Codex

NM-SETTINGS

Section: Configuration (5)

Updated:

Index?action=index Return to Main Contents


NAME

nm-settings - Description of settings and properties of NetworkManager connection profiles

DESCRIPTION

NetworkManager is based on a concept of connection profiles, sometimes referred to as connections only. These connection profiles contain a network configuration. When NetworkManager activates a connection profile on a network device the configuration will be applied and an active network connection will be established. Users are free to create as many connection profiles as they see fit. Thus they are flexible in having various network configurations for different networking needs. The connection profiles are handled by NetworkManager via settings service and are exported on D-Bus (/org/freedesktop/NetworkManager/Settings/<num> objects). The conceptual objects can be described as follows:

Connection (profile)

A specific, encapsulated, independent group of settings describing all the configuration required to connect to a specific network. It is referred to by a unique identifier called the UUID. A connection is tied to a one specific device type, but not necessarily a specific hardware device. It is composed of one or more Settings objects.

Setting

A group of related key/value pairs describing a specific piece of a Connection (profile). Settings keys and allowed values are described in the tables below. Keys are also reffered to as properties. Developers can find the setting objects and their properties in the libnm-util sources. Look for the class_init functions near the bottom of each setting source file.

The settings and properties shown in tables below list all available connection configuration options. However, note that not all settings are applicable to all connection types. NetworkManager provides a command-line tool nmcli that allows direct configuration of the settings and properties according to a connection profile type. nmcli connection editor has also a built-in describe command that can display description of particular settings and properties of this page.

Table 1. 802-1x setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>802-1x</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>eap</TD> <TD>array of string</TD> <TD> </TD> <TD>The allowed EAP method to be used when authenticating to the network with 802.1x. Valid methods are: 'leap', 'md5', 'tls', 'peap', 'ttls', 'pwd', and 'fast'. Each method requires different configuration using the properties of this setting; refer to wpa_supplicant documentation for the allowed combinations.

</TD> </TR> <TR VALIGN="top| <TD>identity</TD> <TD>string</TD> <TD> </TD> <TD>Identity string for EAP authentication methods. Often the user's user or login name.

</TD> </TR> <TR VALIGN="top| <TD>anonymous-identity</TD> <TD>string</TD> <TD> </TD> <TD>Anonymous identity string for EAP authentication methods. Used as the unencrypted identity with EAP types that support different tunneled identity like EAP-TTLS.

</TD> </TR> <TR VALIGN="top| <TD>pac-file</TD> <TD>string</TD> <TD> </TD> <TD>UTF-8 encoded file path containing PAC for EAP-FAST.

</TD> </TR> <TR VALIGN="top| <TD>ca-cert</TD> <TD>byte array</TD> <TD>[]</TD> <TD>Contains the CA certificate if used by the EAP method specified in the 'eap' property. Certificate data is specified using a 'scheme'; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string 'file://' and ending with a terminating NULL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.

</TD> </TR> <TR VALIGN="top| <TD>ca-path</TD> <TD>string</TD> <TD> </TD> <TD>UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the 'ca-cert' property.

</TD> </TR> <TR VALIGN="top| <TD>subject-match</TD> <TD>string</TD> <TD> </TD> <TD>Substring to be matched against the subject of the certificate presented by the authentication server. When unset, no verification of the authentication server certificate's subject is performed.

</TD> </TR> <TR VALIGN="top| <TD>altsubject-matches</TD> <TD>array of string</TD> <TD> </TD> <TD>List of strings to be matched against the altSubjectName of the certificate presented by the authentication server. If the list is empty, no verification of the server certificate's altSubjectName is performed.

</TD> </TR> <TR VALIGN="top| <TD>client-cert</TD> <TD>byte array</TD> <TD>[]</TD> <TD>Contains the client certificate if used by the EAP method specified in the 'eap' property. Certificate data is specified using a 'scheme'; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string 'file://' and ending with a terminating NULL byte.

</TD> </TR> <TR VALIGN="top| <TD>phase1-peapver</TD> <TD>string</TD> <TD> </TD> <TD>Forces which PEAP version is used when PEAP is set as the EAP method in 'eap' property. When unset, the version reported by the server will be used. Sometimes when using older RADIUS servers, it is necessary to force the client to use a particular PEAP version. To do so, this property may be set to '0' or '1' to force that specific PEAP version.

</TD> </TR> <TR VALIGN="top| <TD>phase1-peaplabel</TD> <TD>string</TD> <TD> </TD> <TD>Forces use of the new PEAP label during key derivation. Some RADIUS servers may require forcing the new PEAP label to interoperate with PEAPv1. Set to '1' to force use of the new PEAP label. See the wpa_supplicant documentation for more details.

</TD> </TR> <TR VALIGN="top| <TD>phase1-fast-provisioning</TD> <TD>string</TD> <TD> </TD> <TD>Enables or disables in-line provisioning of EAP-FAST credentials when FAST is specified as the EAP method in the #NMSetting8021x:eap property. Allowed values are '0' (disabled), '1' (allow unauthenticated provisioning), '2' (allow authenticated provisioning), and '3' (allow both authenticated and unauthenticated provisioning). See the wpa_supplicant documentation for more details.

</TD> </TR> <TR VALIGN="top| <TD>phase2-auth</TD> <TD>string</TD> <TD> </TD> <TD>Specifies the allowed 'phase 2' inner non-EAP authentication methods when an EAP method that uses an inner TLS tunnel is specified in the 'eap' property. Recognized non-EAP phase2 methods are 'pap', 'chap', 'mschap', 'mschapv2', 'gtc', 'otp', 'md5', and 'tls'. Each 'phase 2' inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details.

</TD> </TR> <TR VALIGN="top| <TD>phase2-autheap</TD> <TD>string</TD> <TD> </TD> <TD>Specifies the allowed 'phase 2' inner EAP-based authentication methods when an EAP method that uses an inner TLS tunnel is specified in the 'eap' property. Recognized EAP-based 'phase 2' methods are 'md5', 'mschapv2', 'otp', 'gtc', and 'tls'. Each 'phase 2' inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details.

</TD> </TR> <TR VALIGN="top| <TD>phase2-ca-cert</TD> <TD>byte array</TD> <TD>[]</TD> <TD>Contains the 'phase 2' CA certificate if used by the EAP method specified in the 'phase2-auth' or 'phase2-autheap' properties. Certificate data is specified using a 'scheme'; two are currentlysupported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string 'file://' and ending with a terminating NULL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.

</TD> </TR> <TR VALIGN="top| <TD>phase2-ca-path</TD> <TD>string</TD> <TD> </TD> <TD>UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the 'phase2-ca-cert' property.

</TD> </TR> <TR VALIGN="top| <TD>phase2-subject-match</TD> <TD>string</TD> <TD> </TD> <TD>Substring to be matched against the subject of the certificate presented by the authentication server during the inner 'phase2' authentication. When unset, no verification of the authentication server certificate's subject is performed.

</TD> </TR> <TR VALIGN="top| <TD>phase2-altsubject-matches</TD> <TD>array of string</TD> <TD> </TD> <TD>List of strings to be matched against List of strings to be matched against the altSubjectName of the certificate presented by the authentication server during the inner 'phase 2' authentication. If the list is empty, no verification of the server certificate's altSubjectName is performed.

</TD> </TR> <TR VALIGN="top| <TD>phase2-client-cert</TD> <TD>byte array</TD> <TD>[]</TD> <TD>Contains the 'phase 2' client certificate if used by the EAP method specified in the 'phase2-auth' or 'phase2-autheap' properties. Certificate data is specified using a 'scheme'; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string 'file://' and ending with a terminating NULL byte.

