.\" connman-service.config(5) manual page .\" .\" Copyright (C) 2015 Intel Corporation .\" .TH "service-name.config" "5" "2015-10-15" "" .SH NAME service-name.config \- ConnMan service provisioning file .SH SYNOPSIS .B /var/lib/connman/\fIservice-name\fB.config .SH DESCRIPTION .P \fIConnMan\fP's services are configured with so called "\fBprovisioning files\fP" which reside under \fI/var/lib/connman/\fP. The files can be named anything, as long as they end in \fB.config\fP. The provisioning files can be used to configure for example secured wireless access points which need complex authentication, for example eduroam, or for static IPs and so on. Each provisioning file can be used for multiple services at once. .SH "FILE FORMAT" .P The configuration file consists of sections (groups) of key-value pairs. Lines beginning with a '#' and blank lines are considered comments. Sections are started by a header line containing the section enclosed in '[' and ']', and ended implicitly by the start of the next section or the end of the file. Each key-value pair must be contained in a section. .P Description of sections and available keys follows: .SS [global] This section is optional, and can be used to describe the actual file. The two allowed fields for this section are: .TP .BI Name= name Name of the network. .TP .BI Description= description Description of the network. .SS [service_*] Each provisioned service must start with a [service_*] tag, with * replaced by an unique name within the file. The allowed fields are: .TP .B Type=ethernet \fR|\fB wifi Mandatory. Other types than ethernet or wifi are not supported. .TP .BI IPv4=off \ \fR|\ dhcp\ \fR|\ network / netmask / gateway IPv4 settings for the service. If set to \fBoff\fP, IPv4 won't be used. If set to \fBdhcp\fP, dhcp will be used to obtain the network settings. \fInetmask\fP can be specified as length of the mask rather than the mask itself. The gateway can be omitted when using a static IP. .TP .BI IPv6=off \ \fR|\ auto\ \fR|\ network / prefixlength / gateway IPv6 settings for the service. If set to \fBoff\fP, IPv6 won't be used. If set to \fBauto\fP, settings will be obtained from the network. .TP .B IPv6.Privacy=disabled \fR|\fB enabled \fR|\fB preferred IPv6 privacy settings as per RFC3041. .TP .BI MAC= address MAC address of the interface to be used. If not specified, the first found interface is used. Must be in format ab:cd:ef:01:23:45. .TP .BI DeviceName= ifname Device name the interface to be used, e.g. eth0. MAC takes preference over DeviceName. .TP .BI Nameservers= servers Comma separated list of nameservers. .TP .BI SearchDomains= domains Comma separated list of DNS search domains. .TP .BI Timeservers= servers Comma separated list of timeservers. .TP .BI Domain= domain Domain name to be used. .TP The following keys can only be used for wireless networks: .TP .BI Name= name A string representation of an network SSID. If the SSID field is present, the Name field is ignored. If the SSID field is not present, this field is mandatory. .TP .BI SSID= ssid SSID: A hexadecimal representation of an 802.11 SSID. Use this format to encode special characters including starting or ending spaces. .TP .BI Passphrase= passphrase RSN/WPA/WPA2 Passphrase. .TP .BI Security= type The security type of the network. Possible values are \fBpsk\fP (WPA/WPA2 PSK), \fBieee8021x\fP (WPA EAP), \fBnone\fP and \fBwep\fP. When not set, the default value is \fBieee8021x\fP if an EAP type is configured, \fBpsk\fP if a passphrase is present and \fBnone\fP otherwise. .TP .B Hidden=true \fR|\fB false If set to \fBtrue\fP, then this AP is hidden. If missing or set to \fBfalse\fP, then AP is not hidden. .TP The following keys are used for WPA EAP (when \fBSecurity=ieee8021x\fP): .TP .B EAP=tls \fR|\fB ttls \fR|\fB peap EAP type to use. Only \fBtls\fP, \fBttls\fP and \fBpeap\fP are supported. .TP .BI CACertFile= file Path to the CA certificate file. Only PEM and DER formats are supported. .TP .BI PrivateKeyFile= file Path to the private key file. Only PEM, DER and PFX formats are supported. .TP .BI PrivateKeyPassphrase= passphrase Passphrase of the private key. .TP .B PrivateKeyPassphraseType=fsid If specified, use the private key's fsid as the passphrase, and ignore the PrivateKeyPassphrase field. .TP .BI Identity= identity Identity string for EAP. .TP .BI AnonymousIdentity= identity Anonymous identity string for EAP. .TP .BI SubjectMatch= substring Substring to be matched against the subject of the authentication server certificate for EAP. .TP .BI AltSubjectMatch= substring Semicolon separated string of entries to be matched against the alternative subject name of the authentication server certificate for EAP. .TP .BI DomainSuffixMatch= domain Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for the authentication server certificate for EAP. .TP .BI DomainMatch= domain This FQDN is used as a full match requirement for the authentication server certificate for EAP. .TP .BI Phase2= type Inner authentication type with for \fBEAP=tls\fP or \fBEAP=ttls\fP. Prefix the value with \fBEAP-\fP to indicate usage of EAP-based authentication method (should only be used with \fBEAP=ttls\fP). .SH "EXAMPLE" .SS Eduroam This is a configuration file for eduroam networks. This file could for example be /var/lib/connman/eduroam.config. Your university's exact settings might be different. .PP .nf [service_eduroam] Type = wifi Name = eduroam EAP = peap Phase2 = MSCHAPV2 CACertFile = /etc/ssl/certs/UNIV_CA.crt .fi .SS Complex networking This is a configuration file for a network providing EAP-TLS, EAP-TTLS and EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid and the file name could be /var/lib/connman/complex.config. .PP Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID = 746c735f73736964"). If your SSID does not contain any exotic character then you should use the Name entry instead (e.g. "Name = tls_ssid"). .PP .nf [global] Name = Example Description = Example network configuration [service_tls] Type = wifi SSID = 746c735f73736964 EAP = tls CACertFile = /home/user/.certs/ca.pem ClientCertFile = /home/user/devlp/.certs/client.pem PrivateKeyFile = /home/user/.certs/client.fsid.pem PrivateKeyPassphraseType = fsid Identity = user [service_ttls] Type = wifi Name = ttls_ssid EAP = ttls CACertFile = /home/user/.cert/ca.pem Phase2 = MSCHAPV2 Identity = user [service_peap] Type = wifi Name = peap_ssid EAP = peap CACertFile = /home/user/.cert/ca.pem Phase2 = MSCHAPV2 Identity = user [service_home_ethernet] Type = ethernet IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1 IPv6 = 2001:db8::42/64/2001:db8::1 MAC = 01:02:03:04:05:06 Nameservers = 10.2.3.4,192.168.1.99 SearchDomains = my.home,isp.net Timeservers = 10.172.2.1,ntp.my.isp.net Domain = my.home [service_home_wifi] Type = wifi Name = my_home_wifi Passphrase = password IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1 MAC = 06:05:04:03:02:01 [service_vlan] Type = ethernet DeviceName = enp4s0.1 IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1 .fi .SH "SEE ALSO" .BR connman (8)