Connman uses configuration files to provision existing services. Connman will
be looking for its configuration files at STORAGEDIR which by default points
-to /var/lib/connman/.
+to /var/lib/connman/. Configuration file names must not include other
+characters than letters or numbers and must have a .config suffix.
Those configuration files are text files with a simple format and we typically
have one file per provisioned network.
+If the config file is removed, then Connman tries to remove the
+provisioned service. If individual service entry inside config is removed,
+then the corresponding provisioned service is removed. If service
+entry is changed, then corresponding service is removed and then
+immediately re-provisioned.
+
Global entry [global]
=====================
The 2 allowed fields for that entry are:
- Name: Name of the network.
- Description: Description of the network.
+- Protected: Configuration protection against being removed, modified or
+overwritten by a Manager.ProvisionService() call. If unset, this value defaults
+to TRUE, i.e. configs are protected by default.
Service entry [service_*]
=========================
Each provisioned service must start with the [service_*] tag. Replace * with
-your service identifier.
-The service identifier can be anything and will be used internally by connman
-to store the different services into an hash table.
+an identifier unique to the config file.
Allowed fields:
- Type: Service type. We currently only support wifi.
-- SSID: An hexadecimal or a string representation of a 802.11 SSID.
-- EAP: EAP type. We currently only support tls or peap.
+- Name: A string representation of an 802.11 SSID. If the SSID field is
+ present, the Name field is ignored.
+- SSID: A hexadecimal representation of an 802.11 SSID. If the SSID field is
+ omitted, the Name field is used instead.
+- EAP: EAP type. We currently only support tls, ttls or peap.
- CACertFile: File path to CA certificate file (PEM/DER).
- ClientCertFile: File path to client certificate file (PEM/DER).
- PrivateKeyFile: File path to client private key file (PEM/DER/PFX).
- PrivateKeyPassphrase: Password/passphrase for private key file.
- PrivateKeyPassphraseType: We only support the fsid passphrase type for now.
-This is for private keys generated by using their own filesystem UUID as the
-passphrase. The PrivateKeyPassphrase field is ignored when this field is set
-to fsid.
+ This is for private keys generated by using their own filesystem UUID as the
+ passphrase. The PrivateKeyPassphrase field is ignored when this field is set
+ to fsid.
- Identity: Identity string for EAP.
-- Phase2: Phase2 (inner authentication with TLS tunnel) parameters.
+- Phase2: Phase2 (inner authentication with TLS tunnel) authentication method.
+ Prefix the value with "EAP-" to indicate the usage of an EAP-based inner
+ authentication method (should only be used with EAP = TTLS).
- Passphrase: RSN/WPA/WPA2 Passphrase
Example
=======
-This is a configuration file for a network providing both EAP-TLS and
+This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
EAP-PEAP services.
-The respective SSIDs are tls_ssid and peap_ssid.
+The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid and the file name
+is example.config.
+Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
+746c735f73736964"). If your SSID does not contain any exotic character then
+you should use the Name entry instead (e.g. "Name = tls_ssid").
+
+example@example:[~]$ cat /var/lib/connman/example.config
[global]
Name = Example
Description = Example network configuration
PrivateKeyPassphraseType = fsid
Identity = user
+[service_ttls]
+Type = wifi
+Name = ttls_ssid
+EAP = ttls
+CACertFile = /home/user/.cert/ca.pem
+Phase2 = MSCHAPV2
+Identity = user
+
[service_peap]
Type = wifi
-SSID = peap_ssid
+Name = peap_ssid
EAP = peap
-CACert = /home/user/.cert/ca.pem
+CACertFile = /home/user/.cert/ca.pem
Phase2 = MSCHAPV2
Identity = user