</TD> </TR> <TR VALIGN="top| <TD>password</TD> <TD>string</TD> <TD> </TD> <TD>UTF-8 encoded password used for EAP authentication methods.

</TD> </TR> <TR VALIGN="top| <TD>password-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the 802.1x password. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>password-raw</TD> <TD>byte array</TD> <TD>[]</TD> <TD>Password used for EAP authentication methods, given as a byte array to allow passwords in other encodings than UTF-8 to be used. If both 'password' and 'password-raw' are given, 'password' is preferred.

</TD> </TR> <TR VALIGN="top| <TD>password-raw-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the 802.1x password byte array. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>private-key</TD> <TD>byte array</TD> <TD>[]</TD> <TD>Contains the private key when the 'eap' property is set to 'tls'. Key data is specified using a 'scheme'; two are currently supported: blob and path. When using the blob scheme and private keys, this property should be set to the key's encrypted PEM encoded data. When using private keys with the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string 'file://' and ending with a terminating NULL byte. When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the 'private-key-password' property must be set to password used to decrypt the PKCS#12 certificate and key. When using PKCS#12 files and the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string 'file://' and and ending with a terminating NULL byte, and as with the blob scheme the 'private-key-password' property must be set to the password used to decode the PKCS#12 private key and certificate.

</TD> </TR> <TR VALIGN="top| <TD>private-key-password</TD> <TD>string</TD> <TD> </TD> <TD>The password used to decrypt the private key specified in the 'private-key' property when the private key either uses the path scheme, or if the private key is a PKCS#12 format key.

</TD> </TR> <TR VALIGN="top| <TD>private-key-password-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the 802.1x private key password. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>phase2-private-key</TD> <TD>byte array</TD> <TD>[]</TD> <TD>Contains the 'phase 2' inner private key when the 'phase2-auth' or 'phase2-autheap' property is set to 'tls'. Key data is specified using a 'scheme'; two are currently supported: blob and path. When using the blob scheme and private keys, this property should be set to the key's encrypted PEM encoded data. When using private keys with the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string 'file://' and ending with a terminating NULL byte. When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the 'phase2-private-key-password' property must be set to password used to decrypt the PKCS#12 certificate and key. When using PKCS#12 files and the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string 'file://' and and ending with a terminating NULL byte, and as with the blob scheme the 'phase2-private-key-password' property must be set to the password used to decode the PKCS#12 private key and certificate.

</TD> </TR> <TR VALIGN="top| <TD>phase2-private-key-password</TD> <TD>string</TD> <TD> </TD> <TD>The password used to decrypt the 'phase 2' private key specified in the 'private-key' property when the phase2 private key either uses the path scheme, or if the phase2 private key is a PKCS#12 format key.

</TD> </TR> <TR VALIGN="top| <TD>phase2-private-key-password-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the 802.1x phase2 private key password. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>pin</TD> <TD>string</TD> <TD> </TD> <TD>PIN used for EAP authentication methods.

</TD> </TR> <TR VALIGN="top| <TD>pin-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the 802.1x PIN. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>system-ca-certs</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>When TRUE, overrides 'ca-path' and 'phase2-ca-path' properties using the system CA directory specified at configure time with the --system-ca-path switch. The certificates in this directory are added to the verification chain in addition to any certificates specified by the 'ca-cert' and 'phase2-ca-cert' properties.

</TD> </TR> </TABLE>

Table 2. adsl setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>adsl</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>username</TD> <TD>string</TD> <TD> </TD> <TD>Username used to authenticate with the pppoa service.

</TD> </TR> <TR VALIGN="top| <TD>password</TD> <TD>string</TD> <TD> </TD> <TD>Password used to authenticate with the pppoa service.

</TD> </TR> <TR VALIGN="top| <TD>password-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the ADSL password. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>protocol</TD> <TD>string</TD> <TD> </TD> <TD>ADSL connection protocol.

</TD> </TR> <TR VALIGN="top| <TD>encapsulation</TD> <TD>string</TD> <TD> </TD> <TD>Encapsulation of ADSL connection

</TD> </TR> <TR VALIGN="top| <TD>vpi</TD> <TD>uint32</TD> <TD>0</TD> <TD>VPI of ADSL connection

</TD> </TR> <TR VALIGN="top| <TD>vci</TD> <TD>uint32</TD> <TD>0</TD> <TD>VCI of ADSL connection

</TD> </TR> </TABLE>

Table 3. bluetooth setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>bluetooth</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>bdaddr</TD> <TD>byte array</TD> <TD>[]</TD> <TD>The Bluetooth address of the device

</TD> </TR> <TR VALIGN="top| <TD>type</TD> <TD>string</TD> <TD> </TD> <TD>Either 'dun' for Dial-Up Networking connections or 'panu' for Personal Area Networking connections.

</TD> </TR> </TABLE>

Table 4. bond setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>bond</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>interface-name</TD> <TD>string</TD> <TD> </TD> <TD>The name of the virtual in-kernel bonding network interface

</TD> </TR> <TR VALIGN="top| <TD>options</TD> <TD>dict of (string::string)</TD> <TD> </TD> <TD>Dictionary of key/value pairs of bonding options. Both keys and values must be strings. Option names must contain only alphanumeric characters (ie, [a-zA-Z0-9]).

</TD> </TR> </TABLE>

Table 5. bridge setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>bridge</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>interface-name</TD> <TD>string</TD> <TD> </TD> <TD>The name of the virtual in-kernel bridging network interface

</TD> </TR> <TR VALIGN="top| <TD>mac-address</TD> <TD>byte array</TD> <TD>[]</TD> <TD>The MAC address of the bridge

</TD> </TR> <TR VALIGN="top| <TD>stp</TD> <TD>boolean</TD> <TD>TRUE</TD> <TD>Controls whether Spanning Tree Protocol (STP) is enabled for this bridge.

</TD> </TR> <TR VALIGN="top| <TD>priority</TD> <TD>uint32</TD> <TD>32768</TD> <TD>Sets the Spanning Tree Protocol (STP) priority for this bridge. Lower values are 'better'; the lowest priority bridge will be elected the root bridge.

</TD> </TR> <TR VALIGN="top| <TD>forward-delay</TD> <TD>uint32</TD> <TD>15</TD> <TD>The Spanning Tree Protocol (STP) forwarding delay, in seconds.

</TD> </TR> <TR VALIGN="top| <TD>hello-time</TD> <TD>uint32</TD> <TD>2</TD> <TD>The Spanning Tree Protocol (STP) hello time, in seconds.

</TD> </TR> <TR VALIGN="top| <TD>max-age</TD> <TD>uint32</TD> <TD>20</TD> <TD>The Spanning Tree Protocol (STP) maximum message age, in seconds.

</TD> </TR> <TR VALIGN="top| <TD>ageing-time</TD> <TD>uint32</TD> <TD>300</TD> <TD>The Ethernet MAC address aging time, in seconds.

</TD> </TR> </TABLE>

Table 6. bridge-port setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>bridge-port</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>priority</TD> <TD>uint32</TD> <TD>32</TD> <TD>The Spanning Tree Protocol (STP) priority of this bridge port

</TD> </TR> <TR VALIGN="top| <TD>path-cost</TD> <TD>uint32</TD> <TD>100</TD> <TD>The Spanning Tree Protocol (STP) port cost for destinations via this port.

</TD> </TR> <TR VALIGN="top| <TD>hairpin-mode</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>Enables or disabled 'hairpin mode' for the port, which allows frames to be sent back out through the port the frame was received on.

