Connection Manager
******************
-Copyright (C) 2007-2010 Intel Corporation. All rights reserved.
+Copyright (C) 2007-2012 Intel Corporation. All rights reserved.
Functionality and features
The following features are built-in into Connection Manager:
- Generic plugin infrastructure
- Device and network abstraction (with basic storage support)
- - IPv4, routing and DNS configuration
- - DNS Proxy
+ - IPv4, IPv4-LL (link-local) and DHCP
+ - IPv6, DHCPv6 and 6to4 tunnels
+ - Advanced routing and DNS configuration
+ - Built-in DNS proxy and intelligent caching
+ - Built-in WISPr hotspot logins and portal detection
+ - Time and timezone configuration (manual and automatic with NTP)
+ - Proxy handling (manual and automatic with WPAD)
+ - Tethering support (USB, Bluetooth and WiFi AP mode)
+ - Detailed statistics handling (home and roaming)
Various plugins can be enabled for networking support:
- Ethernet plugin
- - WiFi plugin with WEP40/WEP128 and WPA/WPA2 (personal only) support
- - Bluetooth plugin
+ - WiFi plugin with WEP40/WEP128 and WPA/WPA2 (personal and enterprise)
+ - Bluetooth plugin (using BlueZ)
+ - 2G/3G/4G plugin (using oFono)
Also plugins with additional features are available:
- - Loopback setup
- - PolicyKit support
+ - Loopback interface setup
+ - PACrunner proxy handling
+ - PolicyKit authorization support
+
+Note that when ConnMan starts, it clears all network interfaces that are
+going to be used. If this is not desired, network interfaces can be ignored
+either by setting NetworkInterfaceBlacklist in the main.conf config file or
+by using the -I command line option.
Compilation and installation
- GCC compiler
- GLib library
- D-Bus library
+ - IP-Tables library
+ - GnuTLS library (optional)
- PolicyKit (optional)
+ - readline (command line client)
To configure run:
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make && make install
-VPN
-===
+Configuration and options
+=========================
-In order to compile pptp and l2tp VPN plugins, you need ppp development
-package.
+For a working system, certain configuration options need to be enabled:
-To run l2tp you will need
- - xl2tpd, http://www.xelerance.com/services/software/xl2tpd
+ --disable-ethernet
-To run pptp you will need
- - pptp client, http://pptpclient.sourceforge.net
+ Disable support for Ethernet network cards
-Both l2tp and pptp also need pppd.
+ By default Ethernet technology support is built-in and
+ enabled. This option can be used to build a small daemon
+ for a specific system if Ethernet support is not required.
+ --disable-wifi
-Configuration and options
-=========================
+ Disable support for WiFi devices
-For a working system, certain configuration options need to be enabled:
+ By default WiFi technology support is built-in and
+ enabled. This option can be used to build a small daemon
+ for a specific system if WiFi support is not required.
+
+ It is safe to build a daemon with WiFi support and no
+ running wpa_supplicant. The start of wpa_supplicant is
+ automatically detected and only a runtime dependency. It
+ is not needed to build ConnMan.
+
+ --disable-bluetooth
+
+ Disable support for Bluetooth devices
+
+ By default Bluetooth technology support is built-in and
+ enabled. This option can be used to build a small daemon
+ for a specific system if Bluetooth support is not required.
+
+ It is safe to build a daemon with Bluetooth support and no
+ running bluetoothd. The start of bluetoothd is automatically
+ detected and only a runtime dependency. It is not needed to
+ build ConnMan.
+
+ --disable-ofono
+
+ Disable support for cellular 2G/3G/4G devices
- --enable-ethernet
+ By default oFono technology support is built-in and
+ enabled. This option can be used to build a small daemon
+ for a specific system where oFono is not used.
- Enable support for Ethernet network cards
+ It is safe to build a daemon with oFono support and no
+ running ofonod. That start of ofonod is automatically
+ detected and only a runtime dependency. It is not needed to
+ build ConnMan.
- --enable-wifi
+ --disable-dundee
- Enable support for WiFi devices (requires wpa_supplicant)
+ Disable support for Bluetooth DUN devices
+ By default Bluetooth DUN technology (dundee) support is
+ built-in and enabled. This option can be used to build a
+ small daemon for a specific system where dundee is not used.
- --enable-bluetooth
+ It is safe to build a daemon with dundee support and no
+ running dundee. That start of dundee is automatically
+ detected and only a runtime dependency. It is not needed to
+ build ConnMan.
- Enable support for Bluetooth devices (requires BlueZ)
+ --disable-pacrunner
- --enable-loopback
+ Disable support for PACrunner proxy handling
- Enable setup of loopback device
+ By default PACrunner support is built-in and enabled. This
+ option can be used to build a small daemon for a specific
+ system where PACrunner is not used.
+
+ It is safe to build a daemon with PACrunner support and no
+ pacrunner daemon. It will detect and start a PACrunner
+ process if needed at runtime. The presence is not needed
+ to build ConnMan.
+
+ --disable-loopback
+
+ Disable setup of loopback device
For distributions with a really minimal init system and no
networking scripts this can take care of setting up the
loopback device and enabling it.
- It is safe to select this option even if networking scripts
- are in place. It detects an already configured loopback
- device and leaves it as it is.
+ It is safe to leave this selected even if networking
+ scripts are in place. It detects an already configured
+ loopback device and leaves it as it is.
