'\" t
.\" Title: nm-settings
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
.\" Date: 31 March 2015
.\" Manual: Configuration
.\" Source: NetworkManager 0.9.10.0
.\" Language: English
.\"
.TH "NM\-SETTINGS" "5" "" "NetworkManager 0\&.9\&.10\&.0" "Configuration"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
nm-settings \- Description of settings and properties of NetworkManager connection profiles
.SH "DESCRIPTION"
.PP
NetworkManager is based on a concept of connection profiles, sometimes referred to as connections only\&. These connection profiles contain a network configuration\&. When NetworkManager activates a connection profile on a network device the configuration will be applied and an active network connection will be established\&. Users are free to create as many connection profiles as they see fit\&. Thus they are flexible in having various network configurations for different networking needs\&. The connection profiles are handled by NetworkManager via
\fIsettings service\fR
and are exported on D\-Bus (\fI/org/freedesktop/NetworkManager/Settings/\fR
objects)\&. The conceptual objects can be described as follows:
.PP
Connection (profile)
.RS 4
A specific, encapsulated, independent group of settings describing all the configuration required to connect to a specific network\&. It is referred to by a unique identifier called the UUID\&. A connection is tied to a one specific device type, but not necessarily a specific hardware device\&. It is composed of one or more
\fISettings\fR
objects\&.
.RE
.PP
Setting
.RS 4
A group of related key/value pairs describing a specific piece of a
\fIConnection (profile)\fR\&. Settings keys and allowed values are described in the tables below\&. Keys are also reffered to as properties\&. Developers can find the setting objects and their properties in the libnm\-util sources\&. Look for the
\fBclass_init\fR
functions near the bottom of each setting source file\&.
.RE
.PP
The settings and properties shown in tables below list all available connection configuration options\&. However, note that not all settings are applicable to all connection types\&. NetworkManager provides a command\-line tool
\fInmcli\fR
that allows direct configuration of the settings and properties according to a connection profile type\&.
\fInmcli\fR
connection editor has also a built\-in
\fIdescribe\fR
command that can display description of particular settings and properties of this page\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&1.\ \&802-1x setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
802\-1x
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
eap
T}:T{
array of string
T}:T{
\ \&
T}:T{
The allowed EAP method to be used when authenticating to the network with 802\&.1x\&. Valid methods are: \*(Aqleap\*(Aq, \*(Aqmd5\*(Aq, \*(Aqtls\*(Aq, \*(Aqpeap\*(Aq, \*(Aqttls\*(Aq, \*(Aqpwd\*(Aq, and \*(Aqfast\*(Aq\&. Each method requires different configuration using the properties of this setting; refer to wpa_supplicant documentation for the allowed combinations\&.
T}
T{
identity
T}:T{
string
T}:T{
\ \&
T}:T{
Identity string for EAP authentication methods\&. Often the user\*(Aqs user or login name\&.
T}
T{
anonymous\-identity
T}:T{
string
T}:T{
\ \&
T}:T{
Anonymous identity string for EAP authentication methods\&. Used as the unencrypted identity with EAP types that support different tunneled identity like EAP\-TTLS\&.
T}
T{
pac\-file
T}:T{
string
T}:T{
\ \&
T}:T{
UTF\-8 encoded file path containing PAC for EAP\-FAST\&.
T}
T{
ca\-cert
T}:T{
byte array
T}:T{
[]
T}:T{
Contains the CA certificate if used by the EAP method specified in the \*(Aqeap\*(Aq property\&. Certificate data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&. When using the blob scheme (which is backwards compatible with NM 0\&.7\&.x) this property should be set to the certificate\*(Aqs DER encoded data\&. When using the path scheme, this property should be set to the full UTF\-8 encoded path of the certificate, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&. This property can be unset even if the EAP method supports CA certificates, but this allows man\-in\-the\-middle attacks and is NOT recommended\&.
T}
T{
ca\-path
T}:T{
string
T}:T{
\ \&
T}:T{
UTF\-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the \*(Aqca\-cert\*(Aq property\&.
T}
T{
subject\-match
T}:T{
string
T}:T{
\ \&
T}:T{
Substring to be matched against the subject of the certificate presented by the authentication server\&. When unset, no verification of the authentication server certificate\*(Aqs subject is performed\&.
T}
T{
altsubject\-matches
T}:T{
array of string
T}:T{
\ \&
T}:T{
List of strings to be matched against the altSubjectName of the certificate presented by the authentication server\&. If the list is empty, no verification of the server certificate\*(Aqs altSubjectName is performed\&.
T}
T{
client\-cert
T}:T{
byte array
T}:T{
[]
T}:T{
Contains the client certificate if used by the EAP method specified in the \*(Aqeap\*(Aq property\&. Certificate data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&. When using the blob scheme (which is backwards compatible with NM 0\&.7\&.x) this property should be set to the certificate\*(Aqs DER encoded data\&. When using the path scheme, this property should be set to the full UTF\-8 encoded path of the certificate, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&.
T}
T{
phase1\-peapver
T}:T{
string
T}:T{
\ \&
T}:T{
Forces which PEAP version is used when PEAP is set as the EAP method in \*(Aqeap\*(Aq property\&. When unset, the version reported by the server will be used\&. Sometimes when using older RADIUS servers, it is necessary to force the client to use a particular PEAP version\&. To do so, this property may be set to \*(Aq0\*(Aq or \*(Aq1\*(Aq to force that specific PEAP version\&.
T}
T{
phase1\-peaplabel
T}:T{
string
T}:T{
\ \&
T}:T{
Forces use of the new PEAP label during key derivation\&. Some RADIUS servers may require forcing the new PEAP label to interoperate with PEAPv1\&. Set to \*(Aq1\*(Aq to force use of the new PEAP label\&. See the wpa_supplicant documentation for more details\&.
T}
T{
phase1\-fast\-provisioning
T}:T{
string
T}:T{
\ \&
T}:T{
Enables or disables in\-line provisioning of EAP\-FAST credentials when FAST is specified as the EAP method in the #NMSetting8021x:eap property\&. Allowed values are \*(Aq0\*(Aq (disabled), \*(Aq1\*(Aq (allow unauthenticated provisioning), \*(Aq2\*(Aq (allow authenticated provisioning), and \*(Aq3\*(Aq (allow both authenticated and unauthenticated provisioning)\&. See the wpa_supplicant documentation for more details\&.
T}
T{
phase2\-auth
T}:T{
string
T}:T{
\ \&
T}:T{
Specifies the allowed \*(Aqphase 2\*(Aq inner non\-EAP authentication methods when an EAP method that uses an inner TLS tunnel is specified in the \*(Aqeap\*(Aq property\&. Recognized non\-EAP phase2 methods are \*(Aqpap\*(Aq, \*(Aqchap\*(Aq, \*(Aqmschap\*(Aq, \*(Aqmschapv2\*(Aq, \*(Aqgtc\*(Aq, \*(Aqotp\*(Aq, \*(Aqmd5\*(Aq, and \*(Aqtls\*(Aq\&. Each \*(Aqphase 2\*(Aq inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details\&.
T}
T{
phase2\-autheap
T}:T{
string
T}:T{
\ \&
T}:T{
Specifies the allowed \*(Aqphase 2\*(Aq inner EAP\-based authentication methods when an EAP method that uses an inner TLS tunnel is specified in the \*(Aqeap\*(Aq property\&. Recognized EAP\-based \*(Aqphase 2\*(Aq methods are \*(Aqmd5\*(Aq, \*(Aqmschapv2\*(Aq, \*(Aqotp\*(Aq, \*(Aqgtc\*(Aq, and \*(Aqtls\*(Aq\&. Each \*(Aqphase 2\*(Aq inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details\&.
