Provided by: connman_1.41-3_amd64 bug

NAME

       service-name.config - ConnMan service provisioning file

SYNOPSIS

       /var/lib/connman/service-name.config

DESCRIPTION

       ConnMan's  services  are configured with so called "provisioning files" which reside under
       /var/lib/connman/.  The files can be named anything, as long as they end in .config.   The
       provisioning  files  can  be  used to configure for example secured wireless access points
       which need complex authentication, for example eduroam, or for static IPs and so on.  Each
       provisioning file can be used for multiple services at once.

FILE FORMAT

       The  configuration file consists of sections (groups) of key-value pairs.  Lines beginning
       with a '#' and blank lines are considered comments.  Sections are started by a header line
       containing  the  section enclosed in '[' and ']', and ended implicitly by the start of the
       next section or the end of the file. Each key-value pair must be contained in a section.

       Description of sections and available keys follows:

   [global]
       This section is optional, and can be used to describe the actual  file.  The  two  allowed
       fields for this section are:

       Name=name
              Name of the network.

       Description=description
              Description of the network.

   [service_*]
       Each  provisioned  service must start with a [service_*] tag, with * replaced by an unique
       name within the file.  The allowed fields are:

       Type=ethernet | wifi
              Mandatory. Other types than ethernet or wifi are not supported.

       IPv4=off | dhcp | network/netmask/gateway
              IPv4 settings for the service. If set to off, IPv4 won't be used.  If set to  dhcp,
              dhcp  will  be  used  to  obtain the network settings.  netmask can be specified as
              length of the mask rather than the mask itself. The gateway  can  be  omitted  when
              using a static IP.

       IPv6=off | auto | network/prefixlength/gateway
              IPv6  settings for the service. If set to off, IPv6 won't be used.  If set to auto,
              settings will be obtained from the network.

       IPv6.Privacy=disabled | enabled | preferred
              IPv6 privacy settings as per RFC3041.

       MAC=address
              MAC address of the interface  to  be  used.  If  not  specified,  the  first  found
              interface is used. Must be in format ab:cd:ef:01:23:45.

       DeviceName=ifname
              Device  name  the  interface  to  be  used,  e.g.  eth0.  MAC takes preference over
              DeviceName.

       Nameservers=servers
              Comma separated list of nameservers.

       SearchDomains=domains
              Comma separated list of DNS search domains.

       Timeservers=servers
              Comma separated list of timeservers.

       Domain=domain
              Domain name to be used.

       The following keys can only be used for wireless networks:

       Name=name
              A string representation of an network SSID. If the SSID field is present, the  Name
              field is ignored. If the SSID field is not present, this field is mandatory.

       SSID=ssid
              SSID:  A  hexadecimal  representation  of an 802.11 SSID. Use this format to encode
              special characters including starting or ending spaces.

       Passphrase=passphrase
              RSN/WPA/WPA2 Passphrase.

       Security=type
              The security type of the network. Possible values are psk (WPA/WPA2 PSK), ieee8021x
              (WPA  EAP),  none  and wep.  When not set, the default value is ieee8021x if an EAP
              type is configured, psk if a passphrase is present and none otherwise.

       Hidden=true | false
              If set to true, then this AP is hidden. If missing or set to false, then AP is  not
              hidden.

       The following keys are used for WPA EAP (when Security=ieee8021x):

       EAP=tls | ttls | peap
              EAP type to use. Only tls, ttls and peap are supported.

       CACertFile=file
              Path to the CA certificate file. Only PEM and DER formats are supported.

       PrivateKeyFile=file
              Path to the private key file. Only PEM, DER and PFX formats are supported.

       PrivateKeyPassphrase=passphrase
              Passphrase of the private key.

       PrivateKeyPassphraseType=fsid
              If  specified,  use  the  private  key's  fsid  as  the  passphrase, and ignore the
              PrivateKeyPassphrase field.

       Identity=identity
              Identity string for EAP.

       AnonymousIdentity=identity
              Anonymous identity string for EAP.

       SubjectMatch=substring
              Substring  to  be  matched  against  the  subject  of  the  authentication   server
              certificate for EAP.

       AltSubjectMatch=substring
              Semicolon separated string of entries to be matched against the alternative subject
              name of the authentication server certificate for EAP.

       DomainSuffixMatch=domain
              Constraint for server domain name. If set, this FQDN is  used  as  a  suffix  match
              requirement for the authentication server certificate for EAP.

       DomainMatch=domain
              This  FQDN  is  used  as  a  full  match  requirement for the authentication server
              certificate for EAP.

       Phase2=type
              Inner authentication type with for EAP=tls or EAP=ttls. Prefix the value with  EAP-
              to  indicate  usage  of  EAP-based  authentication method (should only be used with
              EAP=ttls).

EXAMPLE

   Eduroam
       This is a configuration file  for  eduroam  networks.  This  file  could  for  example  be
       /var/lib/connman/eduroam.config. Your university's exact settings might be different.

       [service_eduroam]
       Type = wifi
       Name = eduroam
       EAP = peap
       Phase2 = MSCHAPV2
       CACertFile = /etc/ssl/certs/UNIV_CA.crt

   Complex networking
       This  is  a  configuration  file  for  a  network providing EAP-TLS, EAP-TTLS and EAP-PEAP
       services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid  and  the  file  name
       could be /var/lib/connman/complex.config.

       Please  note  that  the  SSID  entry  is  for  hexadecimal  encoded  SSID  (e.g.  "SSID  =
       746c735f73736964"). If your SSID does not contain any exotic character then you should use
       the Name entry instead (e.g. "Name = tls_ssid").

       [global]
       Name = Example
       Description = Example network configuration

       [service_tls]
       Type = wifi
       SSID = 746c735f73736964
       EAP = tls
       CACertFile = /home/user/.certs/ca.pem
       ClientCertFile = /home/user/devlp/.certs/client.pem
       PrivateKeyFile = /home/user/.certs/client.fsid.pem
       PrivateKeyPassphraseType = fsid
       Identity = user

       [service_ttls]
       Type = wifi
       Name = ttls_ssid
       EAP = ttls
       CACertFile = /home/user/.cert/ca.pem
       Phase2 = MSCHAPV2
       Identity = user

       [service_peap]
       Type = wifi
       Name = peap_ssid
       EAP = peap
       CACertFile = /home/user/.cert/ca.pem
       Phase2 = MSCHAPV2
       Identity = user

       [service_home_ethernet]
       Type = ethernet
       IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
       IPv6 = 2001:db8::42/64/2001:db8::1
       MAC = 01:02:03:04:05:06
       Nameservers = 10.2.3.4,192.168.1.99
       SearchDomains = my.home,isp.net
       Timeservers = 10.172.2.1,ntp.my.isp.net
       Domain = my.home

       [service_home_wifi]
       Type = wifi
       Name = my_home_wifi
       Passphrase = password
       IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
       MAC = 06:05:04:03:02:01

       [service_vlan]
       Type = ethernet
       DeviceName = enp4s0.1
       IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1

SEE ALSO

       connman(8)

                                            2015-10-15                     service-name.config(5)