nm-settings(5)
NAME
nm-settings - Description of settings and properties of NetworkManager connection profiles
DESCRIPTION
NetworkManager is based on a concept of connection profiles, sometimes
referred to as connections only. These connection profiles contain a
network configuration. When NetworkManager activates a connection
profile on a network device the configuration will be applied and an
active network connection will be established. Users are free to create
as many connection profiles as they see fit. Thus they are flexible in
having various network configurations for different networking needs.
The connection profiles are handled by NetworkManager via settings
service and are exported on D-Bus
(/org/freedesktop/NetworkManager/Settings/<num> objects). The
conceptual objects can be described as follows:
Connection (profile)
A specific, encapsulated, independent group of settings describing
all the configuration required to connect to a specific network. It
is referred to by a unique identifier called the UUID. A connection
is tied to a one specific device type, but not necessarily a
specific hardware device. It is composed of one or more Settings
objects.
Setting
A group of related key/value pairs describing a specific piece of a
Connection (profile). Settings keys and allowed values are
described in the tables below. Keys are also referred to as
properties. Developers can find the setting objects and their
properties in the libnm-util sources. Look for the class_init
functions near the bottom of each setting source file.
The settings and properties shown in tables below list all available
connection configuration options. However, note that not all settings
are applicable to all connection types. NetworkManager provides a
command-line tool nmcli that allows direct configuration of the
settings and properties according to a connection profile type. nmcli
connection editor has also a built-in describe command that can display
description of particular settings and properties of this page.
Table 1. 802-1x setting
Key Name Value Type Default Value Value
Description
altsubject-matches array of string [] List of strings
to be matched
against the
altSubjectName
of the
certificate
presented by the
authentication
server. If the
list is empty,
no verification
of the server
certificate's
altSubjectName
is performed.
anonymous-identity string Anonymous
identity string
for EAP
authentication
methods. Used
as the
unencrypted
identity with
EAP types that
support
different
tunneled
identity like
EAP-TTLS.
ca-cert byte array Contains the CA
certificate if
used by the EAP
method specified
in the "eap"
property.
Certificate data
is specified
using a
"scheme"; two
are currently
supported: blob
and path. When
using the blob
scheme (which is
backwards
compatible with
NM 0.7.x) this
property should
be set to the
certificate's
DER encoded
data. When using
the path scheme,
this property
should be set to
the full UTF-8
encoded path of
the certificate,
prefixed with
the string
"file://" and
ending with a
terminating NUL
byte. This
property can be
unset even if
the EAP method
supports CA
certificates,
but this allows
man-in-the-middle
attacks and is
NOT recommended.
ca-path string UTF-8 encoded
path to a
directory
containing PEM or
DER formatted
certificates to
be added to the
verification
chain in addition
to the
certificate
specified in the
"ca-cert"
property.
client-cert byte array Contains the
client
certificate if
used by the EAP
method specified
in the "eap"
property.
Certificate data
is specified
using a "scheme";
two are currently
supported: blob
and path. When
using the blob
scheme (which is
backwards
compatible with
NM 0.7.x) this
property should
be set to the
certificate's DER
encoded data.
When using the
path scheme, this
property should
be set to the
full UTF-8
encoded path of
the certificate,
prefixed with the
string "file://"
and ending with a
terminating NUL
byte.
domain-suffix-match string Constraint for
server domain
name. If set,
this FQDN is used
as a suffix match
requirement for
dNSName
element(s) of the
certificate
presented by the
authentication
server. If a
matching dNSName
is found, this
constraint is
met. If no
dNSName values
are present, this
constraint is
matched against
SubjectName CN
using same suffix
match comparison.
eap array of string [] The allowed EAP
method to be used
when
authenticating to
the network with
802.1x. Valid
methods are:
"leap", "md5",
"tls", "peap",
"ttls", "pwd",
and "fast". Each
method requires
different
configuration
using the
properties of
this setting;
refer to
wpa_supplicant
documentation for
the allowed
combinations.
identity string Identity string
for EAP
authentication
methods. Often
the user's user
or login name.
name string 802-1x The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting type
has a name unique
to that type, for
example "ppp" or
"wireless" or
"wired".
pac-file string UTF-8 encoded
file path
containing PAC
for EAP-FAST.
password string UTF-8 encoded
password used for
EAP
authentication
methods. If both
the "password"
property and the
"password-raw"
property are
specified,
"password" is
preferred.
password-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle the
"password"
property. (see
the section
called "Secret
flag types:" for
flag values)
password-raw byte array Password used for
EAP
authentication
methods, given as
a byte array to
allow passwords
in other
encodings than
UTF-8 to be used.
If both the
"password"
property and the
"password-raw"
property are
specified,
"password" is
preferred.
password-raw-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle the
"password-raw"
property. (see
the section
called "Secret
flag types:" for
flag values)
phase1-fast-provisioning string Enables or
disables in-line
provisioning of
EAP-FAST
credentials when
FAST is specified
as the EAP method
in the "eap"
property.
Recognized values
are "0"
(disabled), "1"
(allow
unauthenticated
provisioning),
"2" (allow
authenticated
provisioning),
and "3" (allow
both
authenticated and
unauthenticated
provisioning).
See the
wpa_supplicant
documentation for
more details.
phase1-peaplabel string Forces use of the
new PEAP label
during key
derivation. Some
RADIUS servers
may require
forcing the new
PEAP label to
interoperate with
PEAPv1. Set to
"1" to force use
of the new PEAP
label. See the
wpa_supplicant
documentation for
more details.
phase1-peapver string Forces which PEAP
version is used
when PEAP is set
as the EAP method
in the "eap"
property. When
unset, the
version reported
by the server
will be used.
Sometimes when
using older
RADIUS servers,
it is necessary
to force the
client to use a
particular PEAP
version. To do
so, this property
may be set to "0"
or "1" to force
that specific
PEAP version.
phase2-altsubject-matches array of string [] List of strings
to be matched
against the
altSubjectName of
the certificate
presented by the
authentication
server during the
inner "phase 2"
authentication.
If the list is
empty, no
verification of
the server
certificate's
altSubjectName is
performed.
phase2-auth string Specifies the
allowed "phase 2"
inner non-EAP
authentication
methods when an
EAP method that
uses an inner TLS
tunnel is
specified in the
"eap" property.
Recognized
non-EAP "phase 2"
methods are
"pap", "chap",
"mschap",
"mschapv2",
"gtc", "otp",
"md5", and "tls".
Each "phase 2"
inner method
requires specific
parameters for
successful
authentication;
see the
wpa_supplicant
documentation for
more details.
phase2-autheap string Specifies the
allowed "phase 2"
inner EAP-based
authentication
methods when an
EAP method that
uses an inner TLS
tunnel is
specified in the
"eap" property.
Recognized
EAP-based "phase
2" methods are
"md5",
"mschapv2",
"otp", "gtc", and
"tls". Each
"phase 2" inner
method requires
specific
parameters for
successful
authentication;
see the
wpa_supplicant
documentation for
more details.
phase2-ca-cert byte array Contains the
"phase 2" CA
certificate if
used by the EAP
method specified
in the
"phase2-auth" or
"phase2-autheap"
properties.
Certificate data
is specified
using a "scheme";
two are currently
supported: blob
and path. When
using the blob
scheme (which is
backwards
compatible with
NM 0.7.x) this
property should
be set to the
certificate's DER
encoded data.
When using the
path scheme, this
property should
be set to the
full UTF-8
encoded path of
the certificate,
prefixed with the
string "file://"
and ending with a
terminating NUL
byte. This
property can be
unset even if the
EAP method
supports CA
certificates, but
this allows
man-in-the-middle
attacks and is
NOT recommended.
phase2-ca-path string UTF-8 encoded
path to a
directory
containing PEM or
DER formatted
certificates to
be added to the
verification
chain in addition
to the
certificate
specified in the
"phase2-ca-cert"
property.
phase2-client-cert byte array Contains the
"phase 2" client
certificate if
used by the EAP
method specified
in the
"phase2-auth" or
"phase2-autheap"
properties.