+
+ --disable-wispr
+
+ Disable support for WISPr hotspot logins
+
+ For systems with really minimal memory requirements, this
+ will disable the support for WISPr hotspot logins. The code
+ for WISPr will be still compiled into the daemon, but its
+ requirement on GnuTLS for secure connections will be lifted.
+
+ The missing GnuTLS support shrinks the memory requirements
+ by about 30% and for systems that are more stationary and do
+ not log into hotspots this might be a better trade off.
+
+ Disabling WISPr support is not disabling the portal detection
+ support. A portal will still be detected, but instead of being
+ asked for login credentials, the request for a browser session
+ will be made through the agent.
--enable-polkit
This allows to check every D-Bus access against a security
policy and so restrict access to certain functionality.
+ --enable-nmcompat
+
+ Enable support for NetworkManager compatibility interfaces
+
+ This allows to expose a minimal set of NetworkManager
+ interfaces. It is useful for systems with applications
+ written to use NetworkManager to detect online/offline
+ status and have not yet been converted to use ConnMan.
+
+ --disable-client
+
+ Disable support for the command line client
+
+ By default the command line client is enabled and uses the
+ readline library. For specific systems where ConnMan is
+ configured by other means, the command line client can be
+ disabled and the dependency on readline is removed.
+
+ --enable-selinux
+
+ Enable support for compiling SElinux type enforcement rules
+
+ The TE rules are needed if host environment is in enforcing
+ mode. Without this option, the VPN client process cannot
+ send notification to connman-vpnd via net.connman.Task
+ interface. The compiled connman-task.pp module needs to
+ also installed using this command
+ # semodule -i connman-task.pp
+ in order to enable the dbus access.
+
+
+Activating debugging
+====================
+
+One can activate debugging prints in ConnMan using -d command line option.
+If the -d option has no parameters, then debugging is activated for all
+source code files. If the -d option has parameters, they tell which source
+code files have debugging activated. One can use wild cards in file names.
+Example:
+ -d Activate all normal debug prints
+ -d src/service.c This prints debugging info from src/service.c
+ file only
+ -d src/network.c:src/ipconfig.c
+ This activates debug prints in src/network.c
+ and src/ipconfig.c files.
+ -d 'src/n*.c' This would activate debug print from all the C source
+ files starting with letter 'n' in src directory.
+ Note the quotation marks around option, that is to
+ prevent shell expansion.
+ -d '*/n*.c:*/i*.c' Activate debug prints for all C source files starting
+ with letters 'n' or 'i' in any sub-directory.
+
+Some components of ConnMan have environment variable activated debug prints.
+If the environment variable is set, then corresponding component will print
+some extra debugging information.
+Following environment variables can be used:
+ CONNMAN_DHCP_DEBUG DHCPv4 related debug information
+ CONNMAN_DHCPV6_DEBUG DHCPv6 related debug information
+ CONNMAN_IPTABLES_DEBUG Extra information when iptables is used
+ CONNMAN_RESOLV_DEBUG Name resolver debug prints. These debug prints
+ are used when ConnMan resolves host names for
+ its own use.
+ Note that the DNS proxy debug prints do not
+ use this environment variable. For that, one
+ can use "-d src/dnsproxy.c" command line option.
+ CONNMAN_SUPPLICANT_DEBUG Debugging prints for communication between
+ connmand and wpa_supplicant processes.
+ CONNMAN_WEB_DEBUG Debug information when ConnMan does Internet
+ connectivity check in Wispr and 6to4 components.
+
+Example:
+ CONNMAN_WEB_DEBUG=1 src/connmand -n
+
+
+Kernel configuration
+====================
+
+In order to support tethering, the following kernel configuration options
+need to be enabled either as modules (m) or builtin (y):
+
+CONFIG_BRIDGE
+CONFIG_IP_NF_TARGET_MASQUERADE
+
+In order to enable CONFIG_IP_NF_TARGET_MASQUERADE, the following options need
+to be enabled also as modules (m) or builtin (y):
+
+CONFIG_NETFILTER
+CONFIG_NF_CONNTRACK_IPV4
+CONFIG_NF_NAT_IPV4
+
+
+wpa_supplicant configuration
+============================
+
+In order to get wpa_supplicant and Connection Manager working properly
+together you should edit wpa_supplicant .config file and set:
+
+CONFIG_WPS=y
+CONFIG_AP=y
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+and, add:
+
+CONFIG_BGSCAN_SIMPLE=y
+
+This last option will enable the support of background scanning while being
+connected, which is necessary when roaming on wifi.
+
+It is recommended to use wpa_supplicant 0.8.x or 1.x or later.
+
+
+VPN
+===
+
+In order to compile pptp and l2tp VPN plugins, you need ppp development
+package.
+
+To run l2tp you will need
+ - xl2tpd, http://www.xelerance.com/services/software/xl2tpd
+
+To run pptp you will need
+ - pptp client, http://pptpclient.sourceforge.net
+
+Both l2tp and pptp also need pppd.
+
+
+OpenVPN
+=======
+
+Up to version 2.2 of OpenVPN, pushing additional routes from the
+server will not always work. Some of the symptons are that additional
+routes will not be set by ConnMan if the uplink is a cellular
+network. While the same setup works well for a WiFi or ethernet
+uplink.
+
+
+Information
+===========
+
+Mailing list:
+ connman@connman.net
+
+For additional information about the project visit ConnMan web site:
+ http://www.connman.net