Provided by: connman_1.36-2build1_amd64 bug


       service-name.config - ConnMan service provisioning file




       ConnMan's  services  are configured with so called "provisioning files" which reside under
       /var/lib/connman/.  The files can be named anything, as long as they end in .config.   The
       provisioning  files  can  be  used to configure for example secured wireless access points
       which need complex authentication, for example eduroam, or for static IPs and so on.  Each
       provisioning file can be used for multiple services at once.


       The  configuration file consists of sections (groups) of key-value pairs.  Lines beginning
       with a '#' and blank lines are considered comments.  Sections are started by a header line
       containing  the  section enclosed in '[' and ']', and ended implicitly by the start of the
       next section or the end of the file. Each key-value pair must be contained in a section.

       Description of sections and available keys follows:

       This section is optional, and can be used to describe the actual  file.  The  two  allowed
       fields for this section are:

              Name of the network.

              Description of the network.

       Each  provisioned  service must start with a [service_*] tag, with * replaced by an unique
       name within the file.  The allowed fields are:

       Type=ethernet | wifi
              Mandatory. Other types than ethernet or wifi are not supported.

       IPv4=off | dhcp | network/netmask/gateway
              IPv4 settings for the service. If set to off, IPv4 won't be used.  If set to  dhcp,
              dhcp  will  be  used  to  obtain the network settings.  netmask can be specified as
              length of the mask rather than the mask itself. The gateway  can  be  omitted  when
              using a static IP.

       IPv6=off | auto | network/prefixlength/gateway
              IPv6  settings for the service. If set to off, IPv6 won't be used.  If set to auto,
              settings will be obtained from the network.

       IPv6.Privacy=disabled | enabled | preferred
              IPv6 privacy settings as per RFC3041.

              MAC address of the interface  to  be  used.  If  not  specified,  the  first  found
              interface is used. Must be in format ab:cd:ef:01:23:45.

              Comma separated list of nameservers.

              Comma separated list of DNS search domains.

              Comma separated list of timeservers.

              Domain name to be used.

       The following keys can only be used for wireless networks:

              A  string representation of an network SSID. If the SSID field is present, the Name
              field is ignored. If the SSID field is not present, this field is mandatory.

              SSID: A hexadecimal representation of an 802.11 SSID. Use  this  format  to  encode
              special characters including starting or ending spaces.

              RSN/WPA/WPA2 Passphrase.

              The security type of the network. Possible values are psk (WPA/WPA2 PSK), ieee8021x
              (WPA EAP), none and wep.  When not set, the default value is ieee8021x  if  an  EAP
              type is configured, psk if a passphrase is present and none otherwise.

       Hidden=true | false
              If  set to true, then this AP is hidden. If missing or set to false, then AP is not

       The following keys are used for WPA EAP (when Security=ieee8021x):

       EAP=tls | ttls | peap
              EAP type to use. Only tls, ttls and peap are supported.

              Path to the CA certificate file. Only PEM and DER formats are supported.

              Path to the private key file. Only PEM, DER and PFX formats are supported.

              Passphrase of the private key.

              If specified, use the  private  key's  fsid  as  the  passphrase,  and  ignore  the
              PrivateKeyPassphrase field.

              Identity string for EAP.

              Anonymous identity string for EAP.

              Substring   to  be  matched  against  the  subject  of  the  authentication  server
              certificate for EAP.

              Semicolon separated string of entries to be matched against the alternative subject
              name of the authentication server certificate for EAP.

              Constraint  for  server  domain  name.  If set, this FQDN is used as a suffix match
              requirement for the authentication server certificate for EAP.

              This FQDN is used as  a  full  match  requirement  for  the  authentication  server
              certificate for EAP.

              Inner  authentication type with for EAP=tls or EAP=ttls. Prefix the value with EAP-
              to indicate usage of EAP-based authentication method  (should  only  be  used  with


       This  is  a  configuration  file  for  eduroam  networks.  This  file could for example be
       /var/lib/connman/eduroam.config. Your university's exact settings might be different.

       Type = wifi
       Name = eduroam
       EAP = peap
       Phase2 = MSCHAPV2
       CACertFile = /etc/ssl/certs/UNIV_CA.crt

   Complex networking
       This is a configuration file for  a  network  providing  EAP-TLS,  EAP-TTLS  and  EAP-PEAP
       services.  The  respective  SSIDs  are tls_ssid, ttls_ssid and peap_ssid and the file name
       could be /var/lib/connman/complex.config.

       Please  note  that  the  SSID  entry  is  for  hexadecimal  encoded  SSID  (e.g.  "SSID  =
       746c735f73736964"). If your SSID does not contain any exotic character then you should use
       the Name entry instead (e.g. "Name = tls_ssid").

       Name = Example
       Description = Example network configuration

       Type = wifi
       SSID = 746c735f73736964
       EAP = tls
       CACertFile = /home/user/.certs/ca.pem
       ClientCertFile = /home/user/devlp/.certs/client.pem
       PrivateKeyFile = /home/user/.certs/client.fsid.pem
       PrivateKeyPassphraseType = fsid
       Identity = user

       Type = wifi
       Name = ttls_ssid
       EAP = ttls
       CACertFile = /home/user/.cert/ca.pem
       Phase2 = MSCHAPV2
       Identity = user

       Type = wifi
       Name = peap_ssid
       EAP = peap
       CACertFile = /home/user/.cert/ca.pem
       Phase2 = MSCHAPV2
       Identity = user

       Type = ethernet
       IPv4 =
       IPv6 = 2001:db8::42/64/2001:db8::1
       MAC = 01:02:03:04:05:06
       Nameservers =,
       SearchDomains = my.home,
       Timeservers =,
       Domain = my.home

       Type = wifi
       Name = my_home_wifi
       Passphrase = password
       IPv4 =
       MAC = 06:05:04:03:02:01



                                            2015-10-15                     service-name.config(5)