</TD> </TR> </TABLE>

Table 7. cdma setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>cdma</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>number</TD> <TD>string</TD> <TD> </TD> <TD>Number to dial when establishing a PPP data session with the CDMA-based mobile broadband network. If not specified, the default number (#777) is used when required.

</TD> </TR> <TR VALIGN="top| <TD>username</TD> <TD>string</TD> <TD> </TD> <TD>Username used to authenticate with the network, if required. Note that many providers do not require a username or accept any username.

</TD> </TR> <TR VALIGN="top| <TD>password</TD> <TD>string</TD> <TD> </TD> <TD>Password used to authenticate with the network, if required. Note that many providers do not require a password or accept any password.

</TD> </TR> <TR VALIGN="top| <TD>password-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the CDMA password. (see the section called "Secret flag types:" for flag values)

</TD> </TR> </TABLE>

Table 8. connection setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>connection</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>id</TD> <TD>string</TD> <TD> </TD> <TD>User-readable connection identifier/name. Must be one or more characters and may change over the lifetime of the connection if the user decides to rename it.

</TD> </TR> <TR VALIGN="top| <TD>uuid</TD> <TD>string</TD> <TD> </TD> <TD>Universally unique connection identifier. Must be in the format '2815492f-7e56-435e-b2e9-246bd7cdc664' (ie, contains only hexadecimal characters and '-'). The UUID should be assigned when the connection is created and never changed as long as the connection still applies to the same network. For example, it should not be changed when the user changes the connection's 'id', but should be recreated when the Wi-Fi SSID, mobile broadband network provider, or the connection type changes.

</TD> </TR> <TR VALIGN="top| <TD>interface-name</TD> <TD>string</TD> <TD> </TD> <TD>Interface name this connection is bound to. If not set, then the connection can be attached to any interface of the appropriate type (subject to restrictions imposed by other settings). For connection types where interface names cannot easily be made persistent (e.g. mobile broadband or USB Ethernet), this property should not be used. Setting this property restricts the interfaces a connection can be used with, and if interface names change or are reordered the connection may be applied to the wrong interface.

</TD> </TR> <TR VALIGN="top| <TD>type</TD> <TD>string</TD> <TD> </TD> <TD>Base type of the connection. For hardware-dependent connections, should contain the setting name of the hardware-type specific setting (ie, '802-3-ethernet' or '802-11-wireless' or 'bluetooth', etc), and for non-hardware dependent connections like VPN or otherwise, should contain the setting name of that setting type (ie, 'vpn' or 'bridge', etc).

</TD> </TR> <TR VALIGN="top| <TD>permissions</TD> <TD>array of string</TD> <TD> </TD> <TD>An array of strings defining what access a given user has to this connection. If this is NULL or empty, all users are allowed to access this connection. Otherwise a user is allowed to access this connection if and only if they are in this array. Each entry is of the form "[type]:[id]:[reserved]", for example: "user:dcbw:blah" At this time only the 'user' [type] is allowed. Any other values are ignored and reserved for future use. [id] is the username that this permission refers to, which may not contain the ':' character. Any [reserved] information (if present) must be ignored and is reserved for future use. All of [type], [id], and [reserved] must be valid UTF-8.

</TD> </TR> <TR VALIGN="top| <TD>autoconnect</TD> <TD>boolean</TD> <TD>TRUE</TD> <TD>If TRUE, NetworkManager will activate this connection when its network resources are available. If FALSE, the connection must be manually activated by the user or some other mechanism.

</TD> </TR> <TR VALIGN="top| <TD>timestamp</TD> <TD>uint64</TD> <TD>0</TD> <TD>Timestamp (in seconds since the Unix Epoch) that the connection was last successfully activated. NetworkManager updates the connection timestamp periodically when the connection is active to ensure that an active connection has the latest timestamp. The property is only meant for reading (changes to this property will not be preserved).

</TD> </TR> <TR VALIGN="top| <TD>read-only</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, the connection is read-only and cannot be changed by the user or any other mechanism. This is normally set for system connections whose plugin cannot yet write updated connections back out.

</TD> </TR> <TR VALIGN="top| <TD>zone</TD> <TD>string</TD> <TD> </TD> <TD>The trust level of a the connection.Free form case-insensitive string (for example "Home", "Work", "Public"). NULL or unspecified zone means the connection will be placed in the default zone as defined by the firewall.

</TD> </TR> <TR VALIGN="top| <TD>master</TD> <TD>string</TD> <TD> </TD> <TD>Interface name of the master device or UUID of the master connection

</TD> </TR> <TR VALIGN="top| <TD>slave-type</TD> <TD>string</TD> <TD> </TD> <TD>Setting name describing the type of slave this connection is (ie, 'bond') or NULL if this connection is not a slave.

</TD> </TR> <TR VALIGN="top| <TD>secondaries</TD> <TD>array of string</TD> <TD> </TD> <TD>List of connection UUIDs that should be activated when the base connection itself is activated. Currently only VPN connections are supported.

</TD> </TR> <TR VALIGN="top| <TD>gateway-ping-timeout</TD> <TD>uint32</TD> <TD>0</TD> <TD>If greater than zero, delay success of IP addressing until either the timeout is reached, or an IP gateway replies to a ping.

</TD> </TR> </TABLE>

Table 9. dcb setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>dcb</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>app-fcoe-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Specifies the flags for the DCB FCoE application. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing). (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>app-fcoe-priority</TD> <TD>int32</TD> <TD>-1</TD> <TD>The highest User Priority (0 - 7) which FCoE frames should use, or -1 for default priority. Only used when the 'app-fcoe-flags' property includes the 'enabled' flag.

</TD> </TR> <TR VALIGN="top| <TD>app-fcoe-mode</TD> <TD>string</TD> <TD>"fabric"</TD> <TD>The FCoe controller mode; either 'fabric' (default) or 'vn2vn'.

</TD> </TR> <TR VALIGN="top| <TD>app-iscsi-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Specifies the flags for the DCB iSCSI application. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing). (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>app-iscsi-priority</TD> <TD>int32</TD> <TD>-1</TD> <TD>The highest User Priority (0 - 7) which iSCSI frames should use, or -1 for default priority. Only used when the 'app-iscsi-flags' property includes the 'enabled' flag.

</TD> </TR> <TR VALIGN="top| <TD>app-fip-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Specifies the flags for the DCB FIP application. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing). (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>app-fip-priority</TD> <TD>int32</TD> <TD>-1</TD> <TD>The highest User Priority (0 - 7) which FIP frames should use, or -1 for default priority. Only used when the 'app-fip-flags' property includes the 'enabled' flag.

</TD> </TR> <TR VALIGN="top| <TD>priority-flow-control-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Specifies the flags for DCB Priority Flow Control. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing). (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>priority-flow-control</TD> <TD>array of uint32</TD> <TD> </TD> <TD>An array of 8 uint values, where the array index corresponds to the User Priority (0 - 7) and the value indicates whether or not the corresponding priority should transmit priority pause. Allowed values are 0 (do not transmit pause) and 1 (transmit pause).

</TD> </TR> <TR VALIGN="top| <TD>priority-group-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Specifies the flags for DCB Priority Groups. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing). (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>priority-group-id</TD> <TD>array of uint32</TD> <TD> </TD> <TD>An array of 8 uint values, where the array index corresponds to the User Priority (0 - 7) and the value indicates the Priority Group ID. Allowed Priority Group ID values are 0 - 7 or 15 for the unrestricted group.

</TD> </TR> <TR VALIGN="top| <TD>priority-group-bandwidth</TD> <TD>array of uint32</TD> <TD> </TD> <TD>An array of 8 uint values, where the array index corresponds to the Priority Group ID (0 - 7) and the value indicates the percentage of link bandwidth allocated to that group. Allowed values are 0 - 100, and the sum of all values must total 100 percent.

