1 Connman configuration file format
2 *********************************
4 Connman uses configuration files to provision existing services. Connman will
5 be looking for its configuration files at STORAGEDIR which by default points
6 to /var/lib/connman/. Configuration file names must not include other
7 characters than letters or numbers and must have a .config suffix.
8 Those configuration files are text files with a simple format and we typically
9 have one file per provisioned network.
11 If the config file is removed, then Connman tries to remove the
12 provisioned service. If individual service entry inside config is removed,
13 then the corresponding provisioned service is removed. If service
14 entry is changed, then corresponding service is removed and then
15 immediately re-provisioned.
21 These files can have an optional global entry describing the actual file.
22 The 2 allowed fields for that entry are:
23 - Name: Name of the network.
24 - Description: Description of the network.
27 Service entry [service_*]
28 =========================
30 Each provisioned service must start with the [service_*] tag. Replace * with
31 an identifier unique to the config file.
34 - Type: Service type. We currently only support wifi and ethernet.
35 - IPv4: The IPv4 address, netmask and gateway. Format of the entry
36 is network/netmask/gateway. The mask length can be used instead
37 of netmask. The field can also contain the string "off" or "dhcp".
38 If the setting is "off", then no IPv4 address is set to the interface.
39 If the setting is "dhcp", then DHCPv4 address resolution is activated.
40 Example: 192.168.1.2/24/192.168.1.1
41 192.168.200.100/255.255.255.0/192.168.200.1
42 - IPv6: The IPv6 address, prefix length and gateway. Format of the entry
43 is network/prefixlen/gateway. For IPv6 addresses only prefix length is
44 accepted. The field can also contain the string "off" or "auto".
45 If the setting is "off", then no IPv6 address is set to the interface.
46 If the setting is "auto", then SLAAC or DHCPv6 is used.
47 Example: 2001:db8::2/64/2001:db8::1
48 - IPv6.Privacy: IPv6 privacy option. Value can be either "disabled",
49 "enabled" or "prefered". See use_tempaddr variable description in Linux
50 kernel Documentation/networking/ip-sysctl.txt file.
51 - MAC: MAC address of the interface where this setting should be applied.
52 The MAC address is optional and if it is missing, then the first found
53 interface is used. The byte values must have prefix 0 added,
54 the bytes must be separated by ":" char and its length must be
55 exactly 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 = 17 characters.
56 - Nameservers: Comma separated list of nameservers
57 - SearchDomains: Comma separated list of DNS search domains
58 - Timeservers: Comma separated list of timeservers
59 - Domain: Domain name to be used
61 If IPv4 address is missing then DHCP is used. If IPv6 address is missing,
62 then SLAAC or DHCPv6 is used.
64 The following options are valid if Type is "wifi"
65 - Name: A string representation of an 802.11 SSID. If the SSID field is
66 present, the Name field is ignored.
67 - SSID: A hexadecimal representation of an 802.11 SSID. If the SSID field is
68 omitted, the Name field is used instead.
69 - EAP: EAP type. We currently only support tls, ttls or peap.
70 - CACertFile: File path to CA certificate file (PEM/DER).
71 - ClientCertFile: File path to client certificate file (PEM/DER).
72 - PrivateKeyFile: File path to client private key file (PEM/DER/PFX).
73 - PrivateKeyPassphrase: Password/passphrase for private key file.
74 - PrivateKeyPassphraseType: We only support the fsid passphrase type for now.
75 This is for private keys generated by using their own filesystem UUID as the
76 passphrase. The PrivateKeyPassphrase field is ignored when this field is set
78 - Identity: Identity string for EAP.
79 - Phase2: Phase2 (inner authentication with TLS tunnel) authentication method.
80 Prefix the value with "EAP-" to indicate the usage of an EAP-based inner
81 authentication method (should only be used with EAP = TTLS).
82 - Passphrase: RSN/WPA/WPA2 Passphrase
83 - Hidden: If set to true, then this AP is hidden. If missing or set to false,
84 then AP is not hidden.
90 This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
92 The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid and the file name
94 Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
95 746c735f73736964"). If your SSID does not contain any exotic character then
96 you should use the Name entry instead (e.g. "Name = tls_ssid").
99 example@example:[~]$ cat /var/lib/connman/example.config
102 Description = Example network configuration
106 SSID = 746c735f73736964
108 CACertFile = /home/user/.certs/ca.pem
109 ClientCertFile = /home/user/devlp/.certs/client.pem
110 PrivateKeyFile = /home/user/.certs/client.fsid.pem
111 PrivateKeyPassphraseType = fsid
118 CACertFile = /home/user/.cert/ca.pem
126 CACertFile = /home/user/.cert/ca.pem
130 [service_home_ethernet]
132 IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
133 IPv6 = 2001:db8::42/64/2001:db8::1
134 MAC = 01:02:03:04:05:06
135 Nameservers = 10.2.3.4,192.168.1.99
136 SearchDomains = my.home,isp.net
137 Timeservers = 10.172.2.1,ntp.my.isp.net
144 IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
145 MAC = 06:05:04:03:02:01