Provided by: netctl_1.29-1_all bug

NAME

       netctl.profile - Profile options

SYNOPSIS

       netctl.profile

DESCRIPTION

       Profiles for netctl live under /etc/netctl/ and are plain text files. The files consist of
       variable definitions following the bash shell syntax and are not expected to execute any
       code. It is good to omit as much quoting as possible. For a few WPA-related variables,
       special quoting rules (see below) apply.

       The name of the profile is the name of the file. Profile names must not contain newlines
       and should not end in .action, .conf, or .service. Whenever a profile is read, all
       executable scripts in /etc/netctl/hooks/ and any executable script in
       /etc/netctl/interfaces/ with the name of the interface for the profile are sourced. The
       name of the current profile is available via the Profile variable in the environment of
       the sourced scripts. On starting or stopping a profile, the respective command is
       available via the Command variable. Declarations in an interface script override
       declarations in a profile, which override declarations in hooks. For each connection type,
       there are example profile files in /etc/netctl/examples/.

AVAILABLE CONNECTION TYPES

       ethernet
           For wired connections.

       wireless
           For wireless connections. This connection type requires wpa_supplicant to be
           available.

       bond
           For bonded interfaces.

       bridge
           For bridge interfaces.

       dummy
           For dummy interfaces.

       ppp
           For PPP connections (currently only PPPoE).

       pppoe
           For PPPoE connections.

       mobile_ppp
           For mobile broadband PPP connections that use a USB modem.

       openvswitch
           For Open vSwitch bridge interfaces.

       tunnel
           For tunnel interfaces.

       tuntap
           For TUN/TAP interfaces.

       vlan
           For VLANs on ethernet-like connections.

       macvlan
           For MACVLANs on ethernet-like connections.

       wireguard
           For WireGuard interfaces.

GENERAL OPTIONS

       Description=
           A description of the profile.

       Connection= [mandatory for all profiles]
           The connection type used by the profile.

       Interface= [mandatory for all profiles]
           The name of the associated network interface. The interface name should not be quoted.

       BindsToInterfaces=()
           An array of physical network interfaces that this profile needs before it can be
           started. For ‘enabled’ profiles, systemd will wait for the presence of the specified
           interfaces before starting a profile. If this variable is not specified, it defaults
           to the value of Interface=.

       MACAddress=
           Optional MAC address for newly created interfaces. When set to the name of an existing
           interface, the address of that interface is used. The connection types that create an
           interface and are able to set a MAC address are bond, bridge, dummy, vlan, and
           macvlan.

       After=()
           An array of profile names that should be started before this profile is started. This
           is only an ordering dependency and is not intended to be a list of profiles that this
           profile requires. The meaning is the same as After= in systemd.unit(5).

       WaitOnline=
           Set to ‘yes’ to consider the profile activated only when it is online. Defaults to
           ‘no’.

       ExecUpPost=
           A command that is executed after a connection is established. If the specified command
           returns anything other than 0 (success), netctl will abort and stop the profile. If
           the command should be allowed to fail, add ‘|| true’ to the end of it.

       ExecDownPre=
           A command that is executed before a connection is brought down. Similar precautions
           should be taken as with ExecUpPost=.

       TimeoutUp
           Maximum time, in seconds, to wait for an interface to get up. Defaults to ‘5’.

       ForceConnect=
           Set to ‘yes’ to force connecting even if the interface is up. Do not use this unless
           you know what you are doing.

       ExcludeAuto=
           Whether or not to exclude this profile from automatic profile selection. Defaults to
           ‘no’ for wireless and DHCP enabled connections and to ‘yes’ otherwise.

       NETCTL_DEBUG=
           Set to ‘yes’ to generate debugging output.

IP OPTIONS

       These options apply to all connections that set up an IP-enabled network. In particular,
       these connection types are ethernet, wireless, bond, bridge, tunnel, tuntap, and vlan.

