Provided by: iwd_2.8-1ubuntu1_amd64 
NAME
iwd.ap - Configuration of IWD access points
NAME
iwd.ap - Access point provisioning files
SYNOPSIS
Description of access point provisioning files.
DESCRIPTION
An access point provisioning file defines the configuration of an IWD access point. These
files live in $STATE_DIRECTORY/ap (/var/lib/iwd/ap by default). They are read when the
net.connman.iwd.AccessPoint.StartProfile(ssid) DBus method is used.
FILE FORMAT
See iwd.network for details on the settings file syntax.
SETTINGS
The settings are split into several categories. Each category has a group associated with
it and is described in the corresponding table below.
General Settings
The group [General] contains general AP configuration.
┌─────────────┬──────────────────────────────────┐
│Channel │ Channel number │
│ │ │
│ │ Optional channel number for the │
│ │ access point to operate on. If │
│ │ omitted the channel will be │
│ │ chosen automatically. Channels │
│ │ greater than or equal to 36 will │
│ │ select the 5GHz band for the AP │
│ │ to operate on. │
│ │ │
│ │ Note: Due to regulatory │
│ │ requirements the linux kernel │
│ │ does not allow or strictly │
│ │ limits 5GHz use in AP mode while │
│ │ in world roaming. These │
│ │ frequencies become available │
│ │ once the country is set, either │
│ │ via IWD's main.conf option │
│ │ [General].Country (see man │
│ │ iwd.config) or externally (e.g. │
│ │ iw reg set <CC>). If you are │
│ │ having trouble using 5GHz ensure │
│ │ the country is set, and that the │
│ │ desired frequency/channel is │
│ │ unrestricted. │
├─────────────┼──────────────────────────────────┤
│RekeyTimeout │ Timeout for PTK rekeys (seconds) │
│ │ │
│ │ The time interval at which the │
│ │ AP starts a rekey for a given │
│ │ station. If not provided a │
│ │ default value of 0 is used │
│ │ (rekeying is disabled). │
└─────────────┴──────────────────────────────────┘
│DisableHT │ Boolean value │
│ │ │
│ │ Explicitly disable HT │
│ │ capabilities for this AP. │
└─────────────┴──────────────────────────────────┘
Network Authentication Settings
The group [Security] contains settings for Wi-Fi security and authentication
configuration.
┌────────────────┬──────────────────────────────────┐
│Passphrase │ 8..63 character string │
│ │ │
│ │ WPA-PSK Passphrase to be used │
│ │ with this access point. At │
│ │ least one of Passphrase, │
│ │ PreSharedKey must be present. │
├────────────────┼──────────────────────────────────┤
│PreSharedKey │ 64-character hex-string │
│ │ │
│ │ Processed passphrase for this │
│ │ network in the form of a │
│ │ hex-encoded 32-byte pre-shared │
│ │ key. Either this or Passphrase │
│ │ must be present. │
├────────────────┼──────────────────────────────────┤
│PairwiseCiphers │ Comma separated list of pairwise │
│ │ ciphers for the AP supports. │
│ │ │
│ │ Values can include: TKIP, CCMP, │
│ │ GCMP, GCMP-256, CCMP-256 │
│ │ │
│ │ The underlying hardware and │
│ │ IWD's AP implementation must │
│ │ also support the ciphers listed │
├────────────────┼──────────────────────────────────┤
│GroupCipher │ Group cipher the AP uses │
│ │ │
│ │ A single cipher value the AP can │
│ │ use as the group cipher. Values │
│ │ are the same as pairwise ciphers │
│ │ and the same restrictions apply │
│ │ (hardware and IWD implementation │
│ │ must support the cipher) │
└────────────────┴──────────────────────────────────┘
IPv4 Network Configuration
The group [IPv4] contains settings for IWD's built-in DHCP server. All settings are
optional. They're used if network configuration was enabled as described in
iwd.config(5). Omitting the [IPv4] group disables network configuration for this access
point so if an all-defaults DHCP setup is desired, the group header line must still be
present:
# Enable network configuration
[IPv4]
[other groups follow]
┌──────────┬──────────────────────────────────┐
│Address │ Local IP address or a │
│ │ comma-separated list of │
│ │ prefix-notation addresses │
