Provided by: iwd_1.5-1_amd64 
NAME
iwd.network - Network configuration for wireless daemon
SYNOPSIS
Network configuration files .open, .psk and .8021x
DESCRIPTION
iwd stores information on known networks, and reads information on pre-provisioned networks, from small
text configuration files. Those files live in the state directory specified by the environment variable
$STATE_DIRECTORY, which is normally provided by systemd. In the absence of such an environment variable
it defaults to $LIBDIR/iwd, which normally is set to /var/lib/iwd. You can create, modify or remove
those files. iwd monitors the directory for changes and will update its state accordingly. iwd will
also modify these files in the course of network connections or as a result of D-Bus API invocations.
FILE FORMAT
The syntax is similar to that of GNOME keyfile syntax (which is based on the format defined in the
Desktop Entry Specification, see http://freedesktop.org/Standards/desktop-entry-spec). The recognized
groups as well as keys and values in each group are documented here. Defaults are written in bold.
For completeness we include the description of the file syntax here. This is the syntax that the ell
library's l_settings class implements. The syntax is based on lines and lines are delimited by newline
characters.
Empty lines are ignored and whitespace at the beginning of a line is ignored. Comment lines have # as
their first non-whitespace character.
Key-value lines contain a setting key, an equal sign and the value of the setting. Whitespace preceding
the key, the equal sign or the value, is ignored. The key must be a continuous string of alphanumeric
and underscore characters and minus signs only. The value starts at the first non-whitespace character
after the first equal sign on the line and ends at the end of the line and must be correctly
UTF-8-encoded. A boolean value can be true or false but 0 or 1 are also allowed. Integer values are
written in base 10. String values, including file paths and hexstrings, are written as is except for
five characters that may be backslash-escaped: space, \t, \r, \n and backslash itself. The latter three
must be escaped. A space character must be escaped if it is the first character in the value string and
is written as \s.
Settings are interpreted depending on the group they are in. A group starts with a group header line and
contains all settings until the next group's header line. A group header line contains a [ character
followed by the group name and a ] character. Whitespace is allowed before the [ and after the ]. A
group name consists of printable characters other than [ and ].
NAMING
File names are based on the network's SSID and security type: Open, PSK-protected or 802.1x. The name
consist of the encoding of the SSID followed by .open, .psk or .8021x. The SSID appears verbatim in the
name if it contains only alphanumeric characters, spaces, underscores or minus signs. Otherwise it is
encoded as an equal sign followed by the lower-case hex encoding of the name.
SETTINGS
The settings below are split into several sections and grouped into broad categories. Each category has
a group associated with it which is given at the beginning of each sub-section. Recognized keys and
valid values are listed following the group definition.
General Settings
The group [Settings] contains general settings.
───────────────────────────────────────────────────────
AutoConnect Values: true, false
Whether the network can be connected
to automatically
───────────────────────────────────────────────────────
Hidden Values: true, false
Whether the network is hidden, i.e.
its SSID must be included in an
active scan request
───────────────────────────────────────────────────────
│ │ │
--
EXAMPLES
The following are some examples of common configurations
Open Network (Hidden)
[Settings]
Hidden=true
Pre-Shared Key (PSK)
[Security]
Passphrase=secret123
PWD
[Security]
EAP-Method=PWD
EAP-Identity=user@domain.com
EAP-Password=secret123
TLS
[Security]
EAP-Method=TLS
EAP-TLS-ClientCert=/certs/client-cert.pem
EAP-TLS-ClientKey=/certs/client-key.pem
EAP-TLS-CACert=/certs/ca-cert.pem
EAP-TLS-ServerDomainMask=*.domain.com
TTLS + PAP
[Security]
EAP-Method=TTLS
EAP-Identity=open@identity.com
EAP-TTLS-CACert=/certs/ca-cert.pem
EAP-TTLS-Phase2-Method=Tunneled-PAP
EAP-TTLS-Phase2-Identity=username
EAP-TTLS-Phase2-Password=password
EAP-TTLS-ServerDomainMask=*.domain.com
PEAP + MSCHAPv2
[Security]
EAP-Method=PEAP
EAP-Identity=open@identity.com
EAP-PEAP-CACert=/certs/ca-cert.pem
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=username
EAP-PEAP-Phase2-Password=password
EAP-PEAP-ServerDomainMask=*.domain.com
SEE ALSO
iwd(8), iwd.config(5)
AUTHOR
Marcel Holtmann <marcel@holtmann.org>, Denis Kenzior <denkenz@gmail.com>, Andrew Zaborowski
<andrew.zaborowski@intel.com>, Tim Kourt <tim.a.kourt@linux.intel.com>, James Prestwood
<prestwoj@gmail.com>
COPYRIGHT
2013-2019 Intel Corporation
iwd 22 September 2019 IWD.NETWORK(5)