       IP= [mandatory for IPv4]
           One of ‘static’, ‘dhcp’, or ‘no’, depending on the desired way of obtaining an
           address.

       IP6= [mandatory for IPv6]
           One of ‘static’, ‘stateless’, ‘dhcp-noaddr’, ‘dhcp’, ‘no’ or left out (empty)
           altogether. The difference between not specifying and setting to ‘no’ is in the
           handling of router advertisement packages, which is blocked by ‘no’.

       Address=() [requires IP=static]
           An array of IP addresses suffixed with ‘/<netmask>’. Leaving out brackets for arrays
           consisting of a single element is accepted in the Bash syntax.

       Gateway= [requires IP=static]
           An IP routing gateway address.

       Routes=()
           An array of custom routes of the form

           ‘<address range> via <gateway>’.

       Address6=() [requires IP6=static or IP6=stateless]
           An array of IPv6 addresses. Prefix length may be specified via ‘1234:bcd::11/64’
           syntax. It is possible to specify modifiers, in particular, ‘1234:bcd::11/64 nodad’
           disables Duplicate Address Detection for the address.

       Gateway6= [requires IP6=static or IP6=stateless]
           An IPv6 routing gateway address.

       Routes6=()
           An array of custom routes of the form

           ‘<address range> via <gateway>’.

       DHCPClient= [requires IP=dhcp]
           The name of the DHCP client to use. By default, netctl comes with support for ‘dhcpcd’
           and ‘dhclient’. Clients may accept additional options through client-specific
           variables. Command line options for dhcpcd(8) are read from DhcpcdOptions= (defaults
           to ‘-L’). Command line options for dhclient(8) are read from DhclientOptions=.
           Defaults to ‘dhcpcd’.

       DHCP6Client= [requires IP6=dhcp or IP6=dhcp-noaddr]
           The name of the DHCPv6 client to use. By default, ‘dhcpcd’ and ‘dhclient’ are
           supported. Command line options for the IPv6 instance of dhcpcd(8) are read from
           DhcpcdOptions6=. Command line options for the IPv6 instance of dhclient(8) are read
           from DhclientOptions6=. Defaults to ‘dhclient’.

       DHCPReleaseOnStop=
           Set to ‘yes’ to release the DHCP lease when the profile is stopped.

       IPCustom=()
           An array of argument lines to pass to ip. This can be used to achieve complicated
           configurations within the framework of netctl.

       Hostname=
           A transient hostname for the system.

       DNS=()
           An array of DNS nameservers. Simply specify the IP addresses of each of the DNS
           nameservers.

       DNSDomain=
           A ‘domain’ line for /etc/resolv.conf, passed to resolvconf(5).

       DNSSearch=
           A ‘search’ line for /etc/resolv.conf, passed to resolvconf(5).

       DNSOptions=()
           An array of ‘options’ lines for /etc/resolv.conf, passed to resolvconf(5).

       TimeoutDHCP=
           Maximum time, in seconds, to wait for DHCP to be successful. Defaults to ‘30’.

       TimeoutDAD=
           Maximum time, in seconds, to wait for IPv6’s Duplicate Address Detection to succeed.
           Defaults to ‘3’.

       SkipDAD=
           Whether or not to bypass Duplicate Address Detection altogether. Defaults to ‘no’.

OPTIONS FOR ‘ETHERNET’ CONNECTIONS

       Next to the ip options, the following are understood for connections of the ‘ethernet’
       type:

       Auth8021X=
           Set to ‘yes’ to use 802.1x authentication.

       WPAConfigFile=
           Path to a wpa_supplicant configuration file. Defaults to /etc/wpa_supplicant.conf.

       WPADriver=
           The wpa_supplicant driver to use for 802.1x authentication. Defaults to ‘wired’.

       TimeoutCarrier=
           Maximum time, in seconds, to wait for a carrier. Defaults to ‘5’.

