IWD.AP(5) Linux Connectivity IWD.AP(5) NAME iwd.ap - Configuration of IWD access points NAME iwd.ap - Access point provisioning files SYNOPSIS Description of access point provisioning files. DESCRIPTION An access point provisioning file defines the configuration of an IWD access point. These files live in $STATE_DIRECTORY/ap (/var/lib/iwd/ap by default). They are read when the net.connman.iwd.AccessPoint.StartProfile(ssid) DBus method is used. FILE FORMAT See iwd.network for details on the settings file syntax. SETTINGS The settings are split into several categories. Each category has a group associated with it and is described in the corresponding table below. General Settings The group [General] contains general AP configuration. +-------------+----------------------------+ |Channel | Channel number Optional | | | channel number for the | | | access point to operate | | | on. If omitted the channel | | | will be chosen | | | automatically. Channels | | | greater than or equal to | | | 36 will select the 5GHz | | | band for the AP to operate | | | on. Note: Due to | | | regulatory requirements | | | the linux kernel does not | | | allow or strictly limits | | | 5GHz use in AP mode while | | | in world roaming. These | | | frequencies become | | | available once the country | | | is set, either via IWD's | | | main.conf option | | | [General].Country (see man | | | iwd.config) or externally | | | (e.g. iw reg set ). If | | | you are having trouble | | | using 5GHz ensure the | | | country is set, and that | | | the desired | | | frequency/channel is | | | unrestricted. | +-------------+----------------------------+ |RekeyTimeout | Timeout for PTK rekeys | | | (seconds) The time | | | interval at which the AP | | | starts a rekey for a given | | | station. If not provided a | | | default value of 0 is used | | | (rekeying is disabled). | +-------------+----------------------------+ |DisableHT | Boolean value Explicitly | | | disable HT capabilities | | | for this AP. | +-------------+----------------------------+ Network Authentication Settings The group [Security] contains settings for Wi-Fi security and authentication configuration. +----------------+----------------------------+ |Passphrase | 8..63 character string | | | WPA-PSK Passphrase to be | | | used with this access | | | point. At least one of | | | Passphrase, PreSharedKey | | | must be present. | +----------------+----------------------------+ |PreSharedKey | 64-character hex-string | | | Processed passphrase for | | | this network in the form | | | of a hex-encoded 32-byte | | | pre-shared key. Either | | | this or Passphrase must be | | | present. | +----------------+----------------------------+ |PairwiseCiphers | Comma separated list of | | | pairwise ciphers for the | | | AP supports. Values can | | | include: TKIP, CCMP, GCMP, | | | GCMP-256, CCMP-256 The | | | underlying hardware and | | | IWD's AP implementation | | | must also support the | | | ciphers listed | +----------------+----------------------------+ |GroupCipher | Group cipher the AP uses A | | | single cipher value the AP | | | can use as the group | | | cipher. Values are the | | | same as pairwise ciphers | | | and the same restrictions | | | apply (hardware and IWD | | | implementation must | | | support the cipher) | +----------------+----------------------------+ IPv4 Network Configuration The group [IPv4] contains settings for IWD's built-in DHCP server. All settings are optional. They're used if network configuration was enabled as described in iwd.config(5). Omitting the [IPv4] group disables network configuration for this access point so if an all-defaults DHCP setup is desired, the group header line must still be present: # Enable network configuration [IPv4] [other groups follow] +----------+----------------------------+ |Address | Local IP address or a | | | comma-separated list of | | | prefix-notation addresses | | | Optional local address | | | pool for the access point | | | and the DHCP server. If a | | | single address is provided | | | this address will be set | | | on the AP interface and | | | any other DHCP server | | | options will be derived | | | from it if not overridden | | | by other settings below. | | | If a list of addresses and | | | prefix lengths is | | | specified (in the | | | / format), | | | a single subnet address | | | will be selected from the | | | available space each time | | | this profile is started. | | | The subnet size is based | | | on the [IPv4].Netmask | | | setting. If Address is not | | | provided and no IP address | | | is set on the interface | | | prior to calling | | | StartProfile the value of | | | the main.conf | | | [IPv4].APAddressPool | | | setting will be inherited, | | | which in turn defaults to | | | 192.168.0.0/16. For | | | example, if [IPv4].Netmask | | | is set to 255.255.255.0 | | | and this setting, or the | | | global APAddressPool | | | fallback, is set to | | | 192.168.0.0/16, | | | 10.0.0.0/22, IWD will | | | select one of the 256 | | | subnets with addresses in | | | the 192.168.<0-255>.0/24 | | | range or one of the 4 | | | subnets with addresses in | | | the 10.0.<0-3>.0/24 range, | | | allowing 270 possible | | | subnets. Defining an | | | address pool larger than | | | the desired subnet gives | | | IWD a chance to avoid | | | conflicts if other | | | interfaces on the system | | | use dynamically assigned | | | addresses. | +----------+----------------------------+ |Gateway | IP Address of gateway IP | | | address of the gateway to | | | be advertised by DHCP. | | | This will fall back to the | | | local IP address if not | | | provided. | +----------+----------------------------+ |Netmask | Local netmask of the AP | | | Defaults to a 28-bit | | | netmask if not provided. | +----------+----------------------------+ |DNSList | List of DNS servers as a | | | comma-separated IP address | | | list A list of DNS servers | | | which will be advertised | | | by the DHCP server. If not | | | provided no DNS servers | | | will be sent by the DHCP | | | server. | +----------+----------------------------+ |LeaseTime | Time limit for DHCP leases | | | in seconds Override the | | | default lease time. | +----------+----------------------------+ |IPRange | Range of IPs given as two | | | addresses separated by a | | | comma From and to | | | addresses of the range | | | assigned to clients | | | through DHCP. If not | | | provided the range from | | | local address + 1 to .254 | | | will be used. | +----------+----------------------------+ Wi-Fi Simple Configuration The group [WSC] fine-tunes some Wi-Fi Simple Configuration local parameters (formerly known as WPS, Wi-Fi Protected Setup.) +------------------+----------------------------+ |DeviceName | 1..32-character string | | | Optional Device Name | | | string for the AP to | | | advertise as. Defaults to | | | the SSID. | +------------------+----------------------------+ |PrimaryDeviceType | Subcategory string or a | | | 64-bit integer Optional | | | Primary Device Type for | | | the AP to advertise as. | | | Defaults to PC computer. | | | Can be specified as a | | | lower-case WSC v2.0.5 | | | subcategory string or a | | | 64-bit integer encoding, | | | from MSB to LSB: the | | | 16-bit category ID, the | | | 24-bit OUI, the 8-bit OUI | | | type and the 16-bit | | | subcategory ID. | +------------------+----------------------------+ |AuthorizedMACs | Comma-separated MAC | | | address list Optional list | | | of Authorized MAC | | | addresses for the WSC | | | registrar to check on | | | association. Each address | | | is specified in the | | | colon-hexadecimal | | | notation. Defaults to no | | | MAC-based checks. | +------------------+----------------------------+ SEE ALSO iwd(8), iwd.network(5) AUTHOR James Prestwood COPYRIGHT 2020 Intel Corporation iwd 20 October 2020 IWD.AP(5)