doc/connman-service.config.5 | 197 +++++++++++++++++++++++++++++++++++++++++++
 doc/connman.8                |   3 +-
 doc/connmanctl.1             |   3 +-
 3 files changed, 201 insertions(+), 2 deletions(-)
 create mode 100644 doc/connman-service.config.5

diff --git a/doc/connman-service.config.5 b/doc/connman-service.config.5
new file mode 100644
index 0000000..3cf3692
--- /dev/null
+++ b/doc/connman-service.config.5
@@ -0,0 +1,197 @@
+.\" connman-service.config(5) manual page
+.\" Copyright (C) 2015 Intel Corporation
+.TH "service-name.config" "5" "2015-10-15" ""
+service-name.config \- ConnMan service provisioning file
+.B /var/lib/connman/\fIservice-name\fB.config
+\fIConnMan\fP's services are configured with so called
+"\fBprovisioning files\fP" which reside under \fI/var/lib/connman/\fP.
+The files can be named anything, as long as they end in \fB.config\fP.
+The provisioning files can be used to configure for example secured
+wireless access points which need complex authentication, for example
+eduroam, or for static IPs and so on. Each provisioning file can be
+used for multiple services at once.
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+Description of sections and available keys follows:
+.SS [global]
+This section is optional, and can be used to describe the actual file. The
+two allowed fields for this section are:
+.BI Name= name
+Name of the network.
+.BI Description= description
+Description of the network.
+.SS [service_*]
+Each provisioned service must start with a [service_*] tag, with * replaced
+by an unique name within the file.
+The allowed fields are:
+.B Type=ethernet \fR|\fB wifi
+Mandatory. Other types than ethernet or wifi are not supported.
+.BI IPv4=off \ \fR|\  dhcp\ \fR|\  network / netmask / gateway
+IPv4 settings for the service. If set to \fBoff\fP, IPv4 won't be used.
+If set to \fBdhcp\fP, dhcp will be used to obtain the network settings.
+\fInetmask\fP can be specified as length of the mask rather than the
+mask itself. The gateway can be omitted when using a static IP.
+.BI IPv6=off \ \fR|\  auto\ \fR|\  network / prefixlength / gateway
+IPv6 settings for the service. If set to \fBoff\fP, IPv6 won't be used.
+If set to \fBauto\fP, settings will be obtained from the network.
+.B IPv6.Privacy=disabled \fR|\fB enabled \fR|\fB preferred
+IPv6 privacy settings as per RFC3041.
+.BI MAC= address
+MAC address of the interface to be used. If not specified, the first
+found interface is used. Must be in format ab:cd:ef:01:23:45.
+.BI Nameservers= servers
+Comma separated list of nameservers.
+.BI SearchDomains= domains
+Comma separated list of DNS search domains.
+.BI Timeservers= servers
+Comma separated list of timeservers.
+.BI Domain= domain
+Domain name to be used.
+The following keys can only be used for wireless networks:
+.BI Name= name
+A string representation of an network SSID. If the SSID field is
+present, the Name field is ignored. If the SSID field is not present,
+this field is mandatory.
+.BI SSID= ssid
+SSID: A hexadecimal representation of an 802.11 SSID. Use this format to
+encode special characters including starting or ending spaces.
+.BI Passphrase= passphrase
+RSN/WPA/WPA2 Passphrase.
+.BI Security= type
+The security type of the network. Possible values are \fBpsk\fP
+(WPA/WPA2 PSK), \fBieee8021x\fP (WPA EAP), \fBnone\fP and \fBwep\fP.
+When not set, the default value is \fBieee8021x\fP if an EAP type is