       TimeoutWPA=
           Maximum time, in seconds, to wait for 802.1x authentication to succeed. Defaults to
           ‘15’.

       SkipNoCarrier=
           Whether or not the absence of a carrier (plugged-in cable) is acceptable. Defaults to
           ‘no’.

       Priority=
           Priority level of the profile. In case of automatic profile selection, profiles are
           tried in decreasing order of priority. Defaults to ‘1’ in DHCP enabled profiles and to
           ‘0’ otherwise.

OPTIONS FOR ‘WIRELESS’ CONNECTIONS

       Next to the ip options, the following are understood for connections of the ‘wireless’
       type:

       Security=
           One of ‘none’, ‘wep’, ‘wpa’, ‘wpa-configsection’, or ‘wpa-config’. Defaults to ‘none’.

       ESSID= [mandatory]
           The name of the network to connect to. Special quoting rules (see below) apply.

       AP=
           The BSSID (MAC address) of the access point to connect to.

       Key=
           The secret key to a WEP, or WPA encrypted network. Special quoting rules (see below)
           apply.

       Hidden=
           Whether or not the specified network is a hidden network. Defaults to ‘no’.

       AdHoc=
           Whether or not to use ad-hoc mode. Defaults to ‘no’.

       ScanFrequencies=
           A space-separated list of frequencies in MHz to scan when searching for the network.
           Defaults to all available frequencies.

       Frequency=
           A frequency in MHz to use in ad-hoc mode when a new IBSS is created (i.e. the network
           is not already present).

       Priority=
           Priority group for the network. In case of automatic profile selection, the matched
           network with the highest priority will be selected. Defaults to ‘0’.

       WPAConfigSection=() [mandatory for Security=wpa-configsection]
           Array of lines that form a network block for wpa_supplicant. All of the above options
           will be ignored.

       WPAConfigFile=
           Path to a wpa_supplicant configuration file. Used only for Security=wpa-config. All
           options except WPADriver=, TimeoutWPA=, and RFKill= will be ignored. The profile is
           excluded from automatic profile selection. Defaults to /etc/wpa_supplicant.conf.

       Country=
           The country for which frequency regulations will be enforced.

       WPAGroup=
           Group that has the authority to configure wpa_supplicant via its control interface.
           Defaults to ‘systemd-network’.

       WPADriver=
           The wpa_supplicant driver to use. Defaults to ‘nl80211,wext’.

       TimeoutWPA=
           Maximum time, in seconds, to wait for steps in the association and authentication to
           succeed. Defaults to ‘15’.

       RFKill=
           The name of an rfkill device. When specified, the device is used to block/unblock the
           interface when appropriate. Names can be found in /sys/class/rfkill/rfkillX/name. It
           is also possible to set this variable to ‘auto’. In that case an rfkill device that is
           associated with the network interface is used.

OPTIONS FOR ‘BOND’ CONNECTIONS

       The interfaces of BindsToInterfaces= are bound together in the interface named by
       Interface=. Next to the ip options, the following is understood for connections of the
       ‘bond’ type:

       Mode=
           The bonding policy. See the kernel documentation on bonding for details.

       LinkOptions=
           Additional options to be passed to ip link. Run ip link add type bond help to see the
           available options.

OPTIONS FOR ‘BRIDGE’ CONNECTIONS

       The interfaces of BindsToInterfaces= take part in the bridge named by Interface=. Next to
       the ip options, the following is understood for connections of the ‘bridge’ type:

       SkipForwardingDelay=
           Skip (R)STP and immediately activate all bridge members. This can be useful when DHCP
           is used on the bridge.

       LinkOptions=
           Additional options to be passed to ip link. Run ip link add type bridge help to see
           the available options.

OPTIONS FOR ‘DUMMY’ CONNECTIONS

       The name of the dummy interface is specified in Interface=. Only the ip options are
       understood for connections of the ‘dummy’ type.

