NAME

       service-name.config - ConnMan service provisioning file

SYNOPSIS

       /var/lib/connman/service-name.config

DESCRIPTION

       ConnMan's  services  are configured with so called "provisioning files" which reside under
       /var/lib/connman/.  The files can be named anything, as long as they end in .config.   The
       provisioning  files  can  be  used to configure for example secured wireless access points
       which need complex authentication, for example eduroam, or for static IPs and so on.  Each
       provisioning file can be used for multiple services at once.

FILE FORMAT

       The  configuration file consists of sections (groups) of key-value pairs.  Lines beginning
       with a '#' and blank lines are considered comments.  Sections are started by a header line
       containing  the  section enclosed in '[' and ']', and ended implicitly by the start of the
       next section or the end of the file. Each key-value pair must be contained in a section.

       Description of sections and available keys follows:

   [global]
       This section is optional, and can be used to describe the actual  file.  The  two  allowed
       fields for this section are:

       Name=name
              Name of the network.

       Description=description
              Description of the network.

   [service_*]
       Each  provisioned  service must start with a [service_*] tag, with * replaced by an unique
       name within the file.  The allowed fields are:

       Type=ethernet | wifi
              Mandatory. Other types than ethernet or wifi are not supported.

       IPv4=off | dhcp | network/netmask/gateway
              IPv4 settings for the service. If set to off, IPv4 won't be used.  If set to  dhcp,
              dhcp  will  be  used  to  obtain the network settings.  netmask can be specified as
              length of the mask rather than the mask itself. The gateway  can  be  omitted  when
              using a static IP.

       IPv6=off | auto | network/prefixlength/gateway
              IPv6  settings for the service. If set to off, IPv6 won't be used.  If set to auto,
              settings will be obtained from the network.

       IPv6.Privacy=disabled | enabled | preferred
              IPv6 privacy settings as per RFC3041.

       MAC=address
              MAC address of the interface  to  be  used.  If  not  specified,  the  first  found
              interface is used. Must be in format ab:cd:ef:01:23:45.

       Nameservers=servers
              Comma separated list of nameservers.

       SearchDomains=domains
              Comma separated list of DNS search domains.

       Timeservers=servers
              Comma separated list of timeservers.

       Domain=domain
              Domain name to be used.

       The following keys can only be used for wireless networks:

       Name=name
              A  string representation of an network SSID. If the SSID field is present, the Name
              field is ignored. If the SSID field is not present, this field is mandatory.

       SSID=ssid
              SSID: A hexadecimal representation of an 802.11 SSID. Use  this  format  to  encode
              special characters including starting or ending spaces.

       Passphrase=passphrase
              RSN/WPA/WPA2 Passphrase.

       Security=type
              The security type of the network. Possible values are psk (WPA/WPA2 PSK), ieee8021x
              (WPA EAP), none and wep.  When not set, the default value is ieee8021x  if  an  EAP
              type is configured, psk if a passphrase is present and none otherwise.

       Hidden=true | false
              If  set to true, then this AP is hidden. If missing or set to false, then AP is not
              hidden.

       The following keys are used for WPA EAP (when Security=ieee8021x):

       EAP=tls | ttls | peap
              EAP type to use. Only tls, ttls and peap are supported.

       CACertFile=file
              Path to the CA certificate file. Only PEM and DER formats are supported.

       PrivateKeyFile=file
              Path to the private key file. Only PEM, DER and PFX formats are supported.

       PrivateKeyPassphrase=passphrase
              Passphrase of the private key.

       PrivateKeyPassphraseType=fsid
              If specified, use the  private  key's  fsid  as  the  passphrase,  and  ignore  the
              PrivateKeyPassphrase field.

       Identity=identity
              Identity string for EAP.

       AnonymousIdentity=identity
              Anonymous identity string for EAP.

       SubjectMatch=substring
              Substring   to  be  matched  against  the  subject  of  the  authentication  server
              certificate for EAP.

       AltSubjectMatch=substring
              Semicolon separated string of entries to be matched against the alternative subject
              name of the authentication server certificate for EAP.

       DomainSuffixMatch=domain
              Constraint  for  server  domain  name.  If set, this FQDN is used as a suffix match
              requirement for the authentication server certificate for EAP.

       DomainMatch=domain
              This FQDN is used as  a  full  match  requirement  for  the  authentication  server
              certificate for EAP.

       Phase2=type
              Inner  authentication type with for EAP=tls or EAP=ttls. Prefix the value with EAP-
              to indicate usage of EAP-based authentication method  (should  only  be  used  with
              EAP=ttls).

EXAMPLE

   Eduroam
       This  is  a  configuration  file  for  eduroam  networks.  This  file could for example be
       /var/lib/connman/eduroam.config. Your university's exact settings might be different.

       [service_eduroam]
       Type = wifi
       Name = eduroam
       EAP = peap
       Phase2 = MSCHAPV2
       CACertFile = /etc/ssl/certs/UNIV_CA.crt

   Complex networking
       This is a configuration file for  a  network  providing  EAP-TLS,  EAP-TTLS  and  EAP-PEAP
       services.  The  respective  SSIDs  are tls_ssid, ttls_ssid and peap_ssid and the file name
       could be /var/lib/connman/complex.config.

       Please  note  that  the  SSID  entry  is  for  hexadecimal  encoded  SSID  (e.g.  "SSID  =
       746c735f73736964"). If your SSID does not contain any exotic character then you should use
       the Name entry instead (e.g. "Name = tls_ssid").

       [global]
       Name = Example
       Description = Example network configuration

       [service_tls]
       Type = wifi
       SSID = 746c735f73736964
       EAP = tls
       CACertFile = /home/user/.certs/ca.pem
       ClientCertFile = /home/user/devlp/.certs/client.pem
       PrivateKeyFile = /home/user/.certs/client.fsid.pem
       PrivateKeyPassphraseType = fsid
       Identity = user

       [service_ttls]
       Type = wifi
       Name = ttls_ssid
       EAP = ttls
       CACertFile = /home/user/.cert/ca.pem
       Phase2 = MSCHAPV2
       Identity = user

       [service_peap]
       Type = wifi
       Name = peap_ssid
       EAP = peap
       CACertFile = /home/user/.cert/ca.pem
       Phase2 = MSCHAPV2
       Identity = user

       [service_home_ethernet]
       Type = ethernet
       IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
       IPv6 = 2001:db8::42/64/2001:db8::1
       MAC = 01:02:03:04:05:06
       Nameservers = 10.2.3.4,192.168.1.99
       SearchDomains = my.home,isp.net
       Timeservers = 10.172.2.1,ntp.my.isp.net
       Domain = my.home

       [service_home_wifi]
       Type = wifi
       Name = my_home_wifi
       Passphrase = password
       IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
       MAC = 06:05:04:03:02:01

SEE ALSO

       connman(8)

                                            2015-10-15                     service-name.config(5)