doc/config-format.txt - nest-learning-thermostat/5.9/connman - Git at Google

 Connman configuration file format
 *********************************

 Connman uses configuration files to provision existing services. Connman will
 be looking for its configuration files at STORAGEDIR which by default points
 to /var/lib/connman/. Configuration file names must not include other
 characters than letters or numbers and must have a .config suffix.
 Those configuration files are text files with a simple key-value pair format,
 organized into sections. Values do not comprise leading or trailing whitespace.
 We typically have one file per provisioned network.

 If the config file is removed, then Connman tries to remove the
 provisioned services. If an individual service inside a config is removed,
 then the corresponding provisioned service is removed. If a service section
 is changed, then the corresponding service is removed and immediately
 re-provisioned.


 Global section [global]
 =======================

 These files can have an optional global section describing the actual file.
 The two allowed fields for this section are:
 - Name: Name of the network.
 - Description: Description of the network.


 Service sections [service_*]
 ============================

 Each provisioned service must start with the [service_*] tag. Replace * with
 an identifier unique to the config file.

 Allowed fields:
 - Type: Service type. We currently only support wifi and ethernet.
 - IPv4: The IPv4 address, netmask and gateway. Format of the entry
   is network/netmask/gateway. The mask length can be used instead
   of netmask. The gateway can be omitted if necessary.
   The IPv4 field can also contain the string "off" or "dhcp".
   If the setting is "off", then no IPv4 address is set to the interface.
   If the setting is "dhcp", then DHCPv4 address resolution is activated.
   Example: 192.168.1.2/24/192.168.1.1
            192.168.200.100/255.255.255.0/192.168.200.1
            10.0.0.2/24
 - IPv6: The IPv6 address, prefix length and gateway. Format of the entry
   is network/prefixlen/gateway. For IPv6 addresses only prefix length is
   accepted. The gateway can be omitted if necessary.
   The IPv6 field can also contain the string "off" or "auto".
   If the setting is "off", then no IPv6 address is set to the interface.
   If the setting is "auto", then SLAAC or DHCPv6 is used.
   Example: 2001:db8::2/64/2001:db8::1
            2001:db8::1:2:3:4/64
 - IPv6.Privacy: IPv6 privacy option. Value can be either "disabled",
   "enabled" or "preferred" (or the misspelled "prefered"). See use_tempaddr
   variable description in Linux kernel Documentation/networking/ip-sysctl.txt
   file.
 - MAC: MAC address of the interface where this setting should be applied.
   The MAC address is optional and if it is missing, then the first found
   interface is used. The byte values must have prefix 0 added,
   the bytes must be separated by ":" char and its length must be
   exactly 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 = 17 characters.
 - Nameservers: Comma separated list of nameservers
 - SearchDomains: Comma separated list of DNS search domains
 - Timeservers: Comma separated list of timeservers
 - Domain: Domain name to be used

 If IPv4 address is missing then DHCP is used. If IPv6 address is missing,
 then SLAAC or DHCPv6 is used.

 The following options are valid if Type is "wifi"
 - Name: A string representation of an 802.11 SSID. If the SSID field is
   present, the Name field is ignored.
 - SSID: A hexadecimal representation of an 802.11 SSID. Use this format to
   encode special characters including starting or ending spaces. If the SSID
   field is omitted, the Name field is used instead.
 - EAP: EAP type. We currently only support tls, ttls or peap.
 - CACertFile: File path to CA certificate file (PEM/DER).
 - ClientCertFile: File path to client certificate file (PEM/DER).
 - PrivateKeyFile: File path to client private key file (PEM/DER/PFX).
 - PrivateKeyPassphrase: Password/passphrase for private key file.
 - PrivateKeyPassphraseType: We only support the fsid passphrase type for now.
   This is for private keys generated by using their own filesystem UUID as the
   passphrase. The PrivateKeyPassphrase field is ignored when this field is set
   to fsid.
 - Identity: Identity string for EAP.
 - Phase2: Phase2 (inner authentication with TLS tunnel) authentication method.
   Prefix the value with "EAP-" to indicate the usage of an EAP-based inner
   authentication method (should only be used with EAP = TTLS).
 - Passphrase: RSN/WPA/WPA2 Passphrase
 - Security: The security type of the network. Possible values are 'psk'
   (WPA/WPA2 PSK), 'ieee8021x' (WPA EAP), 'none' and 'wep'. When not set, the
   default value is 'ieee8021x' if an EAP type is configured, 'psk' if a
   passphrase is present and 'none' otherwise.
 - Hidden: If set to true, then this AP is hidden. If missing or set to false,
   then AP is not hidden.