</TD> </TR> <TR VALIGN="top| <TD>priority-bandwidth</TD> <TD>array of uint32</TD> <TD> </TD> <TD>An array of 8 uint values, where the array index corresponds to the User Priority (0 - 7) and the value indicates the percentage of bandwidth of the priority's assigned group that the priority may use. The sum of all percentages for priorities which belong to the same group must total 100 percent.

</TD> </TR> <TR VALIGN="top| <TD>priority-strict-bandwidth</TD> <TD>array of uint32</TD> <TD> </TD> <TD>An array of 8 uint values, where the array index corresponds to the User Priority (0 - 7) and the value indicates whether or not the priority may use all of the bandwidth allocated to its assigned group. Allowed values are 0 (the priority may not utilize all bandwidth) or 1 (the priority may utilize all bandwidth).

</TD> </TR> <TR VALIGN="top| <TD>priority-traffic-class</TD> <TD>array of uint32</TD> <TD> </TD> <TD>An array of 8 uint values, where the array index corresponds to the User Priority (0 - 7) and the value indicates the traffic class (0 - 7) to which the priority is mapped.

</TD> </TR> </TABLE>

Table 10. gsm setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>gsm</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>number</TD> <TD>string</TD> <TD> </TD> <TD>Number to dial when establishing a PPP data session with the GSM-based mobile broadband network. Many modems do not require PPP for connections to the mobile network and thus this property should be left blank, which allows NetworkManager to select the appropriate settings automatically.

</TD> </TR> <TR VALIGN="top| <TD>username</TD> <TD>string</TD> <TD> </TD> <TD>Username used to authenticate with the network, if required. Note that many providers do not require a username or accept any username.

</TD> </TR> <TR VALIGN="top| <TD>password</TD> <TD>string</TD> <TD> </TD> <TD>Password used to authenticate with the network, if required. Note that many providers do not require a password or accept any password.

</TD> </TR> <TR VALIGN="top| <TD>password-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the GSM password. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>apn</TD> <TD>string</TD> <TD> </TD> <TD>The GPRS Access Point Name specifying the APN used when establishing a data session with the GSM-based network. The APN often determines how the user will be billed for their network usage and whether the user has access to the Internet or just a provider-specific walled-garden, so it is important to use the correct APN for the user's mobile broadband plan. The APN may only be composed of the characters a-z, 0-9, ., and - per GSM 03.60 Section 14.9.

</TD> </TR> <TR VALIGN="top| <TD>network-id</TD> <TD>string</TD> <TD> </TD> <TD>The Network ID (GSM LAI format, ie MCC-MNC) to force specific network registration. If the Network ID is specified, NetworkManager will attempt to force the device to register only on the specified network. This can be used to ensure that the device does not roam when direct roaming control of the device is not otherwise possible.

</TD> </TR> <TR VALIGN="top| <TD>network-type</TD> <TD>int32</TD> <TD>-1</TD> <TD>Network preference to force the device to only use specific network technologies. The permitted values are: -1: any, 0: 3G only, 1: GPRS/EDGE only, 2: prefer 3G, 3: prefer 2G, 4: prefer 4G/LTE, 5: 4G/LTE only. Notes: This property is deprecated and NetworkManager from 0.9.10 onwards doesn't use this property when talking to ModemManager.Also, not all devices allow network preference control.

</TD> </TR> <TR VALIGN="top| <TD>pin</TD> <TD>string</TD> <TD> </TD> <TD>If the SIM is locked with a PIN it must be unlocked before any other operations are requested. Specify the PIN here to allow operation of the device.

</TD> </TR> <TR VALIGN="top| <TD>pin-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the GSM SIM PIN. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>allowed-bands</TD> <TD>uint32</TD> <TD>1</TD> <TD>Bitfield of allowed frequency bands.Notes: This property is deprecated and NetworkManager from 0.9.10 onwards doesn't use this property when talking to ModemManager.Also, not all devices allow frequency band control.

</TD> </TR> <TR VALIGN="top| <TD>home-only</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>When TRUE, only connections to the home network will be allowed. Connections to roaming networks will not be made.

</TD> </TR> </TABLE>

Table 11. infiniband setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>infiniband</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>mac-address</TD> <TD>byte array</TD> <TD>[]</TD> <TD>If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).

</TD> </TR> <TR VALIGN="top| <TD>mtu</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames.

</TD> </TR> <TR VALIGN="top| <TD>transport-mode</TD> <TD>string</TD> <TD> </TD> <TD>The IPoIB transport mode. Either 'datagram' or 'connected'.

</TD> </TR> <TR VALIGN="top| <TD>p-key</TD> <TD>int32</TD> <TD>-1</TD> <TD>The InfiniBand P_Key. Either -1 for the default, or a 16-bit unsigned integer.

</TD> </TR> <TR VALIGN="top| <TD>parent</TD> <TD>string</TD> <TD> </TD> <TD>The interface name of the parent device, or NULL

</TD> </TR> </TABLE>

Table 12. ipv4 setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>ipv4</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>method</TD> <TD>string</TD> <TD> </TD> <TD>IPv4 configuration method. If 'auto' is specified then the appropriate automatic method (DHCP, PPP, etc) is used for the interface and most other properties can be left unset. If 'link-local' is specified, then a link-local address in the 169.254/16 range will be assigned to the interface. If 'manual' is specified, static IP addressing is used and at least one IP address must be given in the 'addresses' property. If 'shared' is specified (indicating that this connection will provide network access to other computers) then the interface is assigned an address in the 10.42.x.1/24 range and a DHCP and forwarding DNS server are started, and the interface is NAT-ed to the current default network connection. 'disabled' means IPv4 will not be used on this connection. This property must be set.

</TD> </TR> <TR VALIGN="top| <TD>dns</TD> <TD>array of uint32</TD> <TD> </TD> <TD>List of DNS servers (network byte order). For the 'auto' method, these DNS servers are appended to those (if any) returned by automatic configuration. DNS servers cannot be used with the 'shared', 'link-local', or 'disabled' methods as there is no upstream network. In all other methods, these DNS servers are used as the only DNS servers for this connection.

</TD> </TR> <TR VALIGN="top| <TD>dns-search</TD> <TD>array of string</TD> <TD> </TD> <TD>List of DNS search domains. For the 'auto' method, these search domains are appended to those returned by automatic configuration. Search domains cannot be used with the 'shared', 'link-local', or 'disabled' methods as there is no upstream network. In all other methods, these search domains are used as the only search domains for this connection.

</TD> </TR> <TR VALIGN="top| <TD>addresses</TD> <TD>array of array of uint32</TD> <TD> </TD> <TD>Array of IPv4 address structures. Each IPv4 address structure is composed of 3 32-bit values; the first being the IPv4 address (network byte order), the second the prefix (1 - 32), and last the IPv4 gateway (network byte order). The gateway may be left as 0 if no gateway exists for that subnet. For the 'auto' method, given IP addresses are appended to those returned by automatic configuration. Addresses cannot be used with the 'shared', 'link-local', or 'disabled' methods as addressing is either automatic or disabled with these methods.

</TD> </TR> <TR VALIGN="top| <TD>address-labels</TD> <TD>array of string</TD> <TD> </TD> <TD>Internal use only

</TD> </TR> <TR VALIGN="top| <TD>routes</TD> <TD>array of array of uint32</TD> <TD> </TD> <TD>Array of IPv4 route structures. Each IPv4 route structure is composed of 4 32-bit values; the first being the destination IPv4 network or address (network byte order), the second the destination network or address prefix (1 - 32), the third being the next-hop (network byte order) if any, and the fourth being the route metric. For the 'auto' method, given IP routes are appended to those returned by automatic configuration. Routes cannot be used with the 'shared', 'link-local', or 'disabled', methods as there is no upstream network.