Certificate data
is specified
using a "scheme";
two are currently
supported: blob
and path. When
using the blob
scheme (which is
backwards
compatible with
NM 0.7.x) this
property should
be set to the
certificate's DER
encoded data.
When using the
path scheme, this
property should
be set to the
full UTF-8
encoded path of
the certificate,
prefixed with the
string "file://"
and ending with a
terminating NUL
byte. This
property can be
unset even if the
EAP method
supports CA
certificates, but
this allows
man-in-the-middle
attacks and is
NOT recommended.
phase2-domain-suffix-match string Constraint for
server domain
name. If set,
this FQDN is used
as a suffix match
requirement for
dNSName
element(s) of the
certificate
presented by the
authentication
server during the
inner "phase 2"
authentication.
If a matching
dNSName is found,
this constraint
is met. If no
dNSName values
are present, this
constraint is
matched against
SubjectName CN
using same suffix
match comparison.
phase2-private-key byte array Contains the
"phase 2" inner
private key when
the "phase2-auth"
or
"phase2-autheap"
property is set
to "tls". Key
data is specified
using a "scheme";
two are currently
supported: blob
and path. When
using the blob
scheme and
private keys,
this property
should be set to
the key's
encrypted PEM
encoded data.
When using
private keys with
the path scheme,
this property
should be set to
the full UTF-8
encoded path of
the key, prefixed
with the string
"file://" and
ending with a
terminating NUL
byte. When using
PKCS#12 format
private keys and
the blob scheme,
this property
should be set to
the PKCS#12 data
and the
"phase2-private-key-password"
property must be
set to password
used to decrypt
the PKCS#12
certificate and
key. When using
PKCS#12 files and
the path scheme,
this property
should be set to
the full UTF-8
encoded path of
the key, prefixed
with the string
"file://" and and
ending with a
terminating NUL
byte, and as with
the blob scheme
the
"phase2-private-key-password"
property must be
set to the
password used to
decode the
PKCS#12 private
key and
certificate.
phase2-private-key-password string The password used to decrypt
the "phase 2" private key
specified in the
"phase2-private-key" property
when the private key either
uses the path scheme, or is a
PKCS#12 format key.
phase2-private-key-password-flags NMSettingSecretFlags Flags indicating how to
(uint32) handle the
"phase2-private-key-password"
property. (see the section
called "Secret flag types:"
for flag values)
phase2-subject-match string Substring to be matched
against the subject of the
certificate presented by the
authentication server during
the inner "phase 2"
authentication. When unset,
no verification of the
authentication server
certificate's subject is
performed. This property
provides little security, if
any, and its use is
deprecated in favor of
NMSetting8021x:phase2-domain-suffix-match.
pin string PIN used for EAP authentication methods.
pin-flags NMSettingSecretFlags Flags indicating how to handle the "pin"
(uint32) property. (see the section called "Secret
flag types:" for flag values)
private-key byte array Contains the private key when the "eap"
property is set to "tls". Key data is
specified using a "scheme"; two are
currently supported: blob and path. When
using the blob scheme and private keys,
this property should be set to the key's
encrypted PEM encoded data. When using
private keys with the path scheme, this
property should be set to the full UTF-8
encoded path of the key, prefixed with the
string "file://" and ending with a
terminating NUL byte. When using PKCS#12
format private keys and the blob scheme,
this property should be set to the PKCS#12
data and the "private-key-password"
property must be set to password used to
decrypt the PKCS#12 certificate and key.
When using PKCS#12 files and the path
scheme, this property should be set to the
full UTF-8 encoded path of the key,
prefixed with the string "file://" and and
ending with a terminating NUL byte, and as
with the blob scheme the
"private-key-password" property must be
set to the password used to decode the
PKCS#12 private key and certificate.
WARNING: "private-key" is not a "secret"
property, and thus unencrypted private key
data using the BLOB scheme may be readable
by unprivileged users. Private keys
should always be encrypted with a private
key password to prevent unauthorized
access to unencrypted private key data.
private-key-password string The password used to decrypt the private
key specified in the "private-key"
property when the private key either uses
the path scheme, or if the private key is
a PKCS#12 format key.
private-key-password-flags NMSettingSecretFlags Flags indicating how to handle the
(uint32) "private-key-password" property. (see the
section called "Secret flag types:" for
flag values)
subject-match string Substring to be matched against the
subject of the certificate presented by
the authentication server. When unset, no
verification of the authentication server
certificate's subject is performed. This
property provides little security, if any,
and its use is deprecated in favor of
NMSetting8021x:domain-suffix-match.
system-ca-certs boolean FALSE When TRUE, overrides the "ca-path" and
"phase2-ca-path" properties using the
system CA directory specified at configure
time with the --system-ca-path switch.
The certificates in this directory are
added to the verification chain in
addition to any certificates specified by
the "ca-cert" and "phase2-ca-cert"
properties. If the path provided with
--system-ca-path is rather a file name
(bundle of trusted CA certificates), it
overrides "ca-cert" and "phase2-ca-cert"
properties instead (sets ca_cert/ca_cert2
options for wpa_supplicant).
Table 2. adsl setting
Key Name Value Type Default Value Value
Description
encapsulation string Encapsulation of
ADSL connection.
Can be "vcmux"
or "llc".
name string adsl The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
password string Password used to
authenticate
with the ADSL
service.
password-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle
the "password"
property. (see
the section
called "Secret
flag types:" for
flag values)
protocol string ADSL connection
protocol. Can
be "pppoa",
"pppoe" or
"ipoatm".
username string Username used to
authenticate
with the ADSL
service.
vci uint32 0 VCI of ADSL
connection
vpi uint32 0 VPI of ADSL
connection
Table 3. bluetooth setting
Key Name Value Type Default Value Value
Description
bdaddr byte array The Bluetooth
address of the
device.
name string bluetooth The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
type string Either "dun" for
Dial-Up
Networking
connections or
"panu" for
Personal Area
Networking
connections to
devices
supporting the
NAP profile.
Table 4. bond setting
Key Name Value Type Default Value Value
Description
interface-name string Deprecated in
favor of
connection.interface-name,
but can be used
for
backward-compatibility
with older
daemons, to set
the bond's
interface name.
name string bond The setting's name, which
uniquely identifies the
setting within the
connection. Each setting
type has a name unique to
that type, for example
"ppp" or "wireless" or
"wired".
options dict of string {'mode': Dictionary of key/value
to string 'balance-rr'} pairs of bonding options.
Both keys and values must
be strings. Option names
must contain only
alphanumeric characters
(ie, [a-zA-Z0-9]).
Table 5. bridge setting
Key Name Value Type Default Value Value
Description
ageing-time uint32 300 The Ethernet MAC
address aging
time, in
seconds.
forward-delay uint32 15 The Spanning
Tree Protocol
(STP) forwarding
delay, in
seconds.
hello-time uint32 2 The Spanning
Tree Protocol
(STP) hello
time, in
seconds.
interface-name string Deprecated in
favor of
connection.interface-name,
but can be used
for
backward-compatibility
with older
daemons, to set
the bridge's
interface name.
mac-address byte array If specified, the MAC
address of bridge. When
creating a new bridge,
this MAC address will be
set. When matching an
existing (outside
NetworkManager created)
bridge, this MAC address
must match.
max-age uint32 20 The Spanning Tree Protocol
(STP) maximum message age,
in seconds.
multicast-snooping boolean TRUE Controls whether IGMP
snooping is enabled for
this bridge. Note that if
snooping was automatically
disabled due to hash
collisions, the system may
refuse to enable the
feature until the
collisions are resolved.
name string bridge The setting's name, which
uniquely identifies the
setting within the
connection. Each setting
type has a name unique to
that type, for example
"ppp" or "wireless" or
"wired".
priority uint32 32768 Sets the Spanning Tree
Protocol (STP) priority
for this bridge. Lower
values are "better"; the
lowest priority bridge
will be elected the root
bridge.
stp boolean TRUE Controls whether Spanning
Tree Protocol (STP) is
enabled for this bridge.