 Examples
 ========

 This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
 EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid
 and the file name is example.config.

 Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
 746c735f73736964"). If your SSID does not contain any exotic character then
 you should use the Name entry instead (e.g. "Name = tls_ssid").

 example@example:[~]$ cat /var/lib/connman/example.config
 [global]
 Name = Example
 Description = Example network configuration

 [service_tls]
 Type = wifi
 SSID = 746c735f73736964
 EAP = tls
 CACertFile = /home/user/.certs/ca.pem
 ClientCertFile = /home/user/devlp/.certs/client.pem
 PrivateKeyFile = /home/user/.certs/client.fsid.pem
 PrivateKeyPassphraseType = fsid
 Identity = user

 [service_ttls]
 Type = wifi
 Name = ttls_ssid
 EAP = ttls
 CACertFile = /home/user/.cert/ca.pem
 Phase2 = MSCHAPV2
 Identity = user

 [service_peap]
 Type = wifi
 Name = peap_ssid
 EAP = peap
 CACertFile = /home/user/.cert/ca.pem
 Phase2 = MSCHAPV2
 Identity = user

 [service_home_ethernet]
 Type = ethernet
 IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
 IPv6 = 2001:db8::42/64/2001:db8::1
 MAC = 01:02:03:04:05:06
 Nameservers = 10.2.3.4,192.168.1.99
 SearchDomains = my.home,isp.net
 Timeservers = 10.172.2.1,ntp.my.isp.net
 Domain = my.home

 [service_home_wifi]
 Type = wifi
 Name = my_home_wifi
 Passphrase = secret
 IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
 MAC = 06:05:04:03:02:01
	Connman configuration file format
	*********************************

	Connman uses configuration files to provision existing services. Connman will
	be looking for its configuration files at STORAGEDIR which by default points
	to /var/lib/connman/. Configuration file names must not include other
	characters than letters or numbers and must have a .config suffix.
	Those configuration files are text files with a simple key-value pair format,
	organized into sections. Values do not comprise leading or trailing whitespace.
	We typically have one file per provisioned network.

	If the config file is removed, then Connman tries to remove the
	provisioned services. If an individual service inside a config is removed,
	then the corresponding provisioned service is removed. If a service section
	is changed, then the corresponding service is removed and immediately
	re-provisioned.


	Global section [global]
	=======================

	These files can have an optional global section describing the actual file.
	The two allowed fields for this section are:
	- Name: Name of the network.
	- Description: Description of the network.


	Service sections [service_*]
	============================

	Each provisioned service must start with the [service_] tag. Replace with
	an identifier unique to the config file.

	Allowed fields:
	- Type: Service type. We currently only support wifi and ethernet.
	- IPv4: The IPv4 address, netmask and gateway. Format of the entry
	is network/netmask/gateway. The mask length can be used instead
	of netmask. The gateway can be omitted if necessary.
	The IPv4 field can also contain the string "off" or "dhcp".
	If the setting is "off", then no IPv4 address is set to the interface.
	If the setting is "dhcp", then DHCPv4 address resolution is activated.
	Example: 192.168.1.2/24/192.168.1.1
	192.168.200.100/255.255.255.0/192.168.200.1
	10.0.0.2/24
	- IPv6: The IPv6 address, prefix length and gateway. Format of the entry
	is network/prefixlen/gateway. For IPv6 addresses only prefix length is
	accepted. The gateway can be omitted if necessary.
	The IPv6 field can also contain the string "off" or "auto".
	If the setting is "off", then no IPv6 address is set to the interface.
	If the setting is "auto", then SLAAC or DHCPv6 is used.
	Example: 2001:db8::2/64/2001:db8::1
	2001:db8::1:2:3:4/64
	- IPv6.Privacy: IPv6 privacy option. Value can be either "disabled",
	"enabled" or "preferred" (or the misspelled "prefered"). See use_tempaddr
	variable description in Linux kernel Documentation/networking/ip-sysctl.txt
	file.
	- MAC: MAC address of the interface where this setting should be applied.
	The MAC address is optional and if it is missing, then the first found
	interface is used. The byte values must have prefix 0 added,
	the bytes must be separated by ":" char and its length must be
	exactly 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 = 17 characters.
	- Nameservers: Comma separated list of nameservers
	- SearchDomains: Comma separated list of DNS search domains
	- Timeservers: Comma separated list of timeservers
	- Domain: Domain name to be used

