| Connman configuration file format |
| ********************************* |
| |
| Connman uses configuration files to provision existing services. Connman will |
| be looking for its configuration files at STORAGEDIR which by default points |
| to /var/lib/connman/. Configuration file names must not include other |
| characters than letters or numbers and must have a .config suffix. |
| Those configuration files are text files with a simple format and we typically |
| have one file per provisioned network. |
| |
| If the config file is removed, then Connman tries to remove the |
| provisioned service. If individual service entry inside config is removed, |
| then the corresponding provisioned service is removed. If service |
| entry is changed, then corresponding service is removed and then |
| immediately re-provisioned. |
| |
| |
| Global entry [global] |
| ===================== |
| |
| These files can have an optional global entry describing the actual file. |
| The 2 allowed fields for that entry are: |
| - Name: Name of the network. |
| - Description: Description of the network. |
| - Protected: Configuration protection against being removed, modified or |
| overwritten by a Manager.ProvisionService() call. If unset, this value defaults |
| to TRUE, i.e. configs are protected by default. |
| |
| |
| Service entry [service_*] |
| ========================= |
| |
| Each provisioned service must start with the [service_*] tag. Replace * with |
| an identifier unique to the config file. |
| |
| Allowed fields: |
| - Type: Service type. We currently only support wifi. |
| - Name: A string representation of an 802.11 SSID. If the SSID field is |
| present, the Name field is ignored. |
| - SSID: A hexadecimal representation of an 802.11 SSID. If the SSID field is |
| omitted, the Name field is used instead. |
| - EAP: EAP type. We currently only support tls, ttls or peap. |
| - CACertFile: File path to CA certificate file (PEM/DER). |
| - ClientCertFile: File path to client certificate file (PEM/DER). |
| - PrivateKeyFile: File path to client private key file (PEM/DER/PFX). |
| - PrivateKeyPassphrase: Password/passphrase for private key file. |
| - PrivateKeyPassphraseType: We only support the fsid passphrase type for now. |
| This is for private keys generated by using their own filesystem UUID as the |
| passphrase. The PrivateKeyPassphrase field is ignored when this field is set |
| to fsid. |
| - Identity: Identity string for EAP. |
| - Phase2: Phase2 (inner authentication with TLS tunnel) authentication method. |
| Prefix the value with "EAP-" to indicate the usage of an EAP-based inner |
| authentication method (should only be used with EAP = TTLS). |
| - Passphrase: RSN/WPA/WPA2 Passphrase |
| - Hidden: If set to true, then this AP is hidden. If missing or set to false, |
| then AP is not hidden. |
| |
| |
| Example |
| ======= |
| |
| This is a configuration file for a network providing EAP-TLS, EAP-TTLS and |
| EAP-PEAP services. |
| The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid and the file name |
| is example.config. |
| Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID = |
| 746c735f73736964"). If your SSID does not contain any exotic character then |
| you should use the Name entry instead (e.g. "Name = tls_ssid"). |
| |
| |
| example@example:[~]$ cat /var/lib/connman/example.config |
| [global] |
| Name = Example |
| Description = Example network configuration |
| |
| [service_tls] |
| Type = wifi |
| SSID = 746c735f73736964 |
| EAP = tls |
| CACertFile = /home/user/.certs/ca.pem |
| ClientCertFile = /home/user/devlp/.certs/client.pem |
| PrivateKeyFile = /home/user/.certs/client.fsid.pem |
| PrivateKeyPassphraseType = fsid |
| Identity = user |
| |
| [service_ttls] |
| Type = wifi |
| Name = ttls_ssid |
| EAP = ttls |
| CACertFile = /home/user/.cert/ca.pem |
| Phase2 = MSCHAPV2 |
| Identity = user |
| |
| [service_peap] |
| Type = wifi |
| Name = peap_ssid |
| EAP = peap |
| CACertFile = /home/user/.cert/ca.pem |
| Phase2 = MSCHAPV2 |
| Identity = user |