OPTIONS FOR ‘PPP’ CONNECTIONS

       This connection type is identical to the ‘pppoe’ type below, with the ethernet interface
       specified in BindsToInterfaces=. The value of Interface= must be of the form ‘ppp<n>’,
       where n is passed on to PPPUnit=.

OPTIONS FOR ‘PPPOE’ CONNECTIONS

       The interface to dial peer-to-peer over ethernet is specified in Interface=. The following
       options are understood for connections of the ‘pppoe’ type:

       User= and Password=
           The username and password to connect with.

       ConnectionMode=
           One of ‘persist’ or ‘demand’, depending on how a connection should be established.
           Defaults to ‘persist’.

       IdleTimeout= [requires ConnectionMode=demand]
           The idle time (in seconds) after which the PPP daemon should disconnect.

       MaxFail=
           The number of consecutive failed connection attempts to tolerate. A value of 0 means
           no limit. Defaults to ‘5’.

       DefaultRoute=
           Whether or not to use the default route provided by the peer. Defaults to ‘yes’.

       UsePeerDNS=
           Whether or not to use the DNS servers provided by the peer. Defaults to ‘yes’.

       PPPUnit=
           The PPP unit number in the interface name (‘ppp0’, ‘ppp1’, etc.).

       LCPEchoInterval= and LCPEchoFailure=
           These options override default LCP parameters from ‘/etc/ppp/options’.

       OptionsFile=
           A file to read additional pppd(8) options from.

       The following advanced options are also understood:

       PPPoEService=
           The PPPoE service name.

       PPPoEAC=
           The PPPoE access concentrator name.

       PPPoESession=
           An existing session to attach to. This option is of the form ‘sessid:macaddr’.

       PPPoEMAC=
           A MAC address to restrict the connection to.

       PPPoEIP6=
           Whether or not to enable IPv6CP and IPv6 protocols. When set to ‘no’, IPv6CP
           negotiation and IPv6 communication is explicitly disabled.

OPTIONS FOR ‘MOBILE_PPP’ CONNECTIONS

       The name of the USB serial device is specified in Interface=. The following options are
       understood for connections of the ‘mobile_ppp’ type:

       User= and Password=
           The username and password to connect with. These are unset by default, as they are
           often not required.

       AccessPointName=
           The access point name (APN) to present to the carrier. This is specific to your ISP.

       Pin=
           If your modem requires a PIN to unlock, set it here.

       PhoneNumber
           The number to dial. Defaults to ‘*99#’.

       Mode=
           The connection mode. Can be one of ‘3Gpref’, ‘3Gonly’, ‘GPRSpref’, ‘GPRSonly’, ‘None’,
           or a custom AT^SYSCFG=...  line specified as ‘SYSCFG=...’. This generates AT commands
           specific to certain Huawei modems; all other devices should leave this option unset or
           set to ‘None’.

       Init=
           An initialization string sent to the modem before dialing. This string is sent after
           sending “ATZ”. Defaults to ‘ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0’.

       ChatScript=
           Path to a chat file. If specified, no chat script will be generated and all of the
           above options except User= and Password= will be ignored.

       MaxFail=
           The number of consecutive failed connection attempts to tolerate. A value of 0 means
           no limit. Defaults to ‘5’.

       DefaultRoute=
           Whether or not to use the default route provided by the peer. Defaults to ‘yes’.

       UsePeerDNS=
           Whether or not to use the DNS servers provided by the peer. Defaults to ‘yes’.

       PPPUnit=
           The PPP unit number in the interface name (‘ppp0’, ‘ppp1’, etc.).

       OptionsFile=
           A file to read additional pppd(8) options from.

       RFKill=
           The name of an rfkill device. When specified, the device is used to block/unblock the
           interface when appropriate. Names can be found in /sys/class/rfkill/rfkillX/name.