+configured, \fBpsk\fP if a passphrase is present and \fBnone\fP otherwise.
+.B Hidden=true \fR|\fB false
+If set to \fBtrue\fP, then this AP is hidden. If missing or set to
+\fBfalse\fP, then AP is not hidden.
+.B EAP=tls \fR|\fB ttls \fR|\fB peap
+EAP type to use. Only \fBtls\fP, \fBttls\fP and \fBpeap\fP are supported.
+.BI CACertFile= file
+Path to the CA certificate file. Only PEM and DER formats are supported.
+.BI PrivateKeyFile= file
+Path to the private key file. Only PEM, DER and PFX formats are supported.
+.BI PrivateKeyPassphrase= passphrase
+Passphrase of the private key.
+.B PrivateKeyPassphraseType=fsid
+If specified, use the private key's fsid as the passphrase, and ignore the
+PrivateKeyPassphrase field.
+.BI Identity= identity
+Identity string for EAP.
+.BI AnonymousIdentity= identity
+Anonymous identity string for EAP.
+.BI Phase2= type
+Inner authentication type with for \fBEAP=tls\fP or \fBEAP=ttls\fP. Prefix
+the value with \fBEAP-\fP to indicate usage of EAP-based authentication
+method (should only be used with \fBEAP=ttls\fP).
+.SS Eduroam
+This is a configuration file for eduroam networks. This file could for
+example be /var/lib/connman/eduroam.config. Your university's exact
+settings might be different.
+Type = wifi
+Name = eduroam
+EAP = peap
+Phase2 = MSCHAPV2
+CACertFile = /etc/ssl/certs/UNIV_CA.crt
+.SS Complex networking
+This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
+EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid
+and the file name could be /var/lib/connman/complex.config.
+Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
+746c735f73736964"). If your SSID does not contain any exotic character then
+you should use the Name entry instead (e.g. "Name = tls_ssid").
+Name = Example
+Description = Example network configuration
+Type = wifi
+SSID = 746c735f73736964
+EAP = tls
+CACertFile = /home/user/.certs/ca.pem
+ClientCertFile = /home/user/devlp/.certs/client.pem
+PrivateKeyFile = /home/user/.certs/client.fsid.pem
+PrivateKeyPassphraseType = fsid
+Identity = user
+Type = wifi
+Name = ttls_ssid
+EAP = ttls
+CACertFile = /home/user/.cert/ca.pem
+Phase2 = MSCHAPV2
+Identity = user
+Type = wifi
+Name = peap_ssid
+EAP = peap
+CACertFile = /home/user/.cert/ca.pem
+Phase2 = MSCHAPV2
+Identity = user
+Type = ethernet
+IPv4 =
+IPv6 = 2001:db8::42/64/2001:db8::1
+MAC = 01:02:03:04:05:06
+Nameservers =,
+SearchDomains = my.home,isp.net
+Timeservers =,ntp.my.isp.net
+Domain = my.home
+Type = wifi
+Name = my_home_wifi
+Passphrase = password
+IPv4 =
+MAC = 06:05:04:03:02:01
+.BR connman (8)
diff --git a/doc/connman.8 b/doc/connman.8
index 7ae9ff5..3d065db 100644
--- a/doc/connman.8
+++ b/doc/connman.8
@@ -94,4 +94,5 @@ If this option is used, then ConnMan is not able to cache the 
DNS queries
 because the DNS traffic is not going through ConnMan and that can cause
 some extra network traffic.
-.BR connmanctl (1), \ connman.conf (5), \ connman-vpn (8)
+.BR connmanctl (1), \ connman.conf (5), \ connman-service.config (5), \c
+.BR \ connman-vpn (8)
diff --git a/doc/connmanctl.1 b/doc/connmanctl.1
index 03abf7c..e98a697 100644
--- a/doc/connmanctl.1
+++ b/doc/connmanctl.1
@@ -278,4 +278,5 @@ Tethering a wireless connection (ssid "SSID", passphrase 
-.BR connman.conf (5), \ connman (8), \ connman-vpn (8)
+.BR connman.conf (5), \ connman-service.config (5), \ connman (8), \c
+.BR \ connman-vpn (8)

connman mailing list

Reply via email to