T}
T{
phase2\-ca\-cert
T}:T{
byte array
T}:T{
[]
T}:T{
Contains the \*(Aqphase 2\*(Aq CA certificate if used by the EAP method specified in the \*(Aqphase2\-auth\*(Aq or \*(Aqphase2\-autheap\*(Aq properties\&. Certificate data is specified using a \*(Aqscheme\*(Aq; two are currentlysupported: blob and path\&. When using the blob scheme (which is backwards compatible with NM 0\&.7\&.x) this property should be set to the certificate\*(Aqs DER encoded data\&. When using the path scheme, this property should be set to the full UTF\-8 encoded path of the certificate, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&. This property can be unset even if the EAP method supports CA certificates, but this allows man\-in\-the\-middle attacks and is NOT recommended\&.
T}
T{
phase2\-ca\-path
T}:T{
string
T}:T{
\ \&
T}:T{
UTF\-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the \*(Aqphase2\-ca\-cert\*(Aq property\&.
T}
T{
phase2\-subject\-match
T}:T{
string
T}:T{
\ \&
T}:T{
Substring to be matched against the subject of the certificate presented by the authentication server during the inner \*(Aqphase2\*(Aq authentication\&. When unset, no verification of the authentication server certificate\*(Aqs subject is performed\&.
T}
T{
phase2\-altsubject\-matches
T}:T{
array of string
T}:T{
\ \&
T}:T{
List of strings to be matched against List of strings to be matched against the altSubjectName of the certificate presented by the authentication server during the inner \*(Aqphase 2\*(Aq authentication\&. If the list is empty, no verification of the server certificate\*(Aqs altSubjectName is performed\&.
T}
T{
phase2\-client\-cert
T}:T{
byte array
T}:T{
[]
T}:T{
Contains the \*(Aqphase 2\*(Aq client certificate if used by the EAP method specified in the \*(Aqphase2\-auth\*(Aq or \*(Aqphase2\-autheap\*(Aq properties\&. Certificate data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&. When using the blob scheme (which is backwards compatible with NM 0\&.7\&.x) this property should be set to the certificate\*(Aqs DER encoded data\&. When using the path scheme, this property should be set to the full UTF\-8 encoded path of the certificate, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&.
T}
T{
password
T}:T{
string
T}:T{
\ \&
T}:T{
UTF\-8 encoded password used for EAP authentication methods\&.
T}
T{
password\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the 802\&.1x password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
password\-raw
T}:T{
byte array
T}:T{
[]
T}:T{
Password used for EAP authentication methods, given as a byte array to allow passwords in other encodings than UTF\-8 to be used\&. If both \*(Aqpassword\*(Aq and \*(Aqpassword\-raw\*(Aq are given, \*(Aqpassword\*(Aq is preferred\&.
T}
T{
password\-raw\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the 802\&.1x password byte array\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
private\-key
T}:T{
byte array
T}:T{
[]
T}:T{
Contains the private key when the \*(Aqeap\*(Aq property is set to \*(Aqtls\*(Aq\&. Key data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&. When using the blob scheme and private keys, this property should be set to the key\*(Aqs encrypted PEM encoded data\&. When using private keys with the path scheme, this property should be set to the full UTF\-8 encoded path of the key, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&. When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the \*(Aqprivate\-key\-password\*(Aq property must be set to password used to decrypt the PKCS#12 certificate and key\&. When using PKCS#12 files and the path scheme, this property should be set to the full UTF\-8 encoded path of the key, prefixed with the string \*(Aqfile://\*(Aq and and ending with a terminating NULL byte, and as with the blob scheme the \*(Aqprivate\-key\-password\*(Aq property must be set to the password used to decode the PKCS#12 private key and certificate\&.
T}
T{
private\-key\-password
T}:T{
string
T}:T{
\ \&
T}:T{
The password used to decrypt the private key specified in the \*(Aqprivate\-key\*(Aq property when the private key either uses the path scheme, or if the private key is a PKCS#12 format key\&.
T}
T{
private\-key\-password\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the 802\&.1x private key password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
phase2\-private\-key
T}:T{
byte array
T}:T{
[]
T}:T{
Contains the \*(Aqphase 2\*(Aq inner private key when the \*(Aqphase2\-auth\*(Aq or \*(Aqphase2\-autheap\*(Aq property is set to \*(Aqtls\*(Aq\&. Key data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&. When using the blob scheme and private keys, this property should be set to the key\*(Aqs encrypted PEM encoded data\&. When using private keys with the path scheme, this property should be set to the full UTF\-8 encoded path of the key, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&. When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the \*(Aqphase2\-private\-key\-password\*(Aq property must be set to password used to decrypt the PKCS#12 certificate and key\&. When using PKCS#12 files and the path scheme, this property should be set to the full UTF\-8 encoded path of the key, prefixed with the string \*(Aqfile://\*(Aq and and ending with a terminating NULL byte, and as with the blob scheme the \*(Aqphase2\-private\-key\-password\*(Aq property must be set to the password used to decode the PKCS#12 private key and certificate\&.
T}
T{
phase2\-private\-key\-password
T}:T{
string
T}:T{
\ \&
T}:T{
The password used to decrypt the \*(Aqphase 2\*(Aq private key specified in the \*(Aqprivate\-key\*(Aq property when the phase2 private key either uses the path scheme, or if the phase2 private key is a PKCS#12 format key\&.
T}
T{
phase2\-private\-key\-password\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the 802\&.1x phase2 private key password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
pin
T}:T{
string
T}:T{
\ \&
T}:T{
PIN used for EAP authentication methods\&.
T}
T{
pin\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the 802\&.1x PIN\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
system\-ca\-certs
T}:T{
boolean
T}:T{
FALSE
T}:T{
When TRUE, overrides \*(Aqca\-path\*(Aq and \*(Aqphase2\-ca\-path\*(Aq properties using the system CA directory specified at configure time with the \-\-system\-ca\-path switch\&. The certificates in this directory are added to the verification chain in addition to any certificates specified by the \*(Aqca\-cert\*(Aq and \*(Aqphase2\-ca\-cert\*(Aq properties\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&2.\ \&adsl setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
adsl
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
username
T}:T{
string
T}:T{
\ \&
T}:T{
Username used to authenticate with the pppoa service\&.
T}
T{
password
T}:T{
string
T}:T{
\ \&
T}:T{
Password used to authenticate with the pppoa service\&.
T}
T{
password\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the ADSL password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
protocol
T}:T{
string
T}:T{
\ \&
T}:T{
ADSL connection protocol\&.
T}
T{
encapsulation
T}:T{
string
T}:T{
\ \&
T}:T{
Encapsulation of ADSL connection
T}
T{
vpi
T}:T{
uint32
T}:T{
0
T}:T{
VPI of ADSL connection
T}
T{
vci
T}:T{
uint32
T}:T{
0
T}:T{
VCI of ADSL connection
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&3.\ \&bluetooth setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
bluetooth
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
bdaddr
T}:T{
byte array
T}:T{
[]
T}:T{
The Bluetooth address of the device
T}
T{
type
T}:T{
string
T}:T{
\ \&
T}:T{
Either \*(Aqdun\*(Aq for Dial\-Up Networking connections or \*(Aqpanu\*(Aq for Personal Area Networking connections\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&4.\ \&bond setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
bond
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
interface\-name
T}:T{
string
T}:T{
\ \&
T}:T{
The name of the virtual in\-kernel bonding network interface
T}
T{
options
T}:T{
dict of (string::string)
T}:T{
\ \&
T}:T{
Dictionary of key/value pairs of bonding options\&. Both keys and values must be strings\&. Option names must contain only alphanumeric characters (ie, [a\-zA\-Z0\-9])\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&5.\ \&bridge setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
bridge
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
interface\-name
T}:T{
string
T}:T{
\ \&
T}:T{
The name of the virtual in\-kernel bridging network interface
T}
T{
mac\-address
T}:T{
byte array
T}:T{
[]
T}:T{
The MAC address of the bridge
T}
T{
stp
T}:T{
boolean
T}:T{
TRUE
T}:T{
Controls whether Spanning Tree Protocol (STP) is enabled for this bridge\&.