Table 6. bridge-port setting
Key Name Value Type Default Value Value
Description
hairpin-mode boolean FALSE Enables or
disabled
"hairpin mode"
for the port,
which allows
frames to be
sent back out
through the port
the frame was
received on.
name string bridge-port The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
path-cost uint32 100 The Spanning
Tree Protocol
(STP) port cost
for destinations
via this port.
priority uint32 32 The Spanning
Tree Protocol
(STP) priority
of this bridge
port.
Table 7. cdma setting
Key Name Value Type Default Value Value
Description
name string cdma The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
number string The number to
dial to
establish the
connection to
the CDMA-based
mobile broadband
network, if any.
If not
specified, the
default number
(#777) is used
when required.
password string The password
used to
authenticate
with the
network, if
required. Many
providers do not
require a
password, or
accept any
password. But
if a password is
required, it is
specified here.
password-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle
the "password"
property. (see
the section
called "Secret
flag types:" for
flag values)
username string The username
used to
authenticate
with the
network, if
required. Many
providers do not
require a
username, or
accept any
username. But
if a username is
required, it is
specified here.
Table 8. connection setting
Key Name Value Type Default Value Value
Description
autoconnect boolean TRUE Whether or not
the connection
should be
automatically
connected by
NetworkManager
when the
resources for
the connection
are available.
TRUE to
automatically
activate the
connection,
FALSE to require
manual
intervention to
activate the
connection.
autoconnect-priority int32 0 The autoconnect
priority. If the
connection is
set to
autoconnect,
connections with
higher priority
will be
preferred.
Defaults to 0.
The higher
number means
higher priority.
autoconnect-slaves NMSettingConnectionAutoconnectSlaves Whether or not
(int32) slaves of this
connection
should be
automatically
brought up when
NetworkManager
activates this
connection. This
only has a real
effect for
master
connections. The
permitted values
are: 0: leave
slave
connections
untouched, 1:
activate all the
slave
connections with
this connection,
-1: default. If
-1 (default) is
set, global
connection.autoconnect-slaves
is read to
determine the
real value. If
it is default as
well, this
fallbacks to 0.
gateway-ping-timeout uint32 0 If greater than zero, delay
success of IP addressing
until either the timeout is
reached, or an IP gateway
replies to a ping.
id string A human readable unique
identifier for the
connection, like "Work Wi-Fi"
or "T-Mobile 3G".
interface-name string The name of the network
interface this connection is
bound to. If not set, then
the connection can be
attached to any interface of
the appropriate type (subject
to restrictions imposed by
other settings). For software
devices this specifies the
name of the created device.
For connection types where
interface names cannot easily
be made persistent (e.g.
mobile broadband or USB
Ethernet), this property
should not be used. Setting
this property restricts the
interfaces a connection can
be used with, and if
interface names change or are
reordered the connection may
be applied to the wrong
interface.
lldp int32 -1 Whether LLDP is enabled for
the connection.
master string Interface name of the master
device or UUID of the master
connection.
metered NMMetered (int32) Whether the connection is
metered. When updating this
property on a currently
activated connection, the
change takes effect
immediately.
name string connection The setting's name, which
uniquely identifies the
setting within the
connection. Each setting
type has a name unique to
that type, for example "ppp"
or "wireless" or "wired".
permissions array of string [] An array of strings defining
what access a given user has
to this connection. If this
is NULL or empty, all users
are allowed to access this
connection. Otherwise a user
is allowed to access this
connection if and only if
they are in this list. Each
entry is of the form
"[type]:[id]:[reserved]"; for
example, "user:dcbw:blah". At
this time only the "user"
[type] is allowed. Any other
values are ignored and
reserved for future use.
[id] is the username that
this permission refers to,
which may not contain the ":"
character. Any [reserved]
information present must be
ignored and is reserved for
future use. All of [type],
[id], and [reserved] must be
valid UTF-8.
read-only boolean FALSE FALSE if the connection can
be modified using the
provided settings service's
D-Bus interface with the
right privileges, or TRUE if
the connection is read-only
and cannot be modified.
secondaries array of string [] List of connection UUIDs that
should be activated when the
base connection itself is
activated. Currently only VPN
connections are supported.
slave-type string Setting name of the device
type of this slave's master
connection (eg, "bond"), or
NULL if this connection is
not a slave.
stable-id string This token to generate stable
IDs for the connection. If
unset, the UUID will be used
instead. The stable-id is
used instead of the
connection UUID for
generating IPv6 stable
private addresses with
ipv6.addr-gen-mode=stable-privacy.
It is also used to seed the
generated cloned MAC address
for
ethernet.cloned-mac-address=stable
and
wifi.cloned-mac-address=stable.
timestamp uint64 0 The time, in seconds since the
Unix Epoch, that the connection
was last _successfully_ fully
activated. NetworkManager updates
the connection timestamp
periodically when the connection
is active to ensure that an active
connection has the latest
timestamp. The property is only
meant for reading (changes to this
property will not be preserved).
type string Base type of the connection. For
hardware-dependent connections,
should contain the setting name of
the hardware-type specific setting
(ie, "802-3-ethernet" or
"802-11-wireless" or "bluetooth",
etc), and for non-hardware
dependent connections like VPN or
otherwise, should contain the
setting name of that setting type
(ie, "vpn" or "bridge", etc).
uuid string A universally unique identifier
for the connection, for example
generated with libuuid. It should
be assigned when the connection is
created, and never changed as long
as the connection still applies to
the same network. For example, it
should not be changed when the
"id" property or
NMSettingIP4Config changes, but
might need to be re-created when
the Wi-Fi SSID, mobile broadband
network provider, or "type"
property changes. The UUID must be
in the format
"2815492f-7e56-435e-b2e9-246bd7cdc664"
(ie, contains only hexadecimal
characters and "-").
zone string The trust level of a the connection.
Free form case-insensitive string (for
example "Home", "Work", "Public").
NULL or unspecified zone means the
connection will be placed in the
default zone as defined by the
firewall. When updating this property
on a currently activated connection,
the change takes effect immediately.
Table 9. dcb setting
Key Name Value Type Default Value Value
Description
app-fcoe-flags NMSettingDcbFlags Specifies the
(uint32) NMSettingDcbFlags
for the DCB FCoE
application.