</TD> </TR> <TR VALIGN="top| <TD>ignore-auto-routes</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>When the method is set to 'auto' and this property to TRUE, automatically configured routes are ignored and only routes specified in the 'routes' property, if any, are used.

</TD> </TR> <TR VALIGN="top| <TD>ignore-auto-dns</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>When the method is set to 'auto' and this property to TRUE, automatically configured nameservers and search domains are ignored and only nameservers and search domains specified in the 'dns' and 'dns-search' properties, if any, are used.

</TD> </TR> <TR VALIGN="top| <TD>dhcp-client-id</TD> <TD>string</TD> <TD> </TD> <TD>A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options.

</TD> </TR> <TR VALIGN="top| <TD>dhcp-send-hostname</TD> <TD>boolean</TD> <TD>TRUE</TD> <TD>If TRUE, a hostname is sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer. If the 'dhcp-hostname' property is empty and this property is TRUE, the current persistent hostname of the computer is sent.

</TD> </TR> <TR VALIGN="top| <TD>dhcp-hostname</TD> <TD>string</TD> <TD> </TD> <TD>If the 'dhcp-send-hostname' property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease.

</TD> </TR> <TR VALIGN="top| <TD>never-default</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, this connection will never be the default IPv4 connection, meaning it will never be assigned the default route by NetworkManager.

</TD> </TR> <TR VALIGN="top| <TD>may-fail</TD> <TD>boolean</TD> <TD>TRUE</TD> <TD>If TRUE, allow overall network configuration to proceed even if IPv4 configuration times out. Note that at least one IP configuration must succeed or overall network configuration will still fail. For example, in IPv6-only networks, setting this property to TRUE allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully.

</TD> </TR> </TABLE>

Table 13. ipv6 setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>ipv6</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>method</TD> <TD>string</TD> <TD> </TD> <TD>IPv6 configuration method. If 'auto' is specified then the appropriate automatic method (PPP, router advertisement, etc) is used for the device and most other properties can be left unset. To force the use of DHCP only, specify 'dhcp'; this method is only valid for Ethernet-based hardware. If 'link-local' is specified, then an IPv6 link-local address will be assigned to the interface. If 'manual' is specified, static IP addressing is used and at least one IP address must be given in the 'addresses' property. If 'ignore' is specified, IPv6 configuration is not done. This property must be set. Note: the 'shared' method is not yet supported.

</TD> </TR> <TR VALIGN="top| <TD>dhcp-hostname</TD> <TD>string</TD> <TD> </TD> <TD>The specified name will be sent to the DHCP server when acquiring a lease.

</TD> </TR> <TR VALIGN="top| <TD>dns</TD> <TD>array of byte array</TD> <TD> </TD> <TD>Array of DNS servers, where each member of the array is a byte array containing the IPv6 address of the DNS server (in network byte order). For the 'auto' method, these DNS servers are appended to those (if any) returned by automatic configuration. DNS servers cannot be used with the 'shared' or 'link-local' methods as there is no usptream network. In all other methods, these DNS servers are used as the only DNS servers for this connection.

</TD> </TR> <TR VALIGN="top| <TD>dns-search</TD> <TD>array of string</TD> <TD> </TD> <TD>List of DNS search domains. For the 'auto' method, these search domains are appended to those returned by automatic configuration. Search domains cannot be used with the 'shared' or 'link-local' methods as there is no upstream network. In all other methods, these search domains are used as the only search domains for this connection.

</TD> </TR> <TR VALIGN="top| <TD>addresses</TD> <TD>array of (byte array, uint32, byte array)</TD> <TD> </TD> <TD>Array of IPv6 address structures. Each IPv6 address structure is composed of 3 members, the first being a byte array containing the IPv6 address (network byte order), the second a 32-bit integer containing the IPv6 address prefix, and the third a byte array containing the IPv6 address (network byte order) of the gateway associated with this address, if any. If no gateway is given, the third element should be given as all zeros. For the 'auto' method, given IP addresses are appended to those returned by automatic configuration. Addresses cannot be used with the 'shared' or 'link-local' methods as the interface is automatically assigned an address with these methods.

</TD> </TR> <TR VALIGN="top| <TD>routes</TD> <TD>array of (byte array, uint32, byte array, uint32)</TD> <TD> </TD> <TD>Array of IPv6 route structures. Each IPv6 route structure is composed of 4 members; the first being the destination IPv6 network or address (network byte order) as a byte array, the second the destination network or address IPv6 prefix, the third being the next-hop IPv6 address (network byte order) if any, and the fourth being the route metric. For the 'auto' method, given IP routes are appended to those returned by automatic configuration. Routes cannot be used with the 'shared' or 'link-local' methods because there is no upstream network.

</TD> </TR> <TR VALIGN="top| <TD>ignore-auto-routes</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>When the method is set to 'auto' or 'dhcp' and this property is set to TRUE, automatically configured routes are ignored and only routes specified in the 'routes' property, if any, are used.

</TD> </TR> <TR VALIGN="top| <TD>ignore-auto-dns</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>When the method is set to 'auto' or 'dhcp' and this property is set to TRUE, automatically configured nameservers and search domains are ignored and only nameservers and search domains specified in the 'dns' and 'dns-search' properties, if any, are used.

</TD> </TR> <TR VALIGN="top| <TD>never-default</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, this connection will never be the default IPv6 connection, meaning it will never be assigned the default IPv6 route by NetworkManager.

</TD> </TR> <TR VALIGN="top| <TD>may-fail</TD> <TD>boolean</TD> <TD>TRUE</TD> <TD>If TRUE, allow overall network configuration to proceed even if IPv6 configuration times out. Note that at least one IP configuration must succeed or overall network configuration will still fail. For example, in IPv4-only networks, setting this property to TRUE allows the overall network configuration to succeed if IPv6 configuration fails but IPv4 configuration completes successfully.

</TD> </TR> <TR VALIGN="top| <TD>ip6-privacy</TD> <TD>int32</TD> <TD>-1</TD> <TD>Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. This enhances privacy, but could cause problems in some applications, on the other hand. The permitted values are: 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses).

</TD> </TR> </TABLE>

Table 14. 802-11-olpc-mesh setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>802-11-olpc-mesh</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>ssid</TD> <TD>byte array</TD> <TD>[]</TD> <TD>SSID of the mesh network to join.

</TD> </TR> <TR VALIGN="top| <TD>channel</TD> <TD>uint32</TD> <TD>0</TD> <TD>Channel on which the mesh network to join is located.

</TD> </TR> <TR VALIGN="top| <TD>dhcp-anycast-address</TD> <TD>byte array</TD> <TD>[]</TD> <TD>Anycast DHCP MAC address used when requesting an IP address via DHCP. The specific anycast address used determines which DHCP server class answers the the request.

</TD> </TR> </TABLE>

Table 15. ppp setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>ppp</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>noauth</TD> <TD>boolean</TD> <TD>TRUE</TD> <TD>If TRUE, do not require the other side (usually the PPP server) to authenticate itself to the client. If FALSE, require authentication from the remote side. In almost all cases, this should be TRUE.

</TD> </TR> <TR VALIGN="top| <TD>refuse-eap</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, the EAP authentication method will not be used.

</TD> </TR> <TR VALIGN="top| <TD>refuse-pap</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, the PAP authentication method will not be used.