T}
T{
priority
T}:T{
uint32
T}:T{
32768
T}:T{
Sets the Spanning Tree Protocol (STP) priority for this bridge\&. Lower values are \*(Aqbetter\*(Aq; the lowest priority bridge will be elected the root bridge\&.
T}
T{
forward\-delay
T}:T{
uint32
T}:T{
15
T}:T{
The Spanning Tree Protocol (STP) forwarding delay, in seconds\&.
T}
T{
hello\-time
T}:T{
uint32
T}:T{
2
T}:T{
The Spanning Tree Protocol (STP) hello time, in seconds\&.
T}
T{
max\-age
T}:T{
uint32
T}:T{
20
T}:T{
The Spanning Tree Protocol (STP) maximum message age, in seconds\&.
T}
T{
ageing\-time
T}:T{
uint32
T}:T{
300
T}:T{
The Ethernet MAC address aging time, in seconds\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&6.\ \&bridge-port setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
bridge\-port
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
priority
T}:T{
uint32
T}:T{
32
T}:T{
The Spanning Tree Protocol (STP) priority of this bridge port
T}
T{
path\-cost
T}:T{
uint32
T}:T{
100
T}:T{
The Spanning Tree Protocol (STP) port cost for destinations via this port\&.
T}
T{
hairpin\-mode
T}:T{
boolean
T}:T{
FALSE
T}:T{
Enables or disabled \*(Aqhairpin mode\*(Aq for the port, which allows frames to be sent back out through the port the frame was received on\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&7.\ \&cdma setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
cdma
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
number
T}:T{
string
T}:T{
\ \&
T}:T{
Number to dial when establishing a PPP data session with the CDMA\-based mobile broadband network\&. If not specified, the default number (#777) is used when required\&.
T}
T{
username
T}:T{
string
T}:T{
\ \&
T}:T{
Username used to authenticate with the network, if required\&. Note that many providers do not require a username or accept any username\&.
T}
T{
password
T}:T{
string
T}:T{
\ \&
T}:T{
Password used to authenticate with the network, if required\&. Note that many providers do not require a password or accept any password\&.
T}
T{
password\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the CDMA password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&8.\ \&connection setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
connection
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
id
T}:T{
string
T}:T{
\ \&
T}:T{
User\-readable connection identifier/name\&. Must be one or more characters and may change over the lifetime of the connection if the user decides to rename it\&.
T}
T{
uuid
T}:T{
string
T}:T{
\ \&
T}:T{
Universally unique connection identifier\&. Must be in the format \*(Aq2815492f\-7e56\-435e\-b2e9\-246bd7cdc664\*(Aq (ie, contains only hexadecimal characters and \*(Aq\-\*(Aq)\&. The UUID should be assigned when the connection is created and never changed as long as the connection still applies to the same network\&. For example, it should not be changed when the user changes the connection\*(Aqs \*(Aqid\*(Aq, but should be recreated when the Wi\-Fi SSID, mobile broadband network provider, or the connection type changes\&.
T}
T{
interface\-name
T}:T{
string
T}:T{
\ \&
T}:T{
Interface name this connection is bound to\&. If not set, then the connection can be attached to any interface of the appropriate type (subject to restrictions imposed by other settings)\&. For connection types where interface names cannot easily be made persistent (e\&.g\&. mobile broadband or USB Ethernet), this property should not be used\&. Setting this property restricts the interfaces a connection can be used with, and if interface names change or are reordered the connection may be applied to the wrong interface\&.
T}
T{
type
T}:T{
string
T}:T{
\ \&
T}:T{
Base type of the connection\&. For hardware\-dependent connections, should contain the setting name of the hardware\-type specific setting (ie, \*(Aq802\-3\-ethernet\*(Aq or \*(Aq802\-11\-wireless\*(Aq or \*(Aqbluetooth\*(Aq, etc), and for non\-hardware dependent connections like VPN or otherwise, should contain the setting name of that setting type (ie, \*(Aqvpn\*(Aq or \*(Aqbridge\*(Aq, etc)\&.
T}
T{
permissions
T}:T{
array of string
T}:T{
\ \&
T}:T{
An array of strings defining what access a given user has to this connection\&. If this is NULL or empty, all users are allowed to access this connection\&. Otherwise a user is allowed to access this connection if and only if they are in this array\&. Each entry is of the form "[type]:[id]:[reserved]", for example: "user:dcbw:blah" At this time only the \*(Aquser\*(Aq [type] is allowed\&. Any other values are ignored and reserved for future use\&. [id] is the username that this permission refers to, which may not contain the \*(Aq:\*(Aq character\&. Any [reserved] information (if present) must be ignored and is reserved for future use\&. All of [type], [id], and [reserved] must be valid UTF\-8\&.
T}
T{
autoconnect
T}:T{
boolean
T}:T{
TRUE
T}:T{
If TRUE, NetworkManager will activate this connection when its network resources are available\&. If FALSE, the connection must be manually activated by the user or some other mechanism\&.
T}
T{
timestamp
T}:T{
uint64
T}:T{
0
T}:T{
Timestamp (in seconds since the Unix Epoch) that the connection was last successfully activated\&. NetworkManager updates the connection timestamp periodically when the connection is active to ensure that an active connection has the latest timestamp\&. The property is only meant for reading (changes to this property will not be preserved)\&.
T}
T{
read\-only
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, the connection is read\-only and cannot be changed by the user or any other mechanism\&. This is normally set for system connections whose plugin cannot yet write updated connections back out\&.
T}
T{
zone
T}:T{
string
T}:T{
\ \&
T}:T{
The trust level of a the connection\&.Free form case\-insensitive string (for example "Home", "Work", "Public")\&. NULL or unspecified zone means the connection will be placed in the default zone as defined by the firewall\&.
T}
T{
master
T}:T{
string
T}:T{
\ \&
T}:T{
Interface name of the master device or UUID of the master connection
T}
T{
slave\-type
T}:T{
string
T}:T{
\ \&
T}:T{
Setting name describing the type of slave this connection is (ie, \*(Aqbond\*(Aq) or NULL if this connection is not a slave\&.
T}
T{
secondaries
T}:T{
array of string
T}:T{
\ \&
T}:T{
List of connection UUIDs that should be activated when the base connection itself is activated\&. Currently only VPN connections are supported\&.
T}
T{
gateway\-ping\-timeout
T}:T{
uint32
T}:T{
0
T}:T{
If greater than zero, delay success of IP addressing until either the timeout is reached, or an IP gateway replies to a ping\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&9.\ \&dcb setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
dcb
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
app\-fcoe\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Specifies the flags for the DCB FCoE application\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
app\-fcoe\-priority
T}:T{
int32
T}:T{
\-1
T}:T{
The highest User Priority (0 \- 7) which FCoE frames should use, or \-1 for default priority\&. Only used when the \*(Aqapp\-fcoe\-flags\*(Aq property includes the \*(Aqenabled\*(Aq flag\&.
T}
T{
app\-fcoe\-mode
T}:T{
string
T}:T{
"fabric"
T}:T{
The FCoe controller mode; either \*(Aqfabric\*(Aq (default) or \*(Aqvn2vn\*(Aq\&.
T}
T{
app\-iscsi\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Specifies the flags for the DCB iSCSI application\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
app\-iscsi\-priority
T}:T{
int32
T}:T{
\-1
T}:T{
The highest User Priority (0 \- 7) which iSCSI frames should use, or \-1 for default priority\&. Only used when the \*(Aqapp\-iscsi\-flags\*(Aq property includes the \*(Aqenabled\*(Aq flag\&.
T}
T{
app\-fip\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Specifies the flags for the DCB FIP application\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
app\-fip\-priority
T}:T{
int32
T}:T{
\-1
T}:T{
The highest User Priority (0 \- 7) which FIP frames should use, or \-1 for default priority\&. Only used when the \*(Aqapp\-fip\-flags\*(Aq property includes the \*(Aqenabled\*(Aq flag\&.