Flags may be any
combination of
NM_SETTING_DCB_FLAG_ENABLE
(0x1),
NM_SETTING_DCB_FLAG_ADVERTISE
(0x2), and
NM_SETTING_DCB_FLAG_WILLING
(0x4).
app-fcoe-mode string "fabric" The FCoE controller mode;
either "fabric" (default) or
"vn2vn".
app-fcoe-priority int32 -1 The highest User Priority (0
- 7) which FCoE frames should
use, or -1 for default
priority. Only used when the
"app-fcoe-flags" property
includes the
NM_SETTING_DCB_FLAG_ENABLE
(0x1) flag.
app-fip-flags NMSettingDcbFlags Specifies the
(uint32) NMSettingDcbFlags for the DCB
FIP application. Flags may
be any combination of
NM_SETTING_DCB_FLAG_ENABLE
(0x1),
NM_SETTING_DCB_FLAG_ADVERTISE
(0x2), and
NM_SETTING_DCB_FLAG_WILLING
(0x4).
app-fip-priority int32 -1 The highest User Priority (0
- 7) which FIP frames should
use, or -1 for default
priority. Only used when the
"app-fip-flags" property
includes the
NM_SETTING_DCB_FLAG_ENABLE
(0x1) flag.
app-iscsi-flags NMSettingDcbFlags Specifies the
(uint32) NMSettingDcbFlags for the DCB
iSCSI application. Flags may
be any combination of
NM_SETTING_DCB_FLAG_ENABLE
(0x1),
NM_SETTING_DCB_FLAG_ADVERTISE
(0x2), and
NM_SETTING_DCB_FLAG_WILLING
(0x4).
app-iscsi-priority int32 -1 The highest User Priority (0
- 7) which iSCSI frames
should use, or -1 for default
priority. Only used when the
"app-iscsi-flags" property
includes the
NM_SETTING_DCB_FLAG_ENABLE
(0x1) flag.
name string dcb The setting's name, which
uniquely identifies the
setting within the
connection. Each setting
type has a name unique to
that type, for example "ppp"
or "wireless" or "wired".
priority-bandwidth array of uint32 [0, 0, 0, 0, 0, An array of 8 uint values,
0, 0, 0] where the array index
corresponds to the User
Priority (0 - 7) and the
value indicates the
percentage of bandwidth of
the priority's assigned group
that the priority may use.
The sum of all percentages
for priorities which belong
to the same group must total
100 percent.
priority-flow-control array of uint32 [0, 0, 0, 0, 0, An array of 8 boolean values,
0, 0, 0] where the array index
corresponds to the User
Priority (0 - 7) and the
value indicates whether or
not the corresponding
priority should transmit
priority pause.
priority-flow-control-flags NMSettingDcbFlags Specifies the
(uint32) NMSettingDcbFlags for DCB
Priority Flow Control (PFC).
Flags may be any combination
of NM_SETTING_DCB_FLAG_ENABLE
(0x1),
NM_SETTING_DCB_FLAG_ADVERTISE
(0x2), and
NM_SETTING_DCB_FLAG_WILLING
(0x4).
priority-group-bandwidth array of uint32 [0, 0, 0, 0, 0, An array of 8 uint values,
0, 0, 0] where the array index
corresponds to the Priority
Group ID (0 - 7) and the
value indicates the
percentage of link bandwidth
allocated to that group.
Allowed values are 0 - 100,
and the sum of all values
must total 100 percent.
priority-group-flags NMSettingDcbFlags Specifies the
(uint32) NMSettingDcbFlags for DCB
Priority Groups. Flags may
be any combination of
NM_SETTING_DCB_FLAG_ENABLE
(0x1),
NM_SETTING_DCB_FLAG_ADVERTISE
(0x2), and
NM_SETTING_DCB_FLAG_WILLING
(0x4).
priority-group-id array of uint32 [0, 0, 0, 0, 0, An array of 8 uint values,
0, 0, 0] where the array index
corresponds to the User
Priority (0 - 7) and the
value indicates the Priority
Group ID. Allowed Priority
Group ID values are 0 - 7 or
15 for the unrestricted
group.
priority-strict-bandwidth array of uint32 [0, 0, 0, 0, 0, An array of 8 boolean values,
0, 0, 0] where the array index
corresponds to the User
Priority (0 - 7) and the
value indicates whether or
not the priority may use all
of the bandwidth allocated to
its assigned group.
priority-traffic-class array of uint32 [0, 0, 0, 0, 0, An array of 8 uint values,
0, 0, 0] where the array index
corresponds to the User
Priority (0 - 7) and the
value indicates the traffic
class (0 - 7) to which the
priority is mapped.
Table 10. generic setting
Key Name Value Type Default Value Value
Description
name string generic The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
Table 11. gsm setting
Key Name Value Type Default Value Value
Description
apn string The GPRS Access
Point Name
specifying the
APN used when
establishing a
data session
with the
GSM-based
network. The
APN often
determines how
the user will be
billed for their
network usage
and whether the
user has access
to the Internet
or just a
provider-specific
walled-garden,
so it is
important to use
the correct APN
for the user's
mobile broadband
plan. The APN
may only be
composed of the
characters a-z,
0-9, ., and -
per GSM 03.60
Section 14.9.
device-id string The device unique
identifier (as
given by the WWAN
management
service) which
this connection
applies to. If
given, the
connection will
only apply to the
specified device.
home-only boolean FALSE When TRUE, only
connections to
the home network
will be allowed.
Connections to
roaming networks
will not be made.
name string gsm The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting type
has a name unique
to that type, for
example "ppp" or
"wireless" or
"wired".
network-id string The Network ID
(GSM LAI format,
ie MCC-MNC) to
force specific
network
registration. If
the Network ID is
specified,
NetworkManager
will attempt to
force the device
to register only
on the specified
network. This can
be used to ensure
that the device
does not roam
when direct
roaming control
of the device is
not otherwise
possible.
number string Number to dial
when establishing
a PPP data
session with the
GSM-based mobile
broadband
network. Many
modems do not
require PPP for
connections to
the mobile
network and thus
this property
should be left
blank, which
allows
NetworkManager to
select the
appropriate
settings
automatically.
password string The password used
to authenticate
with the network,
if required.
Many providers do
not require a
password, or
accept any
password. But if
a password is
required, it is
specified here.
password-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle the
"password"
property. (see
the section
called "Secret
flag types:" for
flag values)
pin string If the SIM is
locked with a PIN
it must be
unlocked before
any other
operations are
requested.
Specify the PIN
here to allow
operation of the
device.
pin-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle the
"pin" property.
(see the section
called "Secret
flag types:" for
flag values)
sim-id string The SIM card
unique identifier
(as given by the
WWAN management
service) which
this connection
applies to. If
given, the
connection will
apply to any
device also
allowed by
"device-id" which
contains a SIM
card matching the
given identifier.
sim-operator-id string A MCC/MNC string
like "310260" or
"21601"
identifying the
specific mobile
network operator
which this
connection
applies to. If
given, the
connection will
apply to any
device also
allowed by
"device-id" and
"sim-id" which
contains a SIM
card provisioined
by the given
operator.
username string The username used
to authenticate
with the network,
if required.
Many providers do
not require a
username, or
accept any
username. But if
a username is
required, it is
specified here.
Table 12. infiniband setting
Key Name Value Type Default Value Value
Description
mac-address byte array If specified,
this connection
will only apply
to the IPoIB
device whose
permanent MAC
address matches.
This property
does not change
the MAC address
of the device
(i.e. MAC
spoofing).
mtu uint32 0 If non-zero,
only transmit
packets of the
specified size
or smaller,
breaking larger
packets up into
multiple frames.
name string infiniband The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
p-key int32 -1 The InfiniBand
P_Key to use for
this device. A
value of -1
means to use the
default P_Key
(aka "the P_Key
at index 0").
Otherwise it is
a 16-bit
unsigned
integer, whose
high bit is set
if it is a "full
membership"
P_Key.
parent string The interface
name of the
parent device of
this device.
Normally NULL,
but if the
"p_key" property
is set, then you
must specify the
base device by
setting either
this property or
"mac-address".
transport-mode string The
IP-over-InfiniBand
transport mode.
Either
"datagram" or
"connected".
Table 13. ipv4 setting
Key Name Value Type Default Value Value
Description
address-data array of vardict Array of IPv4
addresses. Each
address
dictionary
contains at
least 'address'
and 'prefix'
entries,
containing the
IP address as a
string, and the
prefix length as
a uint32.
Additional
attributes may
also exist on
some addresses.
addresses array of array [] Deprecated in
of uint32 favor of the
'address-data'
and 'gateway'
properties, but
this can be used
for
backward-compatibility
with older
daemons. Note
that if you send
this property
the daemon will
ignore
'address-data'
and 'gateway'.