OPTIONS FOR ‘OPENVSWITCH’ CONNECTIONS

       The interfaces of BindsToInterfaces= take part in the bridge named by Interface=. Only the
       ip options are understood for connections of the ‘openvswitch’ type.

OPTIONS FOR ‘TUNNEL’ CONNECTIONS

       The name of the tunnel interface is specified in Interface=. Next to the ip options, the
       following are understood for connections of the ‘tunnel’ type:

       Mode=
           The tunnel type (e.g. ‘sit’). See ip-tunnel(8) for available modes.

       Local=
           The address of the local end of the tunnel.

       Remote=
           The address of the remote end of the tunnel.

       Key= [requires Mode=gre]
           A key identifying an individual traffic flow within a tunnel.

OPTIONS FOR ‘TUNTAP’ CONNECTIONS

       The name of the tuntap interface is specified in Interface=. Next to the ip options, the
       following are understood for connections of the ‘tuntap’ type:

       Mode=
           Either ‘tun’, or ‘tap’.

       User=
           The owning user of the tun/tap interface.

       Group=
           The owning group of the tun/tap interface.

OPTIONS FOR ‘VLAN’ CONNECTIONS

       The name of the vlan interface is specified in Interface=. The underlying physical
       interface is specified in BindsToInterfaces=. Hence, for vlan profiles, BindsToInterfaces=
       contains the name of a single network interface.

       All options for connections of the ‘ethernet’ type are understood for connections of the
       ‘vlan’ type. Additionally, connections of the ‘vlan’ type must set a vlan identifier using
       VLANID=. See ip(8) for details.

OPTIONS FOR ‘MACVLAN’ CONNECTIONS

       The name of the macvlan interface is specified in Interface=. The underlying physical
       interface is specified in BindsToInterfaces=. Hence, for macvlan profiles,
       BindsToInterfaces= contains the name of a single network interface.

       All options for connections of the ‘ethernet’ type are understood for connections of the
       ‘macvlan’ type. Next to the ip options, the following are understood for connections of
       the ‘macvlan’ type:

       Mode=
           Either ‘bridge’, ‘vepa’, ‘private’, or ‘passthru’. See ip(8) for details.

OPTIONS FOR ‘WIREGUARD’ CONNECTIONS

       The name of the WireGuard interface is specified in Interface=. Next to the ip options,
       the following are understood for connections of the ‘wireguard’ type:

       WGConfigFile=
           Path to a WireGuard configuration file. Defaults to /etc/wireguard/$Interface.conf.

SPECIAL QUOTING RULES

       Configuration files for wpa_supplicant use non-standard quoting. Therefore, non-standard
       quoting rules exist for some variables for connections of the ‘wireless’ type. In
       particular, these variables are ESSID=, and Key=.

       A variable is considered quoted by wpa_supplicant if it is enclosed in double quotes (").
       A variable is considered non-quoted by wpa_supplicant if it does not start with a double
       quote. Hexadecimal values are specified non-quoted in configuration files of
       wpa_supplicant. In netctl, variables are written to wpa_supplicant configuration files
       quoted by default. When special quoting rules apply, it is possible to specify an unquoted
       (hexadecimal) value using a special syntax.

       The special quoting rules of netctl are as follows. A string that starts with a literal
       double quote is considered non-quoted. Any other string is considered quoted. It is
       possible to specify quoted strings that start with a double quote by quoting manually. An
       extreme example is the specification of a quoted double quote: X='""""'. On the other end
       of the spectrum there is the non-quoted backslash: X=\"\\.

       Further examples of quoted strings (all equivalent):

           X=string
           X="string"
           X='""string"'

       Further examples of non-quoted strings (all equivalent):

           X=\"string
           X="\"string"
           X='"string'

       A mnemonic is to think of the prefix ‘\"’ as saying ‘non’-‘quote’.

SEE ALSO

       netctl(1), resolvconf.conf(5)

                                            05/27/2024                          NETCTL.PROFILE(5)