     │             │ of  a  hex-encoded 32-byte │
59                     │             │ pre-shared  key.    Either │
60                     │             │ this or Passphrase must be │
61                     │             │ present.                   │
62                     └─────────────┴────────────────────────────┘
63
64   IPv4 Network Configuration
65       The group [IPv4] contains settings for IWD's built-in DHCP server.  All
66       settings  are  optional.  They're used if network configuration was en‐
67       abled as described in iwd.config(5).  Omitting the  [IPv4]  group  dis‐
68       ables network configuration for this access point so if an all-defaults
69       DHCP setup is desired, the group header line must still be present:
70
71          # Enable network configuration
72          [IPv4]
73
74          [other groups follow]
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133                      ┌──────────┬────────────────────────────┐
134                      │Address   │ Local  IP  address  or   a │
135                      │          │ comma-separated   list  of │
136                      │          │ prefix-notation addresses  │
137                      │          │                            │
138                      │          │ Optional   local   address │
139                      │          │ pool  for the access point │
140                      │          │ and the DHCP server.  If a │
141                      │          │ single address is provided │
142                      │          │ this address will  be  set │
143                      │          │ on  the  AP  interface and │
144                      │          │ any other DHCP server  op‐ │
145                      │          │ tions will be derived from │
146                      │          │ it if  not  overridden  by │
147                      │          │ other settings below.      │
148                      │          │                            │
149                      │          │ If a list of addresses and │
150                      │          │ prefix lengths  is  speci‐ │
151                      │          │ fied  (in  the  <IP>/<pre‐
152                      │          │ fix-len> format), a single │
153                      │          │ subnet address will be se‐ │
154                      │          │ lected from the  available │
155                      │          │ space  each time this pro‐ │
156                      │          │ file is started.  The sub‐ │
157                      │          │ net  size  is based on the │
158                      │          │ [IPv4].Netmask setting.    │
159                      │          │                            │
160                      │          │ If Address is not provided │
161                      │          │ and  no  IP address is set │
162                      │          │ on the interface prior  to │
163                      │          │ calling  StartProfile  the │
164                      │          │ value  of  the   main.conf │
165                      │          │ [IPv4].APAddressPool  set‐ │
166                      │          │ ting  will  be  inherited, │
167                      │          │ which  in turn defaults to │
168                      │          │ 192.168.0.0/16.            │
169                      │          │                            │
170                      │          │ For      example,       if │
171                      │          │ [IPv4].Netmask  is  set to │
172                      │          │ 255.255.255.0   and   this │
173                      │          │ setting,   or  the  global │
174                      │          │ APAddressPool fallback, is │
175                      │          │ set   to   192.168.0.0/16, 
176                      │          │ 10.0.0.0/22, IWD will  se‐ │
177                      │          │ lect  one  of the 256 sub‐ │
178                      │          │ nets with addresses in the │
179                      │          │ 192.168.<0-255>.0/24 range │
180                      │          │ or one of  the  4  subnets │
181                      │          │ with   addresses   in  the │
182                      │          │ 10.0.<0-3>.0/24 range, al‐ │
183                      │          │ lowing  270  possible sub‐ │
184                      │          │ nets.  Defining an address │
185                      │          │ pool  larger  than the de‐ │
186                      │          │ sired subnet gives  IWD  a │
187                      │          │ chance  to avoid conflicts │
188                      │          │ if other interfaces on the │
189                      │          │ system use dynamically as‐ │
190                      │          │ signed addresses.          │
191                      └──────────┴────────────────────────────┘
192
193
194
195
196
197
198
199                      │Gateway   │ IP Address of gateway      │
200                      │          │                            │
201                      │          │ IP address of the  gateway │
202                      │          │ to  be advertised by DHCP. │
203                      │          │ This will fall back to the │
204                      │          │ local  IP  address  if not │
205                      │          │ provided.                  │