Array of IPv4
address
structures.
Each IPv4
address
structure is
composed of 3
32-bit values;
the first being
the IPv4 address
(network byte
order), the
second the
prefix (1 - 32),
and last the
IPv4 gateway
(network byte
order). The
gateway may be
left as 0 if no
gateway exists
for that subnet.
dad-timeout int32 -1 Timeout in
milliseconds used to
check for the presence
of duplicate IP
addresses on the
network. If an
address conflict is
detected, the
activation will fail.
A zero value means
that no duplicate
address detection is
performed, -1 means
the default value
(either configuration
ipvx.dad-timeout
override or 3
seconds). A value
greater than zero is a
timeout in
milliseconds.
dhcp-client-id string A string sent to the
DHCP server to
identify the local
machine which the DHCP
server may use to
customize the DHCP
lease and options.
dhcp-fqdn string If the
"dhcp-send-hostname"
property is TRUE, then
the specified FQDN
will be sent to the
DHCP server when
acquiring a lease.
This property and
"dhcp-hostname" are
mutually exclusive and
cannot be set at the
same time.
dhcp-hostname string If the
"dhcp-send-hostname"
property is TRUE, then
the specified name
will be sent to the
DHCP server when
acquiring a lease.
This property and
"dhcp-fqdn" are
mutually exclusive and
cannot be set at the
same time.
dhcp-send-hostname boolean TRUE If TRUE, a hostname is
sent to the DHCP
server when acquiring
a lease. Some DHCP
servers use this
hostname to update DNS
databases, essentially
providing a static
hostname for the
computer. If the
"dhcp-hostname"
property is NULL and
this property is TRUE,
the current persistent
hostname of the
computer is sent.
dhcp-timeout int32 0 A timeout for a DHCP
transaction in
seconds.
dns array of uint32 [] Array of IP addresses
of DNS servers (as
network-byte-order
integers)
dns-options array of string [] Array of DNS options.
NULL means that the
options are unset and
left at the default.
In this case
NetworkManager will
use default options.
This is distinct from
an empty list of
properties.
dns-priority int32 0 DNS priority. The
relative priority to
be used when
determining the order
of DNS servers in
resolv.conf. A lower
value means that
servers will be on top
of the file. Zero
selects the default
value, which is 50 for
VPNs and 100 for other
connections. When
multiple devices have
configurations with
the same priority, the
one with an active
default route will be
preferred. Note that
when using dns=dnsmasq
the order is
meaningless since
dnsmasq forwards
queries to all known
servers at the same
time. Negative values
have the special
effect of excluding
other configurations
with a greater
priority value; so in
presence of at least a
negative priority,
only DNS servers from
configurations with
the lowest priority
value will be used.
dns-search array of string [] Array of DNS search
domains.
gateway string The gateway associated
with this
configuration. This is
only meaningful if
"addresses" is also
set.
ignore-auto-dns boolean FALSE When "method" is set
to "auto" and this
property to TRUE,
automatically
configured nameservers
and search domains are
ignored and only
nameservers and search
domains specified in
the "dns" and
"dns-search"
properties, if any,
are used.
ignore-auto-routes boolean FALSE When "method" is set
to "auto" and this
property to TRUE,
automatically
configured routes are
ignored and only
routes specified in
the "routes" property,
if any, are used.
may-fail boolean TRUE If TRUE, allow overall
network configuration
to proceed even if the
configuration
specified by this
property times out.
Note that at least one
IP configuration must
succeed or overall
network configuration
will still fail. For
example, in IPv6-only
networks, setting this
property to TRUE on
the NMSettingIP4Config
allows the overall
network configuration
to succeed if IPv4
configuration fails
but IPv6 configuration
completes
successfully.
method string IP configuration
method.
NMSettingIP4Config and
NMSettingIP6Config
both support "auto",
"manual", and
"link-local". See the
subclass-specific
documentation for
other values. In
general, for the
"auto" method,
properties such as
"dns" and "routes"
specify information
that is added on to
the information
returned from
automatic
configuration. The
"ignore-auto-routes"
and "ignore-auto-dns"
properties modify this
behavior. For methods
that imply no upstream
network, such as
"shared" or
"link-local", these
properties must be
empty. For IPv4 method
"shared", the IP
subnet can be
configured by adding
one manual IPv4
address or otherwise
10.42.x.0/24 is
chosen.
name string ipv4 The setting's name,
which uniquely
identifies the setting
within the connection.
Each setting type has
a name unique to that
type, for example
"ppp" or "wireless" or
"wired".
never-default boolean FALSE If TRUE, this
connection will never
be the default
connection for this IP
type, meaning it will
never be assigned the
default route by
NetworkManager.
route-data array of vardict Array of IPv4 routes.
Each route dictionary
contains at least
'dest' and 'prefix'
entries, containing
the destination IP
address as a string,
and the prefix length
as a uint32. Most
routes will also have
a 'gateway' entry,
containing the gateway
IP address as a
string. If the route
has a 'metric' entry
(containing a uint32),
that will be used as
the metric for the
route (otherwise NM
will pick a default
value appropriate to
the device).
Additional attributes
may also exist on some
routes.
route-metric int64 -1 The default metric for
routes that don't
explicitly specify a
metric. The default
value -1 means that
the metric is choosen
automatically based on
the device type. The
metric applies to
dynamic routes, manual
(static) routes that
don't have an explicit
metric setting,
address prefix routes,
and the default route.
Note that for IPv6,
the kernel accepts
zero (0) but coerces
it to 1024 (user
default). Hence,
setting this property
to zero effectively
mean setting it to
1024. For IPv4, zero
is a regular value for
the metric.
routes array of array [] Deprecated in favor of
of uint32 the 'route-data'
property, but this can
be used for
backward-compatibility
with older daemons.
Note that if you send
this property the
daemon will ignore
'route-data'. Array
of IPv4 route
structures. Each IPv4
route structure is
composed of 4 32-bit
values; the first
being the destination
IPv4 network or
address (network byte
order), the second the
destination network or
address prefix (1 -
32), the third being
the next-hop (network
byte order) if any,
and the fourth being
the route metric. If
the metric is 0, NM
will choose an
appropriate default
metric for the device.
(There is no way to
explicitly specify an
actual metric of 0
with this property.)
Table 14. ipv6 setting
Key Name Value Type Default Value Value
Description
addr-gen-mode int32 1 Configure method
for creating the
address for use
with RFC4862
IPv6 Stateless
Address
Autoconfiguration.
The permitted
values are:
"eui64", or
"stable-privacy".
If the property
is set to
"eui64", the
addresses will
be generated
using the
interface tokens
derived from
hardware
address. This
makes the host
part of the
address to stay
constant, making
it possible to
track host's
presence when it
changes
networks. The
address changes
when the
interface
hardware is
replaced. The
value of
"stable-privacy"
enables use of
cryptographically
secure hash of a
secret
host-specific
key along with
the connection
identification
and the network
address as
specified by
RFC7217. This
makes it
impossible to
use the address
track host's
presence, and
makes the
address stable
when the network
interface
hardware is
replaced. On
D-Bus, the
absence of an
addr-gen-mode
setting equals
enabling
"stable-privacy".
For keyfile
plugin, the
absence of the
setting on disk
means "eui64" so
that the
property doesn't
change on
upgrade from
older versions.
