1 Connman configuration file format
2 *********************************
4 Connman uses configuration files to provision existing services. Connman will
5 be looking for its configuration files at STORAGEDIR which by default points
6 to /var/lib/connman/. Configuration file names must not include other
7 characters than letters or numbers and must have a .config suffix.
8 Those configuration files are text files with a simple key-value pair format,
9 organized into sections. Values do not comprise leading or trailing whitespace.
10 We typically have one file per provisioned network.
12 If the config file is removed, then Connman tries to remove the
13 provisioned services. If an individual service inside a config is removed,
14 then the corresponding provisioned service is removed. If a service section
15 is changed, then the corresponding service is removed and immediately
19 Global section [global]
20 =======================
22 These files can have an optional global section describing the actual file.
23 The two allowed fields for this section are:
24 - Name: Name of the network.
25 - Description: Description of the network.
28 Service sections [service_*]
29 ============================
31 Each provisioned service must start with the [service_*] tag. Replace * with
32 an identifier unique to the config file.
35 - Type: Service type. We currently only support wifi and ethernet.
36 - IPv4: The IPv4 address, netmask and gateway. Format of the entry
37 is network/netmask/gateway. The mask length can be used instead
38 of netmask. The gateway can be omitted if necessary.
39 The IPv4 field can also contain the string "off" or "dhcp".
40 If the setting is "off", then no IPv4 address is set to the interface.
41 If the setting is "dhcp", then DHCPv4 address resolution is activated.
42 Example: 192.168.1.2/24/192.168.1.1
43 192.168.200.100/255.255.255.0/192.168.200.1
45 - IPv6: The IPv6 address, prefix length and gateway. Format of the entry
46 is network/prefixlen/gateway. For IPv6 addresses only prefix length is
47 accepted. The gateway can be omitted if necessary.
48 The IPv6 field can also contain the string "off" or "auto".
49 If the setting is "off", then no IPv6 address is set to the interface.
50 If the setting is "auto", then SLAAC or DHCPv6 is used.
51 Example: 2001:db8::2/64/2001:db8::1
53 - IPv6.Privacy: IPv6 privacy option. Value can be either "disabled",
54 "enabled" or "preferred" (or the misspelled "prefered"). See use_tempaddr
55 variable description in Linux kernel Documentation/networking/ip-sysctl.txt
57 - MAC: MAC address of the interface where this setting should be applied.
58 The MAC address is optional and if it is missing, then the first found
59 interface is used. The byte values must have prefix 0 added,
60 the bytes must be separated by ":" char and its length must be
61 exactly 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 = 17 characters.
62 - Nameservers: Comma separated list of nameservers
63 - SearchDomains: Comma separated list of DNS search domains
64 - Timeservers: Comma separated list of timeservers
65 - Domain: Domain name to be used
67 If IPv4 address is missing then DHCP is used. If IPv6 address is missing,
68 then SLAAC or DHCPv6 is used.
70 The following options are valid if Type is "wifi"
71 - Name: A string representation of an 802.11 SSID. If the SSID field is
72 present, the Name field is ignored.
73 - SSID: A hexadecimal representation of an 802.11 SSID. Use this format to
74 encode special characters including starting or ending spaces. If the SSID
75 field is omitted, the Name field is used instead.
76 - EAP: EAP type. We currently only support tls, ttls or peap.
77 - CACertFile: File path to CA certificate file (PEM/DER).
78 - ClientCertFile: File path to client certificate file (PEM/DER).
79 - PrivateKeyFile: File path to client private key file (PEM/DER/PFX).
80 - PrivateKeyPassphrase: Password/passphrase for private key file.
81 - PrivateKeyPassphraseType: We only support the fsid passphrase type for now.
82 This is for private keys generated by using their own filesystem UUID as the
83 passphrase. The PrivateKeyPassphrase field is ignored when this field is set
85 - Identity: Identity string for EAP.
86 - Phase2: Phase2 (inner authentication with TLS tunnel) authentication method.
87 Prefix the value with "EAP-" to indicate the usage of an EAP-based inner
88 authentication method (should only be used with EAP = TTLS).
89 - Passphrase: RSN/WPA/WPA2 Passphrase
90 - Security: The security type of the network. Possible values are 'psk'
91 (WPA/WPA2 PSK), 'ieee8021x' (WPA EAP), 'none' and 'wep'. When not set, the
92 default value is 'ieee8021x' if an EAP type is configured, 'psk' if a
93 passphrase is present and 'none' otherwise.
94 - Hidden: If set to true, then this AP is hidden. If missing or set to false,
95 then AP is not hidden.
101 This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
102 EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid
103 and the file name is example.config.
105 Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
106 746c735f73736964"). If your SSID does not contain any exotic character then
107 you should use the Name entry instead (e.g. "Name = tls_ssid").
109 example@example:[~]$ cat /var/lib/connman/example.config
112 Description = Example network configuration
116 SSID = 746c735f73736964
118 CACertFile = /home/user/.certs/ca.pem
119 ClientCertFile = /home/user/devlp/.certs/client.pem
120 PrivateKeyFile = /home/user/.certs/client.fsid.pem
121 PrivateKeyPassphraseType = fsid
128 CACertFile = /home/user/.cert/ca.pem
136 CACertFile = /home/user/.cert/ca.pem
140 [service_home_ethernet]
142 IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
143 IPv6 = 2001:db8::42/64/2001:db8::1
144 MAC = 01:02:03:04:05:06
145 Nameservers = 10.2.3.4,192.168.1.99
146 SearchDomains = my.home,isp.net
147 Timeservers = 10.172.2.1,ntp.my.isp.net
154 IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
155 MAC = 06:05:04:03:02:01