T}
T{
priority\-flow\-control\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Specifies the flags for DCB Priority Flow Control\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
priority\-flow\-control
T}:T{
array of uint32
T}:T{
\ \&
T}:T{
An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates whether or not the corresponding priority should transmit priority pause\&. Allowed values are 0 (do not transmit pause) and 1 (transmit pause)\&.
T}
T{
priority\-group\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Specifies the flags for DCB Priority Groups\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
priority\-group\-id
T}:T{
array of uint32
T}:T{
\ \&
T}:T{
An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates the Priority Group ID\&. Allowed Priority Group ID values are 0 \- 7 or 15 for the unrestricted group\&.
T}
T{
priority\-group\-bandwidth
T}:T{
array of uint32
T}:T{
\ \&
T}:T{
An array of 8 uint values, where the array index corresponds to the Priority Group ID (0 \- 7) and the value indicates the percentage of link bandwidth allocated to that group\&. Allowed values are 0 \- 100, and the sum of all values must total 100 percent\&.
T}
T{
priority\-bandwidth
T}:T{
array of uint32
T}:T{
\ \&
T}:T{
An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates the percentage of bandwidth of the priority\*(Aqs assigned group that the priority may use\&. The sum of all percentages for priorities which belong to the same group must total 100 percent\&.
T}
T{
priority\-strict\-bandwidth
T}:T{
array of uint32
T}:T{
\ \&
T}:T{
An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates whether or not the priority may use all of the bandwidth allocated to its assigned group\&. Allowed values are 0 (the priority may not utilize all bandwidth) or 1 (the priority may utilize all bandwidth)\&.
T}
T{
priority\-traffic\-class
T}:T{
array of uint32
T}:T{
\ \&
T}:T{
An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates the traffic class (0 \- 7) to which the priority is mapped\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&10.\ \&gsm setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
gsm
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
number
T}:T{
string
T}:T{
\ \&
T}:T{
Number to dial when establishing a PPP data session with the GSM\-based mobile broadband network\&. Many modems do not require PPP for connections to the mobile network and thus this property should be left blank, which allows NetworkManager to select the appropriate settings automatically\&.
T}
T{
username
T}:T{
string
T}:T{
\ \&
T}:T{
Username used to authenticate with the network, if required\&. Note that many providers do not require a username or accept any username\&.
T}
T{
password
T}:T{
string
T}:T{
\ \&
T}:T{
Password used to authenticate with the network, if required\&. Note that many providers do not require a password or accept any password\&.
T}
T{
password\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the GSM password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
apn
T}:T{
string
T}:T{
\ \&
T}:T{
The GPRS Access Point Name specifying the APN used when establishing a data session with the GSM\-based network\&. The APN often determines how the user will be billed for their network usage and whether the user has access to the Internet or just a provider\-specific walled\-garden, so it is important to use the correct APN for the user\*(Aqs mobile broadband plan\&. The APN may only be composed of the characters a\-z, 0\-9, \&., and \- per GSM 03\&.60 Section 14\&.9\&.
T}
T{
network\-id
T}:T{
string
T}:T{
\ \&
T}:T{
The Network ID (GSM LAI format, ie MCC\-MNC) to force specific network registration\&. If the Network ID is specified, NetworkManager will attempt to force the device to register only on the specified network\&. This can be used to ensure that the device does not roam when direct roaming control of the device is not otherwise possible\&.
T}
T{
network\-type
T}:T{
int32
T}:T{
\-1
T}:T{
Network preference to force the device to only use specific network technologies\&. The permitted values are: \-1: any, 0: 3G only, 1: GPRS/EDGE only, 2: prefer 3G, 3: prefer 2G, 4: prefer 4G/LTE, 5: 4G/LTE only\&. Notes: This property is deprecated and NetworkManager from 0\&.9\&.10 onwards doesn\*(Aqt use this property when talking to ModemManager\&.Also, not all devices allow network preference control\&.
T}
T{
pin
T}:T{
string
T}:T{
\ \&
T}:T{
If the SIM is locked with a PIN it must be unlocked before any other operations are requested\&. Specify the PIN here to allow operation of the device\&.
T}
T{
pin\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the GSM SIM PIN\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
allowed\-bands
T}:T{
uint32
T}:T{
1
T}:T{
Bitfield of allowed frequency bands\&.Notes: This property is deprecated and NetworkManager from 0\&.9\&.10 onwards doesn\*(Aqt use this property when talking to ModemManager\&.Also, not all devices allow frequency band control\&.
T}
T{
home\-only
T}:T{
boolean
T}:T{
FALSE
T}:T{
When TRUE, only connections to the home network will be allowed\&. Connections to roaming networks will not be made\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&11.\ \&infiniband setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
infiniband
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
mac\-address
T}:T{
byte array
T}:T{
[]
T}:T{
If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches\&. This property does not change the MAC address of the device (i\&.e\&. MAC spoofing)\&.
T}
T{
mtu
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames\&.
T}
T{
transport\-mode
T}:T{
string
T}:T{
\ \&
T}:T{
The IPoIB transport mode\&. Either \*(Aqdatagram\*(Aq or \*(Aqconnected\*(Aq\&.
T}
T{
p\-key
T}:T{
int32
T}:T{
\-1
T}:T{
The InfiniBand P_Key\&. Either \-1 for the default, or a 16\-bit unsigned integer\&.
T}
T{
parent
T}:T{
string
T}:T{
\ \&
T}:T{
The interface name of the parent device, or NULL
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&12.\ \&ipv4 setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
ipv4
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
method
T}:T{
string
T}:T{
\ \&
T}:T{
IPv4 configuration method\&. If \*(Aqauto\*(Aq is specified then the appropriate automatic method (DHCP, PPP, etc) is used for the interface and most other properties can be left unset\&. If \*(Aqlink\-local\*(Aq is specified, then a link\-local address in the 169\&.254/16 range will be assigned to the interface\&. If \*(Aqmanual\*(Aq is specified, static IP addressing is used and at least one IP address must be given in the \*(Aqaddresses\*(Aq property\&. If \*(Aqshared\*(Aq is specified (indicating that this connection will provide network access to other computers) then the interface is assigned an address in the 10\&.42\&.x\&.1/24 range and a DHCP and forwarding DNS server are started, and the interface is NAT\-ed to the current default network connection\&. \*(Aqdisabled\*(Aq means IPv4 will not be used on this connection\&. This property must be set\&.
T}
T{
dns
T}:T{
array of uint32
T}:T{
\ \&
T}:T{
List of DNS servers (network byte order)\&. For the \*(Aqauto\*(Aq method, these DNS servers are appended to those (if any) returned by automatic configuration\&. DNS servers cannot be used with the \*(Aqshared\*(Aq, \*(Aqlink\-local\*(Aq, or \*(Aqdisabled\*(Aq methods as there is no upstream network\&. In all other methods, these DNS servers are used as the only DNS servers for this connection\&.
T}
T{
dns\-search
T}:T{
array of string
T}:T{
\ \&
T}:T{
List of DNS search domains\&. For the \*(Aqauto\*(Aq method, these search domains are appended to those returned by automatic configuration\&. Search domains cannot be used with the \*(Aqshared\*(Aq, \*(Aqlink\-local\*(Aq, or \*(Aqdisabled\*(Aq methods as there is no upstream network\&. In all other methods, these search domains are used as the only search domains for this connection\&.
T}
T{
addresses
T}:T{
array of array of uint32
T}:T{
\ \&
T}:T{
Array of IPv4 address structures\&. Each IPv4 address structure is composed of 3 32\-bit values; the first being the IPv4 address (network byte order), the second the prefix (1 \- 32), and last the IPv4 gateway (network byte order)\&. The gateway may be left as 0 if no gateway exists for that subnet\&. For the \*(Aqauto\*(Aq method, given IP addresses are appended to those returned by automatic configuration\&. Addresses cannot be used with the \*(Aqshared\*(Aq, \*(Aqlink\-local\*(Aq, or \*(Aqdisabled\*(Aq methods as addressing is either automatic or disabled with these methods\&.