Note that this
setting is
distinct from
the Privacy
Extensions as
configured by
"ip6-privacy"
property and it
does not affect
the temporary
addresses
configured with
this option.
address-data array of vardict Array of IPv6
addresses. Each
address dictionary
contains at least
'address' and
'prefix' entries,
containing the IP
address as a
string, and the
prefix length as a
uint32. Additional
attributes may
also exist on some
addresses.
addresses array of legacy [] Deprecated in
IPv6 address favor of the
struct 'address-data' and
(a(ayuay)) 'gateway'
properties, but
this can be used
for
backward-compatibility
with older
daemons. Note that
if you send this
property the
daemon will ignore
'address-data' and
'gateway'. Array
of IPv6 address
structures. Each
IPv6 address
structure is
composed of an
IPv6 address, a
prefix length (1 -
128), and an IPv6
gateway address.
The gateway may be
zeroed out if no
gateway exists for
that subnet.
dad-timeout int32 -1 Timeout in
milliseconds used to
check for the presence
of duplicate IP
addresses on the
network. If an
address conflict is
detected, the
activation will fail.
A zero value means
that no duplicate
address detection is
performed, -1 means
the default value
(either configuration
ipvx.dad-timeout
override or 3
seconds). A value
greater than zero is a
timeout in
milliseconds.
dhcp-hostname string If the
"dhcp-send-hostname"
property is TRUE, then
the specified name
will be sent to the
DHCP server when
acquiring a lease.
This property and
"dhcp-fqdn" are
mutually exclusive and
cannot be set at the
same time.
dhcp-send-hostname boolean TRUE If TRUE, a hostname is
sent to the DHCP
server when acquiring
a lease. Some DHCP
servers use this
hostname to update DNS
databases, essentially
providing a static
hostname for the
computer. If the
"dhcp-hostname"
property is NULL and
this property is TRUE,
the current persistent
hostname of the
computer is sent.
dhcp-timeout int32 0 A timeout for a DHCP
transaction in
seconds.
dns array of byte [] Array of IP addresses
array of DNS servers (in
network byte order)
dns-options array of string [] Array of DNS options.
NULL means that the
options are unset and
left at the default.
In this case
NetworkManager will
use default options.
This is distinct from
an empty list of
properties.
dns-priority int32 0 DNS priority. The
relative priority to
be used when
determining the order
of DNS servers in
resolv.conf. A lower
value means that
servers will be on top
of the file. Zero
selects the default
value, which is 50 for
VPNs and 100 for other
connections. When
multiple devices have
configurations with
the same priority, the
one with an active
default route will be
preferred. Note that
when using dns=dnsmasq
the order is
meaningless since
dnsmasq forwards
queries to all known
servers at the same
time. Negative values
have the special
effect of excluding
other configurations
with a greater
priority value; so in
presence of at least a
negative priority,
only DNS servers from
configurations with
the lowest priority
value will be used.
dns-search array of string [] Array of DNS search
domains.
gateway string The gateway associated
with this
configuration. This is
only meaningful if
"addresses" is also
set.
ignore-auto-dns boolean FALSE When "method" is set
to "auto" and this
property to TRUE,
automatically
configured nameservers
and search domains are
ignored and only
nameservers and search
domains specified in
the "dns" and
"dns-search"
properties, if any,
are used.
ignore-auto-routes boolean FALSE When "method" is set
to "auto" and this
property to TRUE,
automatically
configured routes are
ignored and only
routes specified in
the "routes" property,
if any, are used.
ip6-privacy NMSettingIP6ConfigPrivacy Configure IPv6 Privacy
(int32) Extensions for SLAAC,
described in RFC4941.
If enabled, it makes
the kernel generate a
temporary IPv6 address
in addition to the
public one generated
from MAC address via
modified EUI-64. This
enhances privacy, but
could cause problems
in some applications,
on the other hand.
The permitted values
are: -1: unknown, 0:
disabled, 1: enabled
(prefer public
address), 2: enabled
(prefer temporary
addresses). Having a
per-connection setting
set to "-1" (unknown)
means fallback to
global configuration
"ipv6.ip6-privacy". If
also global
configuration is
unspecified or set to
"-1", fallback to read
"/proc/sys/net/ipv6/conf/default/use_tempaddr".
Note that this setting
is distinct from the
Stable Privacy
addresses that can be
enabled with the
"addr-gen-mode"
property's
"stable-privacy"
setting as another way
of avoiding host
tracking with IPv6
addresses.
may-fail boolean TRUE If TRUE, allow overall network configuration to
proceed even if the configuration specified by
this property times out. Note that at least
one IP configuration must succeed or overall
network configuration will still fail. For
example, in IPv6-only networks, setting this
property to TRUE on the NMSettingIP4Config
allows the overall network configuration to
succeed if IPv4 configuration fails but IPv6
configuration completes successfully.
method string IP configuration method. NMSettingIP4Config and
NMSettingIP6Config both support "auto",
"manual", and "link-local". See the
subclass-specific documentation for other
values. In general, for the "auto" method,
properties such as "dns" and "routes" specify
information that is added on to the information
returned from automatic configuration. The
"ignore-auto-routes" and "ignore-auto-dns"
properties modify this behavior. For methods
that imply no upstream network, such as
"shared" or "link-local", these properties must
be empty. For IPv4 method "shared", the IP
subnet can be configured by adding one manual
IPv4 address or otherwise 10.42.x.0/24 is
chosen.
name string ipv6 The setting's name, which uniquely identifies
the setting within the connection. Each
setting type has a name unique to that type,
for example "ppp" or "wireless" or "wired".
never-default boolean FALSE If TRUE, this connection will never be the
default connection for this IP type, meaning it
will never be assigned the default route by
NetworkManager.
route-data array of vardict Array of IPv6 routes. Each route dictionary
contains at least 'dest' and 'prefix' entries,
containing the destination IP address as a
string, and the prefix length as a uint32. Most
routes will also have a 'next-hop' entry,
containing the next hop IP address as a string.
If the route has a 'metric' entry (containing a
uint32), that will be used as the metric for
the route (otherwise NM will pick a default
value appropriate to the device). Additional
attributes may also exist on some routes.
route-metric int64 -1 The default metric for routes that don't
explicitly specify a metric. The default value
-1 means that the metric is choosen
automatically based on the device type. The
metric applies to dynamic routes, manual
(static) routes that don't have an explicit
metric setting, address prefix routes, and the
default route. Note that for IPv6, the kernel
accepts zero (0) but coerces it to 1024 (user
default). Hence, setting this property to zero
effectively mean setting it to 1024. For IPv4,
zero is a regular value for the metric.
routes array of legacy IPv6 [] Deprecated in favor of the 'route-data'
route struct (a(ayuayu)) property, but this can be used for
backward-compatibility with older daemons. Note
that if you send this property the daemon will
ignore 'route-data'. Array of IPv6 route
structures. Each IPv6 route structure is
composed of an IPv6 address, a prefix length (1
- 128), an IPv6 next hop address (which may be
zeroed out if there is no next hop), and a
metric. If the metric is 0, NM will choose an
appropriate default metric for the device.
token string Configure the token for
draft-chown-6man-tokenised-ipv6-identifiers-02
IPv6 tokenized interface identifiers. Useful
with eui64 addr-gen-mode.
Table 15. ip-tunnel setting
Key Name Value Type Default Value Value
Description
encapsulation-limit uint32 0 How many
additional
levels of
encapsulation
are permitted to
be prepended to
packets. This
property applies
only to IPv6
tunnels.
flow-label uint32 0 The flow label
to assign to
tunnel packets.
This property
applies only to
IPv6 tunnels.
input-key string The key used for
tunnel input
packets; the
property is
valid only for
certain tunnel
modes (GRE,
IP6GRE). If
empty, no key is
used.
local string The local
endpoint of the
tunnel; the
value can be
empty, otherwise
it must contain
an IPv4 or IPv6
address.
mode uint32 0 The tunneling
mode, for
example
NM_IP_TUNNEL_MODE_IPIP
(1) or
NM_IP_TUNNEL_MODE_GRE
(2).
mtu uint32 0 None
name string ip-tunnel The setting's name,
which uniquely
identifies the setting
within the connection.