	If IPv4 address is missing then DHCP is used. If IPv6 address is missing,
	then SLAAC or DHCPv6 is used.

	The following options are valid if Type is "wifi"
	- Name: A string representation of an 802.11 SSID. If the SSID field is
	present, the Name field is ignored.
	- SSID: A hexadecimal representation of an 802.11 SSID. Use this format to
	encode special characters including starting or ending spaces. If the SSID
	field is omitted, the Name field is used instead.
	- EAP: EAP type. We currently only support tls, ttls or peap.
	- CACertFile: File path to CA certificate file (PEM/DER).
	- ClientCertFile: File path to client certificate file (PEM/DER).
	- PrivateKeyFile: File path to client private key file (PEM/DER/PFX).
	- PrivateKeyPassphrase: Password/passphrase for private key file.
	- PrivateKeyPassphraseType: We only support the fsid passphrase type for now.
	This is for private keys generated by using their own filesystem UUID as the
	passphrase. The PrivateKeyPassphrase field is ignored when this field is set
	to fsid.
	- Identity: Identity string for EAP.
	- Phase2: Phase2 (inner authentication with TLS tunnel) authentication method.
	Prefix the value with "EAP-" to indicate the usage of an EAP-based inner
	authentication method (should only be used with EAP = TTLS).
	- Passphrase: RSN/WPA/WPA2 Passphrase
	- Security: The security type of the network. Possible values are 'psk'
	(WPA/WPA2 PSK), 'ieee8021x' (WPA EAP), 'none' and 'wep'. When not set, the
	default value is 'ieee8021x' if an EAP type is configured, 'psk' if a
	passphrase is present and 'none' otherwise.
	- Hidden: If set to true, then this AP is hidden. If missing or set to false,
	then AP is not hidden.


	Examples
	========

	This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
	EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid
	and the file name is example.config.

	Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
	746c735f73736964"). If your SSID does not contain any exotic character then
	you should use the Name entry instead (e.g. "Name = tls_ssid").

	example@example:[~]$ cat /var/lib/connman/example.config
	[global]
	Name = Example
	Description = Example network configuration

	[service_tls]
	Type = wifi
	SSID = 746c735f73736964
	EAP = tls
	CACertFile = /home/user/.certs/ca.pem
	ClientCertFile = /home/user/devlp/.certs/client.pem
	PrivateKeyFile = /home/user/.certs/client.fsid.pem
	PrivateKeyPassphraseType = fsid
	Identity = user

	[service_ttls]
	Type = wifi
	Name = ttls_ssid
	EAP = ttls
	CACertFile = /home/user/.cert/ca.pem
	Phase2 = MSCHAPV2
	Identity = user

	[service_peap]
	Type = wifi
	Name = peap_ssid
	EAP = peap
	CACertFile = /home/user/.cert/ca.pem
	Phase2 = MSCHAPV2
	Identity = user

	[service_home_ethernet]
	Type = ethernet
	IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
	IPv6 = 2001:db8::42/64/2001:db8::1
	MAC = 01:02:03:04:05:06
	Nameservers = 10.2.3.4,192.168.1.99
	SearchDomains = my.home,isp.net
	Timeservers = 10.172.2.1,ntp.my.isp.net
	Domain = my.home

	[service_home_wifi]
	Type = wifi
	Name = my_home_wifi
	Passphrase = secret
	IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
	MAC = 06:05:04:03:02:01