T}
T{
address\-labels
T}:T{
array of string
T}:T{
\ \&
T}:T{
Internal use only
T}
T{
routes
T}:T{
array of array of uint32
T}:T{
\ \&
T}:T{
Array of IPv4 route structures\&. Each IPv4 route structure is composed of 4 32\-bit values; the first being the destination IPv4 network or address (network byte order), the second the destination network or address prefix (1 \- 32), the third being the next\-hop (network byte order) if any, and the fourth being the route metric\&. For the \*(Aqauto\*(Aq method, given IP routes are appended to those returned by automatic configuration\&. Routes cannot be used with the \*(Aqshared\*(Aq, \*(Aqlink\-local\*(Aq, or \*(Aqdisabled\*(Aq, methods as there is no upstream network\&.
T}
T{
ignore\-auto\-routes
T}:T{
boolean
T}:T{
FALSE
T}:T{
When the method is set to \*(Aqauto\*(Aq and this property to TRUE, automatically configured routes are ignored and only routes specified in the \*(Aqroutes\*(Aq property, if any, are used\&.
T}
T{
ignore\-auto\-dns
T}:T{
boolean
T}:T{
FALSE
T}:T{
When the method is set to \*(Aqauto\*(Aq and this property to TRUE, automatically configured nameservers and search domains are ignored and only nameservers and search domains specified in the \*(Aqdns\*(Aq and \*(Aqdns\-search\*(Aq properties, if any, are used\&.
T}
T{
dhcp\-client\-id
T}:T{
string
T}:T{
\ \&
T}:T{
A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options\&.
T}
T{
dhcp\-send\-hostname
T}:T{
boolean
T}:T{
TRUE
T}:T{
If TRUE, a hostname is sent to the DHCP server when acquiring a lease\&. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer\&. If the \*(Aqdhcp\-hostname\*(Aq property is empty and this property is TRUE, the current persistent hostname of the computer is sent\&.
T}
T{
dhcp\-hostname
T}:T{
string
T}:T{
\ \&
T}:T{
If the \*(Aqdhcp\-send\-hostname\*(Aq property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease\&.
T}
T{
never\-default
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, this connection will never be the default IPv4 connection, meaning it will never be assigned the default route by NetworkManager\&.
T}
T{
may\-fail
T}:T{
boolean
T}:T{
TRUE
T}:T{
If TRUE, allow overall network configuration to proceed even if IPv4 configuration times out\&. Note that at least one IP configuration must succeed or overall network configuration will still fail\&. For example, in IPv6\-only networks, setting this property to TRUE allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&13.\ \&ipv6 setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
ipv6
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
method
T}:T{
string
T}:T{
\ \&
T}:T{
IPv6 configuration method\&. If \*(Aqauto\*(Aq is specified then the appropriate automatic method (PPP, router advertisement, etc) is used for the device and most other properties can be left unset\&. To force the use of DHCP only, specify \*(Aqdhcp\*(Aq; this method is only valid for Ethernet\-based hardware\&. If \*(Aqlink\-local\*(Aq is specified, then an IPv6 link\-local address will be assigned to the interface\&. If \*(Aqmanual\*(Aq is specified, static IP addressing is used and at least one IP address must be given in the \*(Aqaddresses\*(Aq property\&. If \*(Aqignore\*(Aq is specified, IPv6 configuration is not done\&. This property must be set\&. Note: the \*(Aqshared\*(Aq method is not yet supported\&.
T}
T{
dhcp\-hostname
T}:T{
string
T}:T{
\ \&
T}:T{
The specified name will be sent to the DHCP server when acquiring a lease\&.
T}
T{
dns
T}:T{
array of byte array
T}:T{
\ \&
T}:T{
Array of DNS servers, where each member of the array is a byte array containing the IPv6 address of the DNS server (in network byte order)\&. For the \*(Aqauto\*(Aq method, these DNS servers are appended to those (if any) returned by automatic configuration\&. DNS servers cannot be used with the \*(Aqshared\*(Aq or \*(Aqlink\-local\*(Aq methods as there is no usptream network\&. In all other methods, these DNS servers are used as the only DNS servers for this connection\&.
T}
T{
dns\-search
T}:T{
array of string
T}:T{
\ \&
T}:T{
List of DNS search domains\&. For the \*(Aqauto\*(Aq method, these search domains are appended to those returned by automatic configuration\&. Search domains cannot be used with the \*(Aqshared\*(Aq or \*(Aqlink\-local\*(Aq methods as there is no upstream network\&. In all other methods, these search domains are used as the only search domains for this connection\&.
T}
T{
addresses
T}:T{
array of (byte array, uint32, byte array)
T}:T{
\ \&
T}:T{
Array of IPv6 address structures\&. Each IPv6 address structure is composed of 3 members, the first being a byte array containing the IPv6 address (network byte order), the second a 32\-bit integer containing the IPv6 address prefix, and the third a byte array containing the IPv6 address (network byte order) of the gateway associated with this address, if any\&. If no gateway is given, the third element should be given as all zeros\&. For the \*(Aqauto\*(Aq method, given IP addresses are appended to those returned by automatic configuration\&. Addresses cannot be used with the \*(Aqshared\*(Aq or \*(Aqlink\-local\*(Aq methods as the interface is automatically assigned an address with these methods\&.
T}
T{
routes
T}:T{
array of (byte array, uint32, byte array, uint32)
T}:T{
\ \&
T}:T{
Array of IPv6 route structures\&. Each IPv6 route structure is composed of 4 members; the first being the destination IPv6 network or address (network byte order) as a byte array, the second the destination network or address IPv6 prefix, the third being the next\-hop IPv6 address (network byte order) if any, and the fourth being the route metric\&. For the \*(Aqauto\*(Aq method, given IP routes are appended to those returned by automatic configuration\&. Routes cannot be used with the \*(Aqshared\*(Aq or \*(Aqlink\-local\*(Aq methods because there is no upstream network\&.
T}
T{
ignore\-auto\-routes
T}:T{
boolean
T}:T{
FALSE
T}:T{
When the method is set to \*(Aqauto\*(Aq or \*(Aqdhcp\*(Aq and this property is set to TRUE, automatically configured routes are ignored and only routes specified in the \*(Aqroutes\*(Aq property, if any, are used\&.
T}
T{
ignore\-auto\-dns
T}:T{
boolean
T}:T{
FALSE
T}:T{
When the method is set to \*(Aqauto\*(Aq or \*(Aqdhcp\*(Aq and this property is set to TRUE, automatically configured nameservers and search domains are ignored and only nameservers and search domains specified in the \*(Aqdns\*(Aq and \*(Aqdns\-search\*(Aq properties, if any, are used\&.
T}
T{
never\-default
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, this connection will never be the default IPv6 connection, meaning it will never be assigned the default IPv6 route by NetworkManager\&.
T}
T{
may\-fail
T}:T{
boolean
T}:T{
TRUE
T}:T{
If TRUE, allow overall network configuration to proceed even if IPv6 configuration times out\&. Note that at least one IP configuration must succeed or overall network configuration will still fail\&. For example, in IPv4\-only networks, setting this property to TRUE allows the overall network configuration to succeed if IPv6 configuration fails but IPv4 configuration completes successfully\&.
T}
T{
ip6\-privacy
T}:T{
int32
T}:T{
\-1
T}:T{
Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941\&. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI\-64\&. This enhances privacy, but could cause problems in some applications, on the other hand\&. The permitted values are: 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses)\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&14.\ \&802-11-olpc-mesh setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
802\-11\-olpc\-mesh
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
ssid
T}:T{
byte array
T}:T{
[]
T}:T{
SSID of the mesh network to join\&.
T}
T{
channel
T}:T{
uint32
T}:T{
0
T}:T{
Channel on which the mesh network to join is located\&.