Each setting type has
a name unique to that
type, for example
"ppp" or "wireless" or
"wired".
output-key string The key used for
tunnel output packets;
the property is valid
only for certain
tunnel modes (GRE,
IP6GRE). If empty, no
key is used.
parent string If given, specifies
the parent interface
name or parent
connection UUID the
new device will be
bound to so that
tunneled packets will
only be routed via
that interface.
path-mtu-discovery boolean TRUE Whether to enable Path
MTU Discovery on this
tunnel.
remote string The remote endpoint of
the tunnel; the value
must contain an IPv4
or IPv6 address.
tos uint32 0 The type of service
(IPv4) or traffic
class (IPv6) field to
be set on tunneled
packets.
ttl uint32 0 The TTL to assign to
tunneled packets. 0 is
a special value
meaning that packets
inherit the TTL value.
Table 16. macvlan setting
Key Name Value Type Default Value Value
Description
mode uint32 0 The macvlan
mode, which
specifies the
communication
mechanism
between multiple
macvlans on the
same lower
device.
name string macvlan The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
parent string If given,
specifies the
parent interface
name or parent
connection UUID
from which this
MAC-VLAN
interface should
be created. If
this property is
not specified,
the connection
must contain an
"802-3-ethernet"
setting with a
"mac-address"
property.
promiscuous boolean TRUE Whether the
interface should
be put in
promiscuous
mode.
tap boolean FALSE Whether the
interface should
be a MACVTAP.
Table 17. 802-11-olpc-mesh setting
Key Name Value Type Default Value Value
Description
channel uint32 0 Channel on which
the mesh network
to join is
located.
dhcp-anycast-address byte array Anycast DHCP MAC
address used
when requesting
an IP address
via DHCP. The
specific anycast
address used
determines which
DHCP server
class answers
the request.
name string 802-11-olpc-mesh The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
ssid byte array SSID of the mesh
network to join.
Table 18. ppp setting
Key Name Value Type Default Value Value
Description
baud uint32 0 If non-zero,
instruct pppd to
set the serial
port to the
specified
baudrate. This
value should
normally be left
as 0 to
automatically
choose the
speed.
crtscts boolean FALSE If TRUE, specify
that pppd should
set the serial
port to use
hardware flow
control with RTS
and CTS signals.
This value
should normally
be set to FALSE.
lcp-echo-failure uint32 0 If non-zero,
instruct pppd to
presume the
connection to
the peer has
failed if the
specified number
of LCP
echo-requests go
unanswered by
the peer. The
"lcp-echo-interval"
property must
also be set to a
non-zero value
if this property
is used.
lcp-echo-interval uint32 0 If non-zero,
instruct pppd to
send an LCP
echo-request frame
to the peer every n
seconds (where n is
the specified
value). Note that
some PPP peers will
respond to echo
requests and some
will not, and it is
not possible to
autodetect this.
mppe-stateful boolean FALSE If TRUE, stateful
MPPE is used. See
pppd documentation
for more
information on
stateful MPPE.
mru uint32 0 If non-zero,
instruct pppd to
request that the
peer send packets
no larger than the
specified size. If
non-zero, the MRU
should be between
128 and 16384.
mtu uint32 0 If non-zero,
instruct pppd to
send packets no
larger than the
specified size.
name string ppp The setting's name,
which uniquely
identifies the
setting within the
connection. Each
setting type has a
name unique to that
type, for example
"ppp" or "wireless"
or "wired".
no-vj-comp boolean FALSE If TRUE, Van
Jacobsen TCP header
compression will
not be requested.
noauth boolean TRUE If TRUE, do not
require the other
side (usually the
PPP server) to
authenticate itself
to the client. If
FALSE, require
authentication from
the remote side.
In almost all
cases, this should
be TRUE.
nobsdcomp boolean FALSE If TRUE, BSD
compression will
not be requested.
nodeflate boolean FALSE If TRUE, "deflate"
compression will
not be requested.
refuse-chap boolean FALSE If TRUE, the CHAP
authentication
method will not be
used.
refuse-eap boolean FALSE If TRUE, the EAP
authentication
method will not be
used.
refuse-mschap boolean FALSE If TRUE, the MSCHAP
authentication
method will not be
used.
refuse-mschapv2 boolean FALSE If TRUE, the
MSCHAPv2
authentication
method will not be
used.
refuse-pap boolean FALSE If TRUE, the PAP
authentication
method will not be
used.
require-mppe boolean FALSE If TRUE, MPPE
(Microsoft
Point-to-Point
Encrpytion) will be
required for the
PPP session. If
either 64-bit or
128-bit MPPE is not
available the
session will fail.
Note that MPPE is
not used on mobile
broadband
connections.
require-mppe-128 boolean FALSE If TRUE, 128-bit
MPPE (Microsoft
Point-to-Point
Encrpytion) will be
required for the
PPP session, and
the "require-mppe"
property must also
be set to TRUE. If
128-bit MPPE is not
available the
session will fail.
Table 19. pppoe setting
Key Name Value Type Default Value Value
Description
name string pppoe The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
password string Password used to
authenticate
with the PPPoE
service.
password-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle
the "password"
property. (see
the section
called "Secret
flag types:" for
flag values)
service string If specified,
instruct PPPoE
to only initiate
sessions with
access
concentrators
that provide the
specified
service. For
most providers,
this should be
left blank. It
is only required
if there are
multiple access
concentrators or
a specific
service is known
to be required.
username string Username used to
authenticate
with the PPPoE
service.
Table 20. serial setting
Key Name Value Type Default Value Value
Description
baud uint32 57600 Speed to use for
communication
over the serial
port. Note that
this value
usually has no
effect for
mobile broadband
modems as they
generally ignore
speed settings
and use the
highest
available speed.
bits uint32 8 Byte-width of
the serial
communication.
The 8 in "8n1"
for example.
name string serial The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
parity byte The connection
parity: 69
(ASCII 'E') for
even parity, 111
(ASCII 'o') for
odd, 110 (ASCII
'n') for none.
send-delay uint64 0 Time to delay
between each
byte sent to the
modem, in
microseconds.
stopbits uint32 1 Number of stop
bits for
communication on
the serial port.
Either 1 or 2.
The 1 in "8n1"
for example.
Table 21. team setting
Key Name Value Type Default Value Value
Description
config string The JSON
configuration
for the team
network
interface. The
property should
contain raw JSON
configuration
data suitable
for teamd,
because the
value is passed
directly to
teamd. If not
specified, the
default
configuration is
used. See man
teamd.conf for
the format
details.
interface-name string Deprecated in
favor of
connection.interface-name,
but can be used
for
backward-compatibility
with older
daemons, to set
the team's
interface name.
name string team The setting's name, which
uniquely identifies the
setting within the
connection. Each setting
type has a name unique to
that type, for example
"ppp" or "wireless" or
"wired".
Table 22. team-port setting
Key Name Value Type Default Value Value
Description
config string The JSON
configuration
for the team
port. The
property should
contain raw JSON
configuration
data suitable
for teamd,
because the
value is passed
directly to
teamd. If not
specified, the
default
configuration is
used. See man
teamd.conf for
the format
details.
name string team-port The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
Table 23. tun setting
Key Name Value Type Default Value Value
Description
group string The group ID
which will own
the device. If
set to NULL
everyone will be
able to use the
device.
mode uint32 1 The operating
mode of the
virtual device.