206                      ├──────────┼────────────────────────────┤
207                      │Netmask   │ Local netmask of the AP    │
208                      │          │                            │
209                      │          │ Defaults to a 28-bit  net‐ │
210                      │          │ mask if not provided.      │
211                      ├──────────┼────────────────────────────┤
212                      │DNSList   │ List  of  DNS servers as a │
213                      │          │ comma-separated IP address │
214                      │          │ list                       │
215                      │          │                            │
216                      │          │ A   list  of  DNS  servers │
217                      │          │ which will  be  advertised │
218                      │          │ by the DHCP server. If not │
219                      │          │ provided  no  DNS  servers │
220                      │          │ will  be  sent by the DHCP │
221                      │          │ server.                    │
222                      ├──────────┼────────────────────────────┤
223                      │LeaseTime │ Time limit for DHCP leases │
224                      │          │ in seconds                 │
225                      │          │                            │
226                      │          │ Override the default lease │
227                      │          │ time.                      │
228                      ├──────────┼────────────────────────────┤
229                      │IPRange   │ Range of IPs given as  two │
230                      │          │ addresses  separated  by a │
231                      │          │ comma                      │
232                      │          │                            │
233                      │          │ From and to  addresses  of │
234                      │          │ the   range   assigned  to │
235                      │          │ clients through DHCP.   If │
236                      │          │ not   provided  the  range │
237                      │          │ from local address + 1  to │
238                      │          │ .254 will be used.         │
239                      └──────────┴────────────────────────────┘
240
241   Wi-Fi Simple Configuration
242       The group [WSC] fine-tunes some Wi-Fi Simple Configuration local param‐
243       eters (formerly known as WPS, Wi-Fi Protected Setup.)
244
245                  ┌──────────────────┬────────────────────────────┐
246                  │DeviceName        │ 1..32-character string     │
247                  │                  │                            │
248                  │                  │ Optional    Device    Name │
249                  │                  │ string  for  the AP to ad‐ │
250                  │                  │ vertise as.   Defaults  to │
251                  │                  │ the SSID.                  │
252                  └──────────────────┴────────────────────────────┘
253
254
255
256
257
258
259
260
261
262
263
264
265                  │PrimaryDeviceType │ Subcategory  string  or  a │
266                  │                  │ 64-bit integer             │
267                  │                  │                            │
268                  │                  │ Optional  Primary   Device │
269                  │                  │ Type  for the AP to adver‐ │
270                  │                  │ tise as.  Defaults  to  PC │
271                  │                  │ computer.   Can  be speci‐ │
272                  │                  │ fied as a  lower-case  WSC │
273                  │                  │ v2.0.5  subcategory string │
274                  │                  │ or a 64-bit integer encod‐ │
275                  │                  │ ing,  from MSB to LSB: the │
276                  │                  │ 16-bit  category  ID,  the │
277                  │                  │ 24-bit  OUI, the 8-bit OUI │
278                  │                  │ type and the  16-bit  sub‐ │
279                  │                  │ category ID.               │
280                  ├──────────────────┼────────────────────────────┤
281                  │AuthorizedMACs    │ Comma-separated   MAC  ad‐ │
282                  │                  │ dress list                 │
283                  │                  │                            │
284                  │                  │ Optional  list  of  Autho‐ │
285                  │                  │ rized  MAC  addresses  for │
286                  │                  │ the WSC registrar to check │
287                  │                  │ on  association.  Each ad‐ │
288                  │                  │ dress is specified in  the │
289                  │                  │ colon-hexadecimal    nota‐ │
290                  │                  │ tion.   Defaults   to   no │
291                  │                  │ MAC-based checks.          │
292                  └──────────────────┴────────────────────────────┘
293

SEE ALSO

295       iwd(8), iwd.network(5)
296

AUTHOR

298       James Prestwood <prestwoj@gmail.com>
299
301       2020 Intel Corporation
302
303
304
305
306iwd                             20 October 2020                      IWD.AP(5)
Impressum