T}
T{
dhcp\-anycast\-address
T}:T{
byte array
T}:T{
[]
T}:T{
Anycast DHCP MAC address used when requesting an IP address via DHCP\&. The specific anycast address used determines which DHCP server class answers the the request\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&15.\ \&ppp setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
ppp
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
noauth
T}:T{
boolean
T}:T{
TRUE
T}:T{
If TRUE, do not require the other side (usually the PPP server) to authenticate itself to the client\&. If FALSE, require authentication from the remote side\&. In almost all cases, this should be TRUE\&.
T}
T{
refuse\-eap
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, the EAP authentication method will not be used\&.
T}
T{
refuse\-pap
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, the PAP authentication method will not be used\&.
T}
T{
refuse\-chap
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, the CHAP authentication method will not be used\&.
T}
T{
refuse\-mschap
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, the MSCHAP authentication method will not be used\&.
T}
T{
refuse\-mschapv2
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, the MSCHAPv2 authentication method will not be used\&.
T}
T{
nobsdcomp
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, BSD compression will not be requested\&.
T}
T{
nodeflate
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, \*(Aqdeflate\*(Aq compression will not be requested\&.
T}
T{
no\-vj\-comp
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, Van Jacobsen TCP header compression will not be requested\&.
T}
T{
require\-mppe
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, MPPE (Microsoft Point\-to\-Point Encrpytion) will be required for the PPP session\&. If either 64\-bit or 128\-bit MPPE is not available the session will fail\&. Note that MPPE is not used on mobile broadband connections\&.
T}
T{
require\-mppe\-128
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, 128\-bit MPPE (Microsoft Point\-to\-Point Encrpytion) will be required for the PPP session, and the \*(Aqrequire\-mppe\*(Aq property must also be set to TRUE\&. If 128\-bit MPPE is not available the session will fail\&.
T}
T{
mppe\-stateful
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, stateful MPPE is used\&. See pppd documentation for more information on stateful MPPE\&.
T}
T{
crtscts
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, specify that pppd should set the serial port to use hardware flow control with RTS and CTS signals\&. This value should normally be set to FALSE\&.
T}
T{
baud
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, instruct pppd to set the serial port to the specified baudrate\&. This value should normally be left as 0 to automatically choose the speed\&.
T}
T{
mru
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, instruct pppd to request that the peer send packets no larger than the specified size\&. If non\-zero, the MRU should be between 128 and 16384\&.
T}
T{
mtu
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, instruct pppd to send packets no larger than the specified size\&.
T}
T{
lcp\-echo\-failure
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, instruct pppd to presume the connection to the peer has failed if the specified number of LCP echo\-requests go unanswered by the peer\&. The \*(Aqlcp\-echo\-interval\*(Aq property must also be set to a non\-zero value if this property is used\&.
T}
T{
lcp\-echo\-interval
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, instruct pppd to send an LCP echo\-request frame to the peer every n seconds (where n is the specified value)\&. Note that some PPP peers will respond to echo requests and some will not, and it is not possible to autodetect this\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&16.\ \&pppoe setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
pppoe
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
service
T}:T{
string
T}:T{
\ \&
T}:T{
If specified, instruct PPPoE to only initiate sessions with access concentrators that provide the specified service\&. For most providers, this should be left blank\&. It is only required if there are multiple access concentrators or a specific service is known to be required\&.
T}
T{
username
T}:T{
string
T}:T{
\ \&
T}:T{
Username used to authenticate with the PPPoE service\&.
T}
T{
password
T}:T{
string
T}:T{
\ \&
T}:T{
Password used to authenticate with the PPPoE service\&.
T}
T{
password\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the PPPoE password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&17.\ \&serial setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
serial
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
baud
T}:T{
uint32
T}:T{
57600
T}:T{
Speed to use for communication over the serial port\&. Note that this value usually has no effect for mobile broadband modems as they generally ignore speed settings and use the highest available speed\&.
T}
T{
bits
T}:T{
uint32
T}:T{
8
T}:T{
Byte\-width of the serial communication\&. The 8 in \*(Aq8n1\*(Aq for example\&.
T}
T{
parity
T}:T{
gchar
T}:T{
110
T}:T{
Parity setting of the serial port\&. Either \*(AqE\*(Aq for even parity, \*(Aqo\*(Aq for odd parity, or \*(Aqn\*(Aq for no parity\&.
T}
T{
stopbits
T}:T{
uint32
T}:T{
1
T}:T{
Number of stop bits for communication on the serial port\&. Either 1 or 2\&. The 1 in \*(Aq8n1\*(Aq for example\&.
T}
T{
send\-delay
T}:T{
uint64
T}:T{
0
T}:T{
Time to delay between each byte sent to the modem, in microseconds\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&18.\ \&team setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
team
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
interface\-name
T}:T{
string
T}:T{
\ \&
T}:T{
The name of the virtual in\-kernel team network interface
T}
T{
config
T}:T{
string
T}:T{
\ \&
T}:T{
JSON configuration for the team network interface\&. The property should contain raw JSON configuration data suitable for teamd, because the value is passed directly to teamd\&. If not specified, the default configuration is used\&. See man teamd\&.conf for the format details\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&19.\ \&team-port setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
team\-port
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
config
T}:T{
string
T}:T{
\ \&
T}:T{
JSON configuration for the team port\&. The property should contain raw JSON configuration data suitable for teamd, because the value is passed directly to teamd\&. If not specified, the dafault configuration is used\&. See man teamd\&.conf for the format details\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&20.\ \&vlan setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
vlan
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
interface\-name
T}:T{
string
T}:T{
\ \&
T}:T{
If given, specifies the kernel name of the VLAN interface\&. If not given, a default name will be constructed from the interface described by the parent interface and the \*(Aqid\*(Aq property, ex \*(Aqeth2\&.1\*(Aq\&. The parent interface may be given by the \*(Aqparent\*(Aq property or by the \*(Aqmac\-address\*(Aq property of a \*(Aqwired\*(Aq setting\&.
T}
T{
parent
T}:T{
string
T}:T{
\ \&
T}:T{
If given, specifies the parent interface name or parent connection UUID from which this VLAN interface should be created\&. If this property is not specified, the connection must contain a \*(Aqwired\*(Aq setting with a \*(Aqmac\-address\*(Aq property\&.
T}
T{
id
T}:T{
uint32
T}:T{
0
T}:T{
The VLAN indentifier the interface created by this connection should be assigned\&.
T}
T{
flags
T}:T{
uint32
T}:T{
0
T}:T{
One or more flags which control the behavior and features of the VLAN interface\&. Flags include reordering of output packet headers (0x01), use of the GVRP protocol (0x02), and loose binding of the interface to its master device\*(Aqs operating state (0x04)\&.
T}
T{
ingress\-priority\-map
T}:T{
array of string
T}:T{
\ \&
T}:T{
For incoming packets, a list of mappings from 802\&.1p priorities to Linux SKB priorities\&. The mapping is given in the format \*(Aqfrom:to\*(Aq where both \*(Aqfrom\*(Aq and \*(Aqto\*(Aq are unsigned integers, ie \*(Aq7:3\*(Aq\&.
T}
T{
egress\-priority\-map
T}:T{
array of string
T}:T{
\ \&
T}:T{
For outgoing packets, a list of mappings from Linux SKB priorities to 802\&.1p priorities\&. The mapping is given in the format \*(Aqfrom:to\*(Aq where both \*(Aqfrom\*(Aq and \*(Aqto\*(Aq are unsigned integers, ie \*(Aq7:3\*(Aq\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&21.\ \&vpn setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
vpn
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
service\-type
T}:T{
string
T}:T{
\ \&
T}:T{
D\-Bus service name of the VPN plugin that this setting uses to connect to its network\&. i\&.e\&. org\&.freedesktop\&.NetworkManager\&.vpnc for the vpnc plugin\&.