</TD> </TR> <TR VALIGN="top| <TD>refuse-chap</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, the CHAP authentication method will not be used.

</TD> </TR> <TR VALIGN="top| <TD>refuse-mschap</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, the MSCHAP authentication method will not be used.

</TD> </TR> <TR VALIGN="top| <TD>refuse-mschapv2</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, the MSCHAPv2 authentication method will not be used.

</TD> </TR> <TR VALIGN="top| <TD>nobsdcomp</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, BSD compression will not be requested.

</TD> </TR> <TR VALIGN="top| <TD>nodeflate</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, 'deflate' compression will not be requested.

</TD> </TR> <TR VALIGN="top| <TD>no-vj-comp</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, Van Jacobsen TCP header compression will not be requested.

</TD> </TR> <TR VALIGN="top| <TD>require-mppe</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, MPPE (Microsoft Point-to-Point Encrpytion) will be required for the PPP session. If either 64-bit or 128-bit MPPE is not available the session will fail. Note that MPPE is not used on mobile broadband connections.

</TD> </TR> <TR VALIGN="top| <TD>require-mppe-128</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, 128-bit MPPE (Microsoft Point-to-Point Encrpytion) will be required for the PPP session, and the 'require-mppe' property must also be set to TRUE. If 128-bit MPPE is not available the session will fail.

</TD> </TR> <TR VALIGN="top| <TD>mppe-stateful</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, stateful MPPE is used. See pppd documentation for more information on stateful MPPE.

</TD> </TR> <TR VALIGN="top| <TD>crtscts</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, specify that pppd should set the serial port to use hardware flow control with RTS and CTS signals. This value should normally be set to FALSE.

</TD> </TR> <TR VALIGN="top| <TD>baud</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, instruct pppd to set the serial port to the specified baudrate. This value should normally be left as 0 to automatically choose the speed.

</TD> </TR> <TR VALIGN="top| <TD>mru</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, instruct pppd to request that the peer send packets no larger than the specified size. If non-zero, the MRU should be between 128 and 16384.

</TD> </TR> <TR VALIGN="top| <TD>mtu</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, instruct pppd to send packets no larger than the specified size.

</TD> </TR> <TR VALIGN="top| <TD>lcp-echo-failure</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, instruct pppd to presume the connection to the peer has failed if the specified number of LCP echo-requests go unanswered by the peer. The 'lcp-echo-interval' property must also be set to a non-zero value if this property is used.

</TD> </TR> <TR VALIGN="top| <TD>lcp-echo-interval</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, instruct pppd to send an LCP echo-request frame to the peer every n seconds (where n is the specified value). Note that some PPP peers will respond to echo requests and some will not, and it is not possible to autodetect this.

</TD> </TR> </TABLE>

Table 16. pppoe setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>pppoe</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>service</TD> <TD>string</TD> <TD> </TD> <TD>If specified, instruct PPPoE to only initiate sessions with access concentrators that provide the specified service. For most providers, this should be left blank. It is only required if there are multiple access concentrators or a specific service is known to be required.

</TD> </TR> <TR VALIGN="top| <TD>username</TD> <TD>string</TD> <TD> </TD> <TD>Username used to authenticate with the PPPoE service.

</TD> </TR> <TR VALIGN="top| <TD>password</TD> <TD>string</TD> <TD> </TD> <TD>Password used to authenticate with the PPPoE service.

</TD> </TR> <TR VALIGN="top| <TD>password-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the PPPoE password. (see the section called "Secret flag types:" for flag values)

</TD> </TR> </TABLE>

Table 17. serial setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>serial</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>baud</TD> <TD>uint32</TD> <TD>57600</TD> <TD>Speed to use for communication over the serial port. Note that this value usually has no effect for mobile broadband modems as they generally ignore speed settings and use the highest available speed.

</TD> </TR> <TR VALIGN="top| <TD>bits</TD> <TD>uint32</TD> <TD>8</TD> <TD>Byte-width of the serial communication. The 8 in '8n1' for example.

</TD> </TR> <TR VALIGN="top| <TD>parity</TD> <TD>gchar</TD> <TD>110</TD> <TD>Parity setting of the serial port. Either 'E' for even parity, 'o' for odd parity, or 'n' for no parity.

</TD> </TR> <TR VALIGN="top| <TD>stopbits</TD> <TD>uint32</TD> <TD>1</TD> <TD>Number of stop bits for communication on the serial port. Either 1 or 2. The 1 in '8n1' for example.

</TD> </TR> <TR VALIGN="top| <TD>send-delay</TD> <TD>uint64</TD> <TD>0</TD> <TD>Time to delay between each byte sent to the modem, in microseconds.

</TD> </TR> </TABLE>

Table 18. team setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>team</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>interface-name</TD> <TD>string</TD> <TD> </TD> <TD>The name of the virtual in-kernel team network interface

</TD> </TR> <TR VALIGN="top| <TD>config</TD> <TD>string</TD> <TD> </TD> <TD>JSON configuration for the team network interface. The property should contain raw JSON configuration data suitable for teamd, because the value is passed directly to teamd. If not specified, the default configuration is used. See man teamd.conf for the format details.

</TD> </TR> </TABLE>

Table 19. team-port setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>team-port</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>config</TD> <TD>string</TD> <TD> </TD> <TD>JSON configuration for the team port. The property should contain raw JSON configuration data suitable for teamd, because the value is passed directly to teamd. If not specified, the dafault configuration is used. See man teamd.conf for the format details.

</TD> </TR> </TABLE>

Table 20. vlan setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>vlan</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>interface-name</TD> <TD>string</TD> <TD> </TD> <TD>If given, specifies the kernel name of the VLAN interface. If not given, a default name will be constructed from the interface described by the parent interface and the 'id' property, ex 'eth2.1'. The parent interface may be given by the 'parent' property or by the 'mac-address' property of a 'wired' setting.

</TD> </TR> <TR VALIGN="top| <TD>parent</TD> <TD>string</TD> <TD> </TD> <TD>If given, specifies the parent interface name or parent connection UUID from which this VLAN interface should be created. If this property is not specified, the connection must contain a 'wired' setting with a 'mac-address' property.

</TD> </TR> <TR VALIGN="top| <TD>id</TD> <TD>uint32</TD> <TD>0</TD> <TD>The VLAN indentifier the interface created by this connection should be assigned.

</TD> </TR> <TR VALIGN="top| <TD>flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>One or more flags which control the behavior and features of the VLAN interface. Flags include reordering of output packet headers (0x01), use of the GVRP protocol (0x02), and loose binding of the interface to its master device's operating state (0x04).

</TD> </TR> <TR VALIGN="top| <TD>ingress-priority-map</TD> <TD>array of string</TD> <TD> </TD> <TD>For incoming packets, a list of mappings from 802.1p priorities to Linux SKB priorities. The mapping is given in the format 'from:to' where both 'from' and 'to' are unsigned integers, ie '7:3'.

</TD> </TR> <TR VALIGN="top| <TD>egress-priority-map</TD> <TD>array of string</TD> <TD> </TD> <TD>For outgoing packets, a list of mappings from Linux SKB priorities to 802.1p priorities. The mapping is given in the format 'from:to' where both 'from' and 'to' are unsigned integers, ie '7:3'.

</TD> </TR> </TABLE>

Table 21. vpn setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>vpn</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>service-type</TD> <TD>string</TD> <TD> </TD> <TD>D-Bus service name of the VPN plugin that this setting uses to connect to its network. i.e. org.freedesktop.NetworkManager.vpnc for the vpnc plugin.

