1IWD.AP(5) Linux Connectivity IWD.AP(5)
2
3
4
6 iwd.ap - Configuration of IWD access points
7
9 iwd.ap - Access point provisioning files
10
12 Description of access point provisioning files.
13
15 An access point provisioning file defines the configuration of an IWD
16 access point. These files live in $STATE_DIRECTORY/ap (/var/lib/iwd/ap
17 by default). They are read when the net.connman.iwd.AccessPoint.Start‐
18 Profile(ssid) DBus method is used.
19
21 See iwd.network for details on the settings file syntax.
22
24 The settings are split into several categories. Each category has a
25 group associated with it and is described in the corresponding table
26 below.
27
28 General Settings
29 The group [General] contains general AP configuration.
30
31 ┌─────────────┬────────────────────────────┐
32 │Channel │ Channel number │
33 │ │ │
34 │ │ Optional channel number │
35 │ │ for the access point to │
36 │ │ operate on. If omitted the │
37 │ │ channel will be chosen au‐ │
38 │ │ tomatically. Channels │
39 │ │ greater than or equal to │
40 │ │ 36 will select the 5GHz │
41 │ │ band for the AP to operate │
42 │ │ on. │
43 │ │ │
44 │ │ Note: Due to regulatory │
45 │ │ requirements the linux │
46 │ │ kernel does not allow or │
47 │ │ strictly limits 5GHz use │
48 │ │ in AP mode while in world │
49 │ │ roaming. These frequencies │
50 │ │ become available once the │
51 │ │ country is set, either via │
52 │ │ IWD's main.conf option │
53 │ │ [General].Country (see man │
54 │ │ iwd.config) or externally │
55 │ │ (e.g. iw reg set <CC>). If │
56 │ │ you are having trouble us‐ │
57 │ │ ing 5GHz ensure the coun‐ │
58 │ │ try is set, and that the │
59 │ │ desired frequency/channel │
60 │ │ is unrestricted. │
61 └─────────────┴────────────────────────────┘
62
63
64
65
66
67 │RekeyTimeout │ Timeout for PTK rekeys │
68 │ │ (seconds) │
69 │ │ │
70 │ │ The time interval at which │
71 │ │ the AP starts a rekey for │
72 │ │ a given station. If not │
73 │ │ provided a default value │
74 │ │ of 0 is used (rekeying is │
75 │ │ disabled). │
76 └─────────────┴────────────────────────────┘
77
78 Network Authentication Settings
79 The group [Security] contains settings for Wi-Fi security and authenti‐
80 cation configuration.
81
82 ┌────────────────┬────────────────────────────┐
83 │Passphrase │ 8..63 character string │
84 │ │ │
85 │ │ WPA-PSK Passphrase to be │
86 │ │ used with this access │
87 │ │ point. At least one of │
88 │ │ Passphrase, PreSharedKey │
89 │ │ must be present. │
90 ├────────────────┼────────────────────────────┤
91 │PreSharedKey │ 64-character hex-string │
92 │ │ │
93 │ │ Processed passphrase for │
94 │ │ this network in the form │
95 │ │ of a hex-encoded 32-byte │
96 │ │ pre-shared key. Either │
97 │ │ this or Passphrase must be │
98 │ │ present. │
99 ├────────────────┼────────────────────────────┤
100 │PairwiseCiphers │ Comma separated list of │
101 │ │ pairwise ciphers for the │
102 │ │ AP supports. │
103 │ │ │
104 │ │ Values can include: TKIP, │
105 │ │ CCMP, GCMP, GCMP-256, │
106 │ │ CCMP-256 │
107 │ │ │
108 │ │ The underlying hardware │
109 │ │ and IWD's AP implementa‐ │
110 │ │ tion must also support the │
111 │ │ ciphers listed │
112 ├────────────────┼────────────────────────────┤
113 │GroupCipher │ Group cipher the AP uses │
114 │ │ │
115 │ │ A single cipher value the │
116 │ │ AP can use as the group │
117 │ │ cipher. Values are the │
118 │ │ same as pairwise ciphers │
119 │ │ and the same restrictions │
120 │ │ apply (hardware and IWD │
121 │ │ implementation must sup‐ │
122 │ │ port the cipher) │
123 └────────────────┴────────────────────────────┘
124
125 IPv4 Network Configuration
126 The group [IPv4] contains settings for IWD's built-in DHCP server. All
127 settings are optional. They're used if network configuration was en‐
128 abled as described in iwd.config(5). Omitting the [IPv4] group dis‐
129 ables network configuration for this access point so if an all-defaults
130 DHCP setup is desired, the group header line must still be present:
131
132 # Enable network configuration
133 [IPv4]
134
135 [other groups follow]
136
137 ┌──────────┬────────────────────────────┐
138 │Address │ Local IP address or a │
139 │ │ comma-separated list of │
140 │ │ prefix-notation addresses │
141 │ │ │
142 │ │ Optional local address │
143 │ │ pool for the access point │
144 │ │ and the DHCP server. If a │
145 │ │ single address is provided │
146 │ │ this address will be set │
147 │ │ on the AP interface and │
148 │ │ any other DHCP server op‐ │
