|service-name.config(5)||File Formats Manual||service-name.config(5)|
NAME¶service-name.config - ConnMan service provisioning file
DESCRIPTION¶ConnMan's services are configured with so called "provisioning files" which reside under /var/lib/connman/. The files can be named anything, as long as they end in .config. The provisioning files can be used to configure for example secured wireless access points which need complex authentication, for example eduroam, or for static IPs and so on. Each provisioning file can be used for multiple services at once.
FILE FORMAT¶The configuration file consists of sections (groups) of key-value pairs. Lines beginning with a '#' and blank lines are considered comments. Sections are started by a header line containing the section enclosed in '[' and ']', and ended implicitly by the start of the next section or the end of the file. Each key-value pair must be contained in a section.
Description of sections and available keys follows:
[global]¶This section is optional, and can be used to describe the actual file. The two allowed fields for this section are:
- Name of the network.
- Description of the network.
[service_*]¶Each provisioned service must start with a [service_*] tag, with * replaced by an unique name within the file. The allowed fields are:
- Type=ethernet | wifi
- Mandatory. Other types than ethernet or wifi are not supported.
- IPv4=off | dhcp | network/netmask/gateway
- IPv4 settings for the service. If set to off, IPv4 won't be used. If set to dhcp, dhcp will be used to obtain the network settings. netmask can be specified as length of the mask rather than the mask itself. The gateway can be omitted when using a static IP.
- IPv6=off | auto | network/prefixlength/gateway
- IPv6 settings for the service. If set to off, IPv6 won't be used. If set to auto, settings will be obtained from the network.
- IPv6.Privacy=disabled | enabled | preferred
- IPv6 privacy settings as per RFC3041.
- MAC address of the interface to be used. If not specified, the first found interface is used. Must be in format ab:cd:ef:01:23:45.
- Comma separated list of nameservers.
- Comma separated list of DNS search domains.
- Comma separated list of timeservers.
- Domain name to be used.
- The following keys can only be used for wireless networks:
- A string representation of an network SSID. If the SSID field is present, the Name field is ignored. If the SSID field is not present, this field is mandatory.
- SSID: A hexadecimal representation of an 802.11 SSID. Use this format to encode special characters including starting or ending spaces.
- RSN/WPA/WPA2 Passphrase.
- The security type of the network. Possible values are psk (WPA/WPA2 PSK), ieee8021x (WPA EAP), none and wep. When not set, the default value is ieee8021x if an EAP type is configured, psk if a passphrase is present and none otherwise.
- Hidden=true | false
- If set to true, then this AP is hidden. If missing or set to false, then AP is not hidden.
- The following keys are used for WPA EAP (when Security=ieee8021x):
- EAP=tls | ttls | peap
- EAP type to use. Only tls, ttls and peap are supported.
- Path to the CA certificate file. Only PEM and DER formats are supported.
- Path to the private key file. Only PEM, DER and PFX formats are supported.
- Passphrase of the private key.
- If specified, use the private key's fsid as the passphrase, and ignore the PrivateKeyPassphrase field.
- Identity string for EAP.
- Anonymous identity string for EAP.
- Substring to be matched against the subject of the authentication server certificate for EAP.
- Semicolon separated string of entries to be matched against the alternative subject name of the authentication server certificate for EAP.
- Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for the authentication server certificate for EAP.
- This FQDN is used as a full match requirement for the authentication server certificate for EAP.
- Inner authentication type with for EAP=tls or EAP=ttls. Prefix the value with EAP- to indicate usage of EAP-based authentication method (should only be used with EAP=ttls).
Eduroam¶This is a configuration file for eduroam networks. This file could for example be /var/lib/connman/eduroam.config. Your university's exact settings might be different.
[service_eduroam] Type = wifi Name = eduroam EAP = peap Phase2 = MSCHAPV2 CACertFile = /etc/ssl/certs/UNIV_CA.crt
Complex networking¶This is a configuration file for a network providing EAP-TLS, EAP-TTLS and EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid and the file name could be /var/lib/connman/complex.config.
Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID = 746c735f73736964"). If your SSID does not contain any exotic character then you should use the Name entry instead (e.g. "Name = tls_ssid").
[global] Name = Example Description = Example network configuration [service_tls] Type = wifi SSID = 746c735f73736964 EAP = tls CACertFile = /home/user/.certs/ca.pem ClientCertFile = /home/user/devlp/.certs/client.pem PrivateKeyFile = /home/user/.certs/client.fsid.pem PrivateKeyPassphraseType = fsid Identity = user [service_ttls] Type = wifi Name = ttls_ssid EAP = ttls CACertFile = /home/user/.cert/ca.pem Phase2 = MSCHAPV2 Identity = user [service_peap] Type = wifi Name = peap_ssid EAP = peap CACertFile = /home/user/.cert/ca.pem Phase2 = MSCHAPV2 Identity = user [service_home_ethernet] Type = ethernet IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1 IPv6 = 2001:db8::42/64/2001:db8::1 MAC = 01:02:03:04:05:06 Nameservers = 10.2.3.4,192.168.1.99 SearchDomains = my.home,isp.net Timeservers = 10.172.2.1,ntp.my.isp.net Domain = my.home [service_home_wifi] Type = wifi Name = my_home_wifi Passphrase = password IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1 MAC = 06:05:04:03:02:01