</TD> </TR> <TR VALIGN="top| <TD>user-name</TD> <TD>string</TD> <TD> </TD> <TD>If the VPN connection requires a user name for authentication, that name should be provided here. If the connection is available to more than one user, and the VPN requires each user to supply a different name, then leave this property empty. If this property is empty, NetworkManager will automatically supply the username of the user which requested the VPN connection.

</TD> </TR> <TR VALIGN="top| <TD>data</TD> <TD>dict of (string::string)</TD> <TD> </TD> <TD>Dictionary of key/value pairs of VPN plugin specific data. Both keys and values must be strings.

</TD> </TR> <TR VALIGN="top| <TD>secrets</TD> <TD>dict of (string::string)</TD> <TD> </TD> <TD>Dictionary of key/value pairs of VPN plugin specific secrets like passwords or private keys. Both keys and values must be strings.

</TD> </TR> </TABLE>

Table 22. wimax setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>wimax</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>network-name</TD> <TD>string</TD> <TD> </TD> <TD>Network Service Provider (NSP) name of the WiMAX network this connection should use.

</TD> </TR> <TR VALIGN="top| <TD>mac-address</TD> <TD>byte array</TD> <TD>[]</TD> <TD>If specified, this connection will only apply to the WiMAX device whose MAC address matches. This property does not change the MAC address of the device (known as MAC spoofing).

</TD> </TR> </TABLE>

Table 23. 802-3-ethernet setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>802-3-ethernet</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>port</TD> <TD>string</TD> <TD> </TD> <TD>Specific port type to use if multiple the device supports multiple attachment methods. One of 'tp' (Twisted Pair), 'aui' (Attachment Unit Interface), 'bnc' (Thin Ethernet) or 'mii' (Media Independent Interface. If the device supports only one port type, this setting is ignored.

</TD> </TR> <TR VALIGN="top| <TD>speed</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, request that the device use only the specified speed. In Mbit/s, ie 100 == 100Mbit/s.

</TD> </TR> <TR VALIGN="top| <TD>duplex</TD> <TD>string</TD> <TD> </TD> <TD>If specified, request that the device only use the specified duplex mode. Either 'half' or 'full'.

</TD> </TR> <TR VALIGN="top| <TD>auto-negotiate</TD> <TD>boolean</TD> <TD>TRUE</TD> <TD>If TRUE, allow auto-negotiation of port speed and duplex mode. If FALSE, do not allow auto-negotiation,in which case the 'speed' and 'duplex' properties should be set.

</TD> </TR> <TR VALIGN="top| <TD>mac-address</TD> <TD>byte array</TD> <TD>[]</TD> <TD>If specified, this connection will only apply to the Ethernet device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).

</TD> </TR> <TR VALIGN="top| <TD>cloned-mac-address</TD> <TD>byte array</TD> <TD>[]</TD> <TD>If specified, request that the device use this MAC address instead of its permanent MAC address. This is known as MAC cloning or spoofing.

</TD> </TR> <TR VALIGN="top| <TD>mac-address-blacklist</TD> <TD>array of string</TD> <TD> </TD> <TD>If specified, this connection will never apply to the Ethernet device whose permanent MAC address matches an address in the list. Each MAC address is in the standard hex-digits-and-colons notation (00:11:22:33:44:55).

</TD> </TR> <TR VALIGN="top| <TD>mtu</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames.

</TD> </TR> <TR VALIGN="top| <TD>s390-subchannels</TD> <TD>array of string</TD> <TD> </TD> <TD>Identifies specific subchannels that this network device uses for communcation with z/VM or s390 host. Like the 'mac-address' property for non-z/VM devices, this property can be used to ensure this connection only applies to the network device that uses these subchannels. The list should contain exactly 3 strings, and each string may only be composed of hexadecimal characters and the period (.) character.

</TD> </TR> <TR VALIGN="top| <TD>s390-nettype</TD> <TD>string</TD> <TD> </TD> <TD>s390 network device type; one of 'qeth', 'lcs', or 'ctc', representing the different types of virtual network devices available on s390 systems.

</TD> </TR> <TR VALIGN="top| <TD>s390-options</TD> <TD>dict of (string::string)</TD> <TD> </TD> <TD>Dictionary of key/value pairs of s390-specific device options. Both keys and values must be strings. Allowed keys include 'portno', 'layer2', 'portname', 'protocol', among others.

</TD> </TR> </TABLE>

Table 24. 802-11-wireless setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>802-11-wireless</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>ssid</TD> <TD>byte array</TD> <TD>[]</TD> <TD>SSID of the Wi-Fi network. Must be specified.

</TD> </TR> <TR VALIGN="top| <TD>mode</TD> <TD>string</TD> <TD> </TD> <TD>Wi-Fi network mode; one of 'infrastructure', 'adhoc' or 'ap'. If blank, infrastructure is assumed.

</TD> </TR> <TR VALIGN="top| <TD>band</TD> <TD>string</TD> <TD> </TD> <TD>802.11 frequency band of the network. One of 'a' for 5GHz 802.11a or 'bg' for 2.4GHz 802.11. This will lock associations to the Wi-Fi network to the specific band, i.e. if 'a' is specified, the device will not associate with the same network in the 2.4GHz band even if the network's settings are compatible. This setting depends on specific driver capability and may not work with all drivers.

</TD> </TR> <TR VALIGN="top| <TD>channel</TD> <TD>uint32</TD> <TD>0</TD> <TD>Wireless channel to use for the Wi-Fi connection. The device will only join (or create for Ad-Hoc networks) a Wi-Fi network on the specified channel. Because channel numbers overlap between bands, this property also requires the 'band' property to be set.

</TD> </TR> <TR VALIGN="top| <TD>bssid</TD> <TD>byte array</TD> <TD>[]</TD> <TD>If specified, directs the device to only associate with the given access point. This capability is highly driver dependent and not supported by all devices. Note: this property does not control the BSSID used when creating an Ad-Hoc network and is unlikely to in the future.

</TD> </TR> <TR VALIGN="top| <TD>rate</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, directs the device to only use the specified bitrate for communication with the access point. Units are in Kb/s, ie 5500 = 5.5 Mbit/s. This property is highly driver dependent and not all devices support setting a static bitrate.

</TD> </TR> <TR VALIGN="top| <TD>tx-power</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, directs the device to use the specified transmit power. Units are dBm. This property is highly driver dependent and not all devices support setting a static transmit power.

</TD> </TR> <TR VALIGN="top| <TD>mac-address</TD> <TD>byte array</TD> <TD>[]</TD> <TD>If specified, this connection will only apply to the Wi-Fi device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).

</TD> </TR> <TR VALIGN="top| <TD>cloned-mac-address</TD> <TD>byte array</TD> <TD>[]</TD> <TD>If specified, request that the Wi-Fi device use this MAC address instead of its permanent MAC address. This is known as MAC cloning or spoofing.

</TD> </TR> <TR VALIGN="top| <TD>mac-address-blacklist</TD> <TD>array of string</TD> <TD> </TD> <TD>A list of permanent MAC addresses of Wi-Fi devices to which this connection should never apply. Each MAC address should be given in the standard hex-digits-and-colons notation (eg '00:11:22:33:44:55').

</TD> </TR> <TR VALIGN="top| <TD>mtu</TD> <TD>uint32</TD> <TD>0</TD> <TD>If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames.

</TD> </TR> <TR VALIGN="top| <TD>seen-bssids</TD> <TD>array of string</TD> <TD> </TD> <TD>A list of BSSIDs (each BSSID formatted as a MAC address like 00:11:22:33:44:55') that have been detected as part of the Wi-Fi network. NetworkManager internally tracks previously seen BSSIDs. The property is only meant for reading and reflects the BSSID list of NetworkManager. The changes you make to this property will not be preserved.