T}
T{
user\-name
T}:T{
string
T}:T{
\ \&
T}:T{
If the VPN connection requires a user name for authentication, that name should be provided here\&. If the connection is available to more than one user, and the VPN requires each user to supply a different name, then leave this property empty\&. If this property is empty, NetworkManager will automatically supply the username of the user which requested the VPN connection\&.
T}
T{
data
T}:T{
dict of (string::string)
T}:T{
\ \&
T}:T{
Dictionary of key/value pairs of VPN plugin specific data\&. Both keys and values must be strings\&.
T}
T{
secrets
T}:T{
dict of (string::string)
T}:T{
\ \&
T}:T{
Dictionary of key/value pairs of VPN plugin specific secrets like passwords or private keys\&. Both keys and values must be strings\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&22.\ \&wimax setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
wimax
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
network\-name
T}:T{
string
T}:T{
\ \&
T}:T{
Network Service Provider (NSP) name of the WiMAX network this connection should use\&.
T}
T{
mac\-address
T}:T{
byte array
T}:T{
[]
T}:T{
If specified, this connection will only apply to the WiMAX device whose MAC address matches\&. This property does not change the MAC address of the device (known as MAC spoofing)\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&23.\ \&802-3-ethernet setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
802\-3\-ethernet
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
port
T}:T{
string
T}:T{
\ \&
T}:T{
Specific port type to use if multiple the device supports multiple attachment methods\&. One of \*(Aqtp\*(Aq (Twisted Pair), \*(Aqaui\*(Aq (Attachment Unit Interface), \*(Aqbnc\*(Aq (Thin Ethernet) or \*(Aqmii\*(Aq (Media Independent Interface\&. If the device supports only one port type, this setting is ignored\&.
T}
T{
speed
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, request that the device use only the specified speed\&. In Mbit/s, ie 100 == 100Mbit/s\&.
T}
T{
duplex
T}:T{
string
T}:T{
\ \&
T}:T{
If specified, request that the device only use the specified duplex mode\&. Either \*(Aqhalf\*(Aq or \*(Aqfull\*(Aq\&.
T}
T{
auto\-negotiate
T}:T{
boolean
T}:T{
TRUE
T}:T{
If TRUE, allow auto\-negotiation of port speed and duplex mode\&. If FALSE, do not allow auto\-negotiation,in which case the \*(Aqspeed\*(Aq and \*(Aqduplex\*(Aq properties should be set\&.
T}
T{
mac\-address
T}:T{
byte array
T}:T{
[]
T}:T{
If specified, this connection will only apply to the Ethernet device whose permanent MAC address matches\&. This property does not change the MAC address of the device (i\&.e\&. MAC spoofing)\&.
T}
T{
cloned\-mac\-address
T}:T{
byte array
T}:T{
[]
T}:T{
If specified, request that the device use this MAC address instead of its permanent MAC address\&. This is known as MAC cloning or spoofing\&.
T}
T{
mac\-address\-blacklist
T}:T{
array of string
T}:T{
\ \&
T}:T{
If specified, this connection will never apply to the Ethernet device whose permanent MAC address matches an address in the list\&. Each MAC address is in the standard hex\-digits\-and\-colons notation (00:11:22:33:44:55)\&.
T}
T{
mtu
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames\&.
T}
T{
s390\-subchannels
T}:T{
array of string
T}:T{
\ \&
T}:T{
Identifies specific subchannels that this network device uses for communcation with z/VM or s390 host\&. Like the \*(Aqmac\-address\*(Aq property for non\-z/VM devices, this property can be used to ensure this connection only applies to the network device that uses these subchannels\&. The list should contain exactly 3 strings, and each string may only be composed of hexadecimal characters and the period (\&.) character\&.
T}
T{
s390\-nettype
T}:T{
string
T}:T{
\ \&
T}:T{
s390 network device type; one of \*(Aqqeth\*(Aq, \*(Aqlcs\*(Aq, or \*(Aqctc\*(Aq, representing the different types of virtual network devices available on s390 systems\&.
T}
T{
s390\-options
T}:T{
dict of (string::string)
T}:T{
\ \&
T}:T{
Dictionary of key/value pairs of s390\-specific device options\&. Both keys and values must be strings\&. Allowed keys include \*(Aqportno\*(Aq, \*(Aqlayer2\*(Aq, \*(Aqportname\*(Aq, \*(Aqprotocol\*(Aq, among others\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&24.\ \&802-11-wireless setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
802\-11\-wireless
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
ssid
T}:T{
byte array
T}:T{
[]
T}:T{
SSID of the Wi\-Fi network\&. Must be specified\&.
T}
T{
mode
T}:T{
string
T}:T{
\ \&
T}:T{
Wi\-Fi network mode; one of \*(Aqinfrastructure\*(Aq, \*(Aqadhoc\*(Aq or \*(Aqap\*(Aq\&. If blank, infrastructure is assumed\&.
T}
T{
band
T}:T{
string
T}:T{
\ \&
T}:T{
802\&.11 frequency band of the network\&. One of \*(Aqa\*(Aq for 5GHz 802\&.11a or \*(Aqbg\*(Aq for 2\&.4GHz 802\&.11\&. This will lock associations to the Wi\-Fi network to the specific band, i\&.e\&. if \*(Aqa\*(Aq is specified, the device will not associate with the same network in the 2\&.4GHz band even if the network\*(Aqs settings are compatible\&. This setting depends on specific driver capability and may not work with all drivers\&.
T}
T{
channel
T}:T{
uint32
T}:T{
0
T}:T{
Wireless channel to use for the Wi\-Fi connection\&. The device will only join (or create for Ad\-Hoc networks) a Wi\-Fi network on the specified channel\&. Because channel numbers overlap between bands, this property also requires the \*(Aqband\*(Aq property to be set\&.
T}
T{
bssid
T}:T{
byte array
T}:T{
[]
T}:T{
If specified, directs the device to only associate with the given access point\&. This capability is highly driver dependent and not supported by all devices\&. Note: this property does not control the BSSID used when creating an Ad\-Hoc network and is unlikely to in the future\&.
T}
T{
rate
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, directs the device to only use the specified bitrate for communication with the access point\&. Units are in Kb/s, ie 5500 = 5\&.5 Mbit/s\&. This property is highly driver dependent and not all devices support setting a static bitrate\&.
T}
T{
tx\-power
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, directs the device to use the specified transmit power\&. Units are dBm\&. This property is highly driver dependent and not all devices support setting a static transmit power\&.
T}
T{
mac\-address
T}:T{
byte array
T}:T{
[]
T}:T{
If specified, this connection will only apply to the Wi\-Fi device whose permanent MAC address matches\&. This property does not change the MAC address of the device (i\&.e\&. MAC spoofing)\&.
T}
T{
cloned\-mac\-address
T}:T{
byte array
T}:T{
[]
T}:T{
If specified, request that the Wi\-Fi device use this MAC address instead of its permanent MAC address\&. This is known as MAC cloning or spoofing\&.
T}
T{
mac\-address\-blacklist
T}:T{
array of string
T}:T{
\ \&
T}:T{
A list of permanent MAC addresses of Wi\-Fi devices to which this connection should never apply\&. Each MAC address should be given in the standard hex\-digits\-and\-colons notation (eg \*(Aq00:11:22:33:44:55\*(Aq)\&.
T}
T{
mtu
T}:T{
uint32
T}:T{
0
T}:T{
If non\-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames\&.
T}
T{
seen\-bssids
T}:T{
array of string
T}:T{
\ \&
T}:T{
A list of BSSIDs (each BSSID formatted as a MAC address like 00:11:22:33:44:55\*(Aq) that have been detected as part of the Wi\-Fi network\&. NetworkManager internally tracks previously seen BSSIDs\&. The property is only meant for reading and reflects the BSSID list of NetworkManager\&. The changes you make to this property will not be preserved\&.