│ │ │
│ │ Optional local address pool for │
│ │ the access point and the DHCP │
│ │ server. If a single address is │
│ │ provided this address will be │
│ │ set on the AP interface and any │
│ │ other DHCP server options will │
│ │ be derived from it if not │
│ │ overridden by other settings │
│ │ below. │
│ │ │
│ │ If a list of addresses and │
│ │ prefix lengths is specified (in │
│ │ the <IP>/<prefix-len> format), a │
│ │ single subnet address will be │
│ │ selected from the available │
│ │ space each time this profile is │
│ │ started. The subnet size is │
│ │ based on the [IPv4].Netmask │
│ │ setting. │
│ │ │
│ │ If Address is not provided and │
│ │ no IP address is set on the │
│ │ interface prior to calling │
│ │ StartProfile the value of the │
│ │ main.conf [IPv4].APAddressPool │
│ │ setting will be inherited, which │
│ │ in turn defaults to │
│ │ 192.168.0.0/16. │
│ │ │
│ │ For example, if [IPv4].Netmask │
│ │ is set to 255.255.255.0 and this │
│ │ setting, or the global │
│ │ APAddressPool fallback, is set │
│ │ to 192.168.0.0/16, 10.0.0.0/22, │
│ │ IWD will select one of the 256 │
│ │ subnets with addresses in the │
│ │ 192.168.<0-255>.0/24 range or │
│ │ one of the 4 subnets with │
│ │ addresses in the 10.0.<0-3>.0/24 │
│ │ range, allowing 270 possible │
│ │ subnets. Defining an address │
│ │ pool larger than the desired │
│ │ subnet gives IWD a chance to │
│ │ avoid conflicts if other │
│ │ interfaces on the system use │
│ │ dynamically assigned addresses. │
├──────────┼──────────────────────────────────┤
│Gateway │ IP Address of gateway │
│ │ │
│ │ IP address of the gateway to be │
│ │ advertised by DHCP. This will │
│ │ fall back to the local IP │
│ │ address if not provided. │
├──────────┼──────────────────────────────────┤
│Netmask │ Local netmask of the AP │
│ │ │
│ │ Defaults to a 28-bit netmask if │
│ │ not provided. │
└──────────┴──────────────────────────────────┘
│DNSList │ List of DNS servers as a │
│ │ comma-separated IP address list │
│ │ │
│ │ A list of DNS servers which will │
│ │ be advertised by the DHCP │
│ │ server. If not provided no DNS │
│ │ servers will be sent by the DHCP │
│ │ server. │
├──────────┼──────────────────────────────────┤
│LeaseTime │ Time limit for DHCP leases in │
│ │ seconds │
│ │ │
│ │ Override the default lease time. │
├──────────┼──────────────────────────────────┤
│IPRange │ Range of IPs given as two │
│ │ addresses separated by a comma │
│ │ │
│ │ From and to addresses of the │
│ │ range assigned to clients │
│ │ through DHCP. If not provided │
│ │ the range from local address + 1 │
│ │ to .254 will be used. │
└──────────┴──────────────────────────────────┘
Wi-Fi Simple Configuration
The group [WSC] fine-tunes some Wi-Fi Simple Configuration local parameters (formerly
known as WPS, Wi-Fi Protected Setup.)
┌──────────────────┬──────────────────────────────────┐
│DeviceName │ 1..32-character string │
│ │ │
│ │ Optional Device Name string for │
│ │ the AP to advertise as. │
│ │ Defaults to the SSID. │
├──────────────────┼──────────────────────────────────┤
│PrimaryDeviceType │ Subcategory string or a 64-bit │
│ │ integer │
│ │ │
│ │ Optional Primary Device Type for │
│ │ the AP to advertise as. │
│ │ Defaults to PC computer. Can be │
│ │ specified as a lower-case WSC │
│ │ v2.0.5 subcategory string or a │
│ │ 64-bit integer encoding, from │
│ │ MSB to LSB: the 16-bit category │
│ │ ID, the 24-bit OUI, the 8-bit │
│ │ OUI type and the 16-bit │
│ │ subcategory ID. │
├──────────────────┼──────────────────────────────────┤
│AuthorizedMACs │ Comma-separated MAC address list │
│ │ │
│ │ Optional list of Authorized MAC │
│ │ addresses for the WSC registrar │
│ │ to check on association. Each │
│ │ address is specified in the │
│ │ colon-hexadecimal notation. │
│ │ Defaults to no MAC-based checks. │
└──────────────────┴──────────────────────────────────┘
SEE ALSO
iwd(8), iwd.network(5)
AUTHOR
James Prestwood <prestwoj@gmail.com>
COPYRIGHT
2020 Intel Corporation