</TD> </TR> <TR VALIGN="top| <TD>security</TD> <TD>string</TD> <TD> </TD> <TD>If the wireless connection has any security restrictions, like 802.1x, WEP, or WPA, set this property to '802-11-wireless-security' and ensure the connection contains a valid 802-11-wireless-security setting.

</TD> </TR> <TR VALIGN="top| <TD>hidden</TD> <TD>boolean</TD> <TD>FALSE</TD> <TD>If TRUE, indicates this network is a non-broadcasting network that hides its SSID. In this case various workarounds may take place, such as probe-scanning the SSID for more reliable network discovery. However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution.

</TD> </TR> </TABLE>

Table 25. 802-11-wireless-security setting

<TABLE BORDER> <TR VALIGN="top| <TD CLASS="c1|Key Name</TD> <TD CLASS="c1|Value Type</TD> <TD CLASS="c1|Default Value</TD> <TD>Value Description

</TD> </TR> <TR VALIGN="top| <TD>name</TD> <TD>string</TD> <TD>802-11-wireless-security</TD> <TD>The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name.

</TD> </TR> <TR VALIGN="top| <TD>key-mgmt</TD> <TD>string</TD> <TD> </TD> <TD>Key management used for the connection. One of 'none' (WEP), 'ieee8021x' (Dynamic WEP), 'wpa-none' (WPA-PSK Ad-Hoc), 'wpa-psk' (infrastructure WPA-PSK), or 'wpa-eap' (WPA-Enterprise). This property must be set for any Wi-Fi connection that uses security.

</TD> </TR> <TR VALIGN="top| <TD>wep-tx-keyidx</TD> <TD>uint32</TD> <TD>0</TD> <TD>When static WEP is used (ie, key-mgmt = 'none') and a non-default WEP key index is used by the AP, put that WEP key index here. Valid values are 0 (default key) through 3. Note that some consumer access points (like the Linksys WRT54G) number the keys 1 - 4.

</TD> </TR> <TR VALIGN="top| <TD>auth-alg</TD> <TD>string</TD> <TD> </TD> <TD>When WEP is used (ie, key-mgmt = 'none' or 'ieee8021x') indicate the 802.11 authentication algorithm required by the AP here. One of 'open' for Open System, 'shared' for Shared Key, or 'leap' for Cisco LEAP. When using Cisco LEAP (ie, key-mgmt = 'ieee8021x' and auth-alg = 'leap') the 'leap-username' and 'leap-password' properties must be specified.

</TD> </TR> <TR VALIGN="top| <TD>proto</TD> <TD>array of string</TD> <TD> </TD> <TD>List of strings specifying the allowed WPA protocol versions to use. Each element may be one 'wpa' (allow WPA) or 'rsn' (allow WPA2/RSN). If not specified, both WPA and RSN connections are allowed.

</TD> </TR> <TR VALIGN="top| <TD>pairwise</TD> <TD>array of string</TD> <TD> </TD> <TD>A list of pairwise encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For maximum compatibility leave this property empty. Each list element may be one of 'tkip' or 'ccmp'.

</TD> </TR> <TR VALIGN="top| <TD>group</TD> <TD>array of string</TD> <TD> </TD> <TD>A list of group/broadcast encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For maximum compatibility leave this property empty. Each list element may be one of 'wep40', 'wep104', 'tkip', or 'ccmp'.

</TD> </TR> <TR VALIGN="top| <TD>leap-username</TD> <TD>string</TD> <TD> </TD> <TD>The login username for legacy LEAP connections (ie, key-mgmt = 'ieee8021x' and auth-alg = 'leap').

</TD> </TR> <TR VALIGN="top| <TD>wep-key0</TD> <TD>string</TD> <TD> </TD> <TD>Index 0 WEP key. This is the WEP key used in most networks. See the 'wep-key-type' property for a description of how this key is interpreted.

</TD> </TR> <TR VALIGN="top| <TD>wep-key1</TD> <TD>string</TD> <TD> </TD> <TD>Index 1 WEP key. This WEP index is not used by most networks. See the 'wep-key-type' property for a description of how this key is interpreted.

</TD> </TR> <TR VALIGN="top| <TD>wep-key2</TD> <TD>string</TD> <TD> </TD> <TD>Index 2 WEP key. This WEP index is not used by most networks. See the 'wep-key-type' property for a description of how this key is interpreted.

</TD> </TR> <TR VALIGN="top| <TD>wep-key3</TD> <TD>string</TD> <TD> </TD> <TD>Index 3 WEP key. This WEP index is not used by most networks. See the 'wep-key-type' property for a description of how this key is interpreted.

</TD> </TR> <TR VALIGN="top| <TD>wep-key-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the WEP keys. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>wep-key-type</TD> <TD>uint32</TD> <TD>0</TD> <TD>Controls the interpretation of WEP keys. Allowed values are 1 (interpret WEP keys as hexadecimal or ASCII keys) or 2 (interpret WEP keys as WEP Passphrases). If set to 1 and the keys are hexadecimal, they must be either 10 or 26 characters in length. If set to 1 and the keys are ASCII keys, they must be either 5 or 13 characters in length. If set to 2, the passphrase is hashed using the de-facto MD5 method to derive the actual WEP key.

</TD> </TR> <TR VALIGN="top| <TD>psk</TD> <TD>string</TD> <TD> </TD> <TD>Pre-Shared-Key for WPA networks. If the key is 64-characters long, it must contain only hexadecimal characters and is interpreted as a hexadecimal WPA key. Otherwise, the key must be between 8 and 63 ASCII characters (as specified in the 802.11i standard) and is interpreted as a WPA passphrase, and is hashed to derive the actual WPA-PSK used when connecting to the Wi-Fi network.

</TD> </TR> <TR VALIGN="top| <TD>psk-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the WPA PSK key. (see the section called "Secret flag types:" for flag values)

</TD> </TR> <TR VALIGN="top| <TD>leap-password</TD> <TD>string</TD> <TD> </TD> <TD>The login password for legacy LEAP connections (ie, key-mgmt = 'ieee8021x' and auth-alg = 'leap').

</TD> </TR> <TR VALIGN="top| <TD>leap-password-flags</TD> <TD>uint32</TD> <TD>0</TD> <TD>Flags indicating how to handle the LEAP password. (see the section called "Secret flag types:" for flag values)

</TD> </TR> </TABLE>

Secret flag types:

Each secret property in a setting has an associated flags property that describes how to handle that secret. The flags property is a bitfield that contains zero or more of the following values logically OR-ed together.

• 0x0 (none) - the system is responsible for providing and storing this secret.
• 0x1 (agent-owned) - a user-session secret agent is responsible for providing and storing this secret; when it is required, agents will be asked to provide it.
• 0x2 (not-saved) - this secret should not be saved but should be requested from the user each time it is required. This flag should be used for One-Time-Pad secrets, PIN codes from hardware tokens, or if the user simply does not want to save the secret.
• 0x4 (not-required) - in some situations it cannot be automatically determined that a secret is required or not. This flag hints that the secret is not required and should not be requested from the user.

AUTHOR

NetworkManager developers

FILES

/etc/NetworkManager/system-connections

or distro plugin-specific location

SEE ALSO

https://live.gnome.org/NetworkManagerConfiguration

NetworkManager?(8), nmcli?(1), nmcli-examples?(5), (5)


Index

NAME

DESCRIPTION

Secret flag types:

AUTHOR

FILES

SEE ALSO