T}
T{
security
T}:T{
string
T}:T{
\ \&
T}:T{
If the wireless connection has any security restrictions, like 802\&.1x, WEP, or WPA, set this property to \*(Aq802\-11\-wireless\-security\*(Aq and ensure the connection contains a valid 802\-11\-wireless\-security setting\&.
T}
T{
hidden
T}:T{
boolean
T}:T{
FALSE
T}:T{
If TRUE, indicates this network is a non\-broadcasting network that hides its SSID\&. In this case various workarounds may take place, such as probe\-scanning the SSID for more reliable network discovery\&. However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution\&.
T}
.TE
.sp 1
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&25.\ \&802-11-wireless-security setting
.TS
allbox tab(:);
lB lB lB lB.
T{
Key Name
T}:T{
Value Type
T}:T{
Default Value
T}:T{
Value Description
T}
.T&
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l
l l l l.
T{
name
T}:T{
string
T}:T{
802\-11\-wireless\-security
T}:T{
The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&. Each setting class has a name, and all objects of that class share the same name\&.
T}
T{
key\-mgmt
T}:T{
string
T}:T{
\ \&
T}:T{
Key management used for the connection\&. One of \*(Aqnone\*(Aq (WEP), \*(Aqieee8021x\*(Aq (Dynamic WEP), \*(Aqwpa\-none\*(Aq (WPA\-PSK Ad\-Hoc), \*(Aqwpa\-psk\*(Aq (infrastructure WPA\-PSK), or \*(Aqwpa\-eap\*(Aq (WPA\-Enterprise)\&. This property must be set for any Wi\-Fi connection that uses security\&.
T}
T{
wep\-tx\-keyidx
T}:T{
uint32
T}:T{
0
T}:T{
When static WEP is used (ie, key\-mgmt = \*(Aqnone\*(Aq) and a non\-default WEP key index is used by the AP, put that WEP key index here\&. Valid values are 0 (default key) through 3\&. Note that some consumer access points (like the Linksys WRT54G) number the keys 1 \- 4\&.
T}
T{
auth\-alg
T}:T{
string
T}:T{
\ \&
T}:T{
When WEP is used (ie, key\-mgmt = \*(Aqnone\*(Aq or \*(Aqieee8021x\*(Aq) indicate the 802\&.11 authentication algorithm required by the AP here\&. One of \*(Aqopen\*(Aq for Open System, \*(Aqshared\*(Aq for Shared Key, or \*(Aqleap\*(Aq for Cisco LEAP\&. When using Cisco LEAP (ie, key\-mgmt = \*(Aqieee8021x\*(Aq and auth\-alg = \*(Aqleap\*(Aq) the \*(Aqleap\-username\*(Aq and \*(Aqleap\-password\*(Aq properties must be specified\&.
T}
T{
proto
T}:T{
array of string
T}:T{
\ \&
T}:T{
List of strings specifying the allowed WPA protocol versions to use\&. Each element may be one \*(Aqwpa\*(Aq (allow WPA) or \*(Aqrsn\*(Aq (allow WPA2/RSN)\&. If not specified, both WPA and RSN connections are allowed\&.
T}
T{
pairwise
T}:T{
array of string
T}:T{
\ \&
T}:T{
A list of pairwise encryption algorithms which prevents connections to Wi\-Fi networks that do not utilize one of the algorithms in the list\&. For maximum compatibility leave this property empty\&. Each list element may be one of \*(Aqtkip\*(Aq or \*(Aqccmp\*(Aq\&.
T}
T{
group
T}:T{
array of string
T}:T{
\ \&
T}:T{
A list of group/broadcast encryption algorithms which prevents connections to Wi\-Fi networks that do not utilize one of the algorithms in the list\&. For maximum compatibility leave this property empty\&. Each list element may be one of \*(Aqwep40\*(Aq, \*(Aqwep104\*(Aq, \*(Aqtkip\*(Aq, or \*(Aqccmp\*(Aq\&.
T}
T{
leap\-username
T}:T{
string
T}:T{
\ \&
T}:T{
The login username for legacy LEAP connections (ie, key\-mgmt = \*(Aqieee8021x\*(Aq and auth\-alg = \*(Aqleap\*(Aq)\&.
T}
T{
wep\-key0
T}:T{
string
T}:T{
\ \&
T}:T{
Index 0 WEP key\&. This is the WEP key used in most networks\&. See the \*(Aqwep\-key\-type\*(Aq property for a description of how this key is interpreted\&.
T}
T{
wep\-key1
T}:T{
string
T}:T{
\ \&
T}:T{
Index 1 WEP key\&. This WEP index is not used by most networks\&. See the \*(Aqwep\-key\-type\*(Aq property for a description of how this key is interpreted\&.
T}
T{
wep\-key2
T}:T{
string
T}:T{
\ \&
T}:T{
Index 2 WEP key\&. This WEP index is not used by most networks\&. See the \*(Aqwep\-key\-type\*(Aq property for a description of how this key is interpreted\&.
T}
T{
wep\-key3
T}:T{
string
T}:T{
\ \&
T}:T{
Index 3 WEP key\&. This WEP index is not used by most networks\&. See the \*(Aqwep\-key\-type\*(Aq property for a description of how this key is interpreted\&.
T}
T{
wep\-key\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the WEP keys\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
wep\-key\-type
T}:T{
uint32
T}:T{
0
T}:T{
Controls the interpretation of WEP keys\&. Allowed values are 1 (interpret WEP keys as hexadecimal or ASCII keys) or 2 (interpret WEP keys as WEP Passphrases)\&. If set to 1 and the keys are hexadecimal, they must be either 10 or 26 characters in length\&. If set to 1 and the keys are ASCII keys, they must be either 5 or 13 characters in length\&. If set to 2, the passphrase is hashed using the de\-facto MD5 method to derive the actual WEP key\&.
T}
T{
psk
T}:T{
string
T}:T{
\ \&
T}:T{
Pre\-Shared\-Key for WPA networks\&. If the key is 64\-characters long, it must contain only hexadecimal characters and is interpreted as a hexadecimal WPA key\&. Otherwise, the key must be between 8 and 63 ASCII characters (as specified in the 802\&.11i standard) and is interpreted as a WPA passphrase, and is hashed to derive the actual WPA\-PSK used when connecting to the Wi\-Fi network\&.
T}
T{
psk\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the WPA PSK key\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
T{
leap\-password
T}:T{
string
T}:T{
\ \&
T}:T{
The login password for legacy LEAP connections (ie, key\-mgmt = \*(Aqieee8021x\*(Aq and auth\-alg = \*(Aqleap\*(Aq)\&.
T}
T{
leap\-password\-flags
T}:T{
uint32
T}:T{
0
T}:T{
Flags indicating how to handle the LEAP password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
T}
.TE
.sp 1
.SS "Secret flag types:"
.PP
Each secret property in a setting has an associated
\fIflags\fR
property that describes how to handle that secret\&. The
\fIflags\fR
property is a bitfield that contains zero or more of the following values logically OR\-ed together\&.
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
0x0 (none) \- the system is responsible for providing and storing this secret\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
0x1 (agent\-owned) \- a user\-session secret agent is responsible for providing and storing this secret; when it is required, agents will be asked to provide it\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
0x2 (not\-saved) \- this secret should not be saved but should be requested from the user each time it is required\&. This flag should be used for One\-Time\-Pad secrets, PIN codes from hardware tokens, or if the user simply does not want to save the secret\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
0x4 (not\-required) \- in some situations it cannot be automatically determined that a secret is required or not\&. This flag hints that the secret is not required and should not be requested from the user\&.
.RE
.SH "AUTHOR"
.PP
NetworkManager developers
.SH "FILES"
.PP
/etc/NetworkManager/system\-connections
.PP
or distro plugin\-specific location
.SH "SEE ALSO"
.PP
https://live\&.gnome\&.org/NetworkManagerConfiguration
.PP
NetworkManager(8), nmcli(1), nmcli\-examples(5), NetworkManager\&.conf(5)