149 │ │ tions will be derived from │
150 │ │ it if not overridden by │
151 │ │ other settings below. │
152 │ │ │
153 │ │ If a list of addresses and │
154 │ │ prefix lengths is speci‐ │
155 │ │ fied (in the <IP>/<pre‐ │
156 │ │ fix-len> format), a single │
157 │ │ subnet address will be se‐ │
158 │ │ lected from the available │
159 │ │ space each time this pro‐ │
160 │ │ file is started. The sub‐ │
161 │ │ net size is based on the │
162 │ │ [IPv4].Netmask setting. │
163 │ │ │
164 │ │ If Address is not provided │
165 │ │ and no IP address is set │
166 │ │ on the interface prior to │
167 │ │ calling StartProfile the │
168 │ │ value of the main.conf │
169 │ │ [IPv4].APAddressPool set‐ │
170 │ │ ting will be inherited, │
171 │ │ which in turn defaults to │
172 │ │ 192.168.0.0/16. │
173 │ │ │
174 │ │ For example, if │
175 │ │ [IPv4].Netmask is set to │
176 │ │ 255.255.255.0 and this │
177 │ │ setting, or the global │
178 │ │ APAddressPool fallback, is │
179 │ │ set to 192.168.0.0/16, │
180 │ │ 10.0.0.0/22, IWD will se‐ │
181 │ │ lect one of the 256 sub‐ │
182 │ │ nets with addresses in the │
183 │ │ 192.168.<0-255>.0/24 range │
184 │ │ or one of the 4 subnets │
185 │ │ with addresses in the │
186 │ │ 10.0.<0-3>.0/24 range, al‐ │
187 │ │ lowing 270 possible sub‐ │
188 │ │ nets. Defining an address │
189 │ │ pool larger than the de‐ │
190 │ │ sired subnet gives IWD a │
191 │ │ chance to avoid conflicts │
192 │ │ if other interfaces on the │
193 │ │ system use dynamically as‐ │
194 │ │ signed addresses. │
195 └──────────┴────────────────────────────┘
196
197
198
199 │Gateway │ IP Address of gateway │
200 │ │ │
201 │ │ IP address of the gateway │
202 │ │ to be advertised by DHCP. │
203 │ │ This will fall back to the │
204 │ │ local IP address if not │
205 │ │ provided. │
206 ├──────────┼────────────────────────────┤
207 │Netmask │ Local netmask of the AP │
208 │ │ │
209 │ │ Defaults to a 28-bit net‐ │
210 │ │ mask if not provided. │
211 ├──────────┼────────────────────────────┤
212 │DNSList │ List of DNS servers as a │
213 │ │ comma-separated IP address │
214 │ │ list │
215 │ │ │
216 │ │ A list of DNS servers │
217 │ │ which will be advertised │
218 │ │ by the DHCP server. If not │
219 │ │ provided no DNS servers │
220 │ │ will be sent by the DHCP │
221 │ │ server. │
222 ├──────────┼────────────────────────────┤
223 │LeaseTime │ Time limit for DHCP leases │
224 │ │ in seconds │
225 │ │ │
226 │ │ Override the default lease │
227 │ │ time. │
228 ├──────────┼────────────────────────────┤
229 │IPRange │ Range of IPs given as two │
230 │ │ addresses separated by a │
231 │ │ comma │
232 │ │ │
233 │ │ From and to addresses of │
234 │ │ the range assigned to │
235 │ │ clients through DHCP. If │
236 │ │ not provided the range │
237 │ │ from local address + 1 to │
238 │ │ .254 will be used. │
239 └──────────┴────────────────────────────┘
240
241 Wi-Fi Simple Configuration
242 The group [WSC] fine-tunes some Wi-Fi Simple Configuration local param‐
243 eters (formerly known as WPS, Wi-Fi Protected Setup.)
244
245 ┌──────────────────┬────────────────────────────┐
246 │DeviceName │ 1..32-character string │
247 │ │ │
248 │ │ Optional Device Name │
249 │ │ string for the AP to ad‐ │
250 │ │ vertise as. Defaults to │
251 │ │ the SSID. │
252 └──────────────────┴────────────────────────────┘
253
254
255
256
257
258
259
260
261
262
263
264
265 │PrimaryDeviceType │ Subcategory string or a │
266 │ │ 64-bit integer │
267 │ │ │
268 │ │ Optional Primary Device │
269 │ │ Type for the AP to adver‐ │
270 │ │ tise as. Defaults to PC │
271 │ │ computer. Can be speci‐ │
272 │ │ fied as a lower-case WSC │
273 │ │ v2.0.5 subcategory string │
274 │ │ or a 64-bit integer encod‐ │
275 │ │ ing, from MSB to LSB: the │
276 │ │ 16-bit category ID, the │
277 │ │ 24-bit OUI, the 8-bit OUI │
278 │ │ type and the 16-bit sub‐ │
279 │ │ category ID. │
280 ├──────────────────┼────────────────────────────┤
281 │AuthorizedMACs │ Comma-separated MAC ad‐ │
282 │ │ dress list │
283 │ │ │
284 │ │ Optional list of Autho‐ │
285 │ │ rized MAC addresses for │
286 │ │ the WSC registrar to check │
287 │ │ on association. Each ad‐ │
288 │ │ dress is specified in the │
289 │ │ colon-hexadecimal nota‐ │
290 │ │ tion. Defaults to no │
291 │ │ MAC-based checks. │
292 └──────────────────┴────────────────────────────┘
293
295 iwd(8), iwd.network(5)
296
298 James Prestwood <prestwoj@gmail.com>
299
301 2020 Intel Corporation
302
303
304
305
306iwd 20 October 2020 IWD.AP(5)