Allowed values
are
NM_SETTING_TUN_MODE_TUN
(1) to create a
layer 3 device
and
NM_SETTING_TUN_MODE_TAP
(2) to create an
Ethernet-like
layer 2 one.
multi-queue boolean FALSE If the property is set
to TRUE, the interface
will support multiple
file descriptors
(queues) to parallelize
packet sending or
receiving. Otherwise,
the interface will only
support a single queue.
name string tun The setting's name,
which uniquely
identifies the setting
within the connection.
Each setting type has a
name unique to that
type, for example "ppp"
or "wireless" or
"wired".
owner string The user ID which will
own the device. If set
to NULL everyone will
be able to use the
device.
pi boolean FALSE If TRUE the interface
will prepend a 4 byte
header describing the
physical interface to
the packets.
vnet-hdr boolean FALSE If TRUE the
IFF_VNET_HDR the tunnel
packets will include a
virtio network header.
Table 24. vlan setting
Key Name Value Type Default Value Value
Description
egress-priority-map array of string [] For outgoing
packets, a list
of mappings from
Linux SKB
priorities to
802.1p
priorities. The
mapping is given
in the format
"from:to" where
both "from" and
"to" are
unsigned
integers, ie
"7:3".
flags NMVlanFlags One or more
(uint32) flags which
control the
behavior and
features of the
VLAN interface.
Flags include
NM_VLAN_FLAG_REORDER_HEADERS
(0x1)
(reordering of
output packet
headers),
NM_VLAN_FLAG_GVRP
(0x2) (use of
the GVRP
protocol), and
NM_VLAN_FLAG_LOOSE_BINDING
(0x4) (loose
binding of the
interface to its
master device's
operating
state).
NM_VLAN_FLAG_MVRP
(0x8) (use of
the MVRP
protocol). The
default value of
this property is
NM_VLAN_FLAG_REORDER_HEADERS,
but it used to
be 0. To
preserve
backward
compatibility,
the
default-value in
the D-Bus API
continues to be
0 and a missing
property on
D-Bus is still
considered as 0.
id uint32 0 The VLAN identifier that the
interface created by this
connection should be
assigned. The valid range is
from 0 to 4094, without the
reserved id 4095.
ingress-priority-map array of string [] For incoming packets, a list
of mappings from 802.1p
priorities to Linux SKB
priorities. The mapping is
given in the format "from:to"
where both "from" and "to"
are unsigned integers, ie
"7:3".
interface-name string Deprecated in favor of
connection.interface-name,
but can be used for
backward-compatibility with
older daemons, to set the
vlan's interface name.
name string vlan The setting's name, which
uniquely identifies the
setting within the
connection. Each setting
type has a name unique to
that type, for example "ppp"
or "wireless" or "wired".
parent string If given, specifies the
parent interface name or
parent connection UUID from
which this VLAN interface
should be created. If this
property is not specified,
the connection must contain
an "802-3-ethernet" setting
with a "mac-address"
property.
Table 25. vpn setting
Key Name Value Type Default Value Value
Description
data dict of string {} Dictionary of
to string key/value pairs
of VPN plugin
specific data.
Both keys and
values must be
strings.
name string vpn The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
persistent boolean FALSE If the VPN
service supports
persistence, and
this property is
TRUE, the VPN
will attempt to
stay connected
across link
changes and
outages, until
explicitly
disconnected.
secrets dict of string {} Dictionary of
to string key/value pairs
of VPN plugin
specific secrets
like passwords
or private keys.
Both keys and
values must be
strings.
service-type string D-Bus service
name of the VPN
plugin that this
setting uses to
connect to its
network. i.e.
org.freedesktop.NetworkManager.vpnc
for the vpnc
plugin.
timeout uint32 0 Timeout for the VPN service to
establish the connection. Some
services may take quite a long time
to connect. Value of 0 means a
default timeout, which is 60
seconds (unless overriden by
vpn.timeout in configuration file).
Values greater than zero mean
timeout in seconds.
user-name string If the VPN connection requires a
user name for authentication, that
name should be provided here. If
the connection is available to more
than one user, and the VPN requires
each user to supply a different
name, then leave this property
empty. If this property is empty,
NetworkManager will automatically
supply the username of the user
which requested the VPN connection.
Table 26. vxlan setting
Key Name Value Type Default Value Value
Description
ageing uint32 300 Specifies the
lifetime in
seconds of FDB
entries learnt
by the kernel.
destination-port uint32 8472 Specifies the
UDP destination
port to
communicate to
the remote VXLAN
tunnel endpoint.
id uint32 0 Specifies the
VXLAN Network
Identifer (or
VXLAN Segment
Identifier) to
use.
l2-miss boolean FALSE Specifies
whether netlink
LL ADDR miss
notifications
are generated.
l3-miss boolean FALSE Specifies
whether netlink
IP ADDR miss
notifications
are generated.
learning boolean TRUE Specifies
whether unknown
source link
layer addresses
and IP addresses
are entered into
the VXLAN device
forwarding
database.
limit uint32 0 Specifies the
maximum number
of FDB entries.
A value of zero
means that the
kernel will
store unlimited
entries.
local string If given,
specifies the
source IP
address to use
in outgoing
packets.
name string vxlan The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
parent string If given,
specifies the
parent interface
name or parent
connection UUID.
proxy boolean FALSE Specifies
whether ARP
proxy is turned
on.
remote string Specifies the
unicast
destination IP
address to use
in outgoing
packets when the
destination link
layer address is
not known in the
VXLAN device
forwarding
database, or the
multicast IP
address to join.
rsc boolean FALSE Specifies
whether route
short circuit is
turned on.
source-port-max uint32 0 Specifies the
maximum UDP
source port to
communicate to
the remote VXLAN
tunnel endpoint.
source-port-min uint32 0 Specifies the
minimum UDP
source port to
communicate to
the remote VXLAN
tunnel endpoint.
tos uint32 0 Specifies the
TOS value to use
in outgoing
packets.
ttl uint32 0 Specifies the
time-to-live
value to use in
outgoing
packets.
Table 27. wimax setting
Key Name Value Type Default Value Value
Description
mac-address byte array If specified,
this connection
will only apply
to the WiMAX
device whose MAC
address matches.
This property
does not change
the MAC address
of the device
(known as MAC
spoofing).
Deprecated: 1
name string wimax The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting
type has a name
unique to that
type, for
example "ppp" or
"wireless" or
"wired".
network-name string Network Service
Provider (NSP)
name of the
WiMAX network
this connection
should use.
Deprecated: 1
Table 28. 802-3-ethernet setting
Key Name Value Type Default Value Value
Description
assigned-mac-address string The new field
for the cloned
MAC address. It
can be either a
hardware address
in ASCII
representation,
or one of the
special values
"preserve",
"permanent",
"random" or
"stable". This
field replaces
the deprecated
"cloned-mac-address"
on D-Bus, which
can only contain
explict hardware
addresses.
auto-negotiate boolean TRUE If TRUE, allow
auto-negotiation of
port speed and
duplex mode. If
FALSE, do not allow
auto-negotiation, in
which case the
"speed" and "duplex"
properties should be
set.
cloned-mac-address byte array This D-Bus field is
deprecated in favor
of
"assigned-mac-address"
which is more
flexible and allows
specifying special
variants like
"random".
duplex string If specified, request
that the device only
use the specified
duplex mode. Either
"half" or "full".
generate-mac-address-mask string With
"cloned-mac-address"
setting "random" or
"stable", by default
all bits of the MAC
address are scrambled
and a
locally-administered,
unicast MAC address is
created. This property
allows to specify that
certain bits are
fixed. Note that the
least significant bit
of the first MAC
address will always be
unset to create a
unicast MAC address.
If the property is
NULL, it is eligible
to be overwritten by a
default connection
setting. If the value
is still NULL or an
empty string, the
default is to create a
locally-administered,
unicast MAC address.
If the value contains
one MAC address, this
address is used as
mask. The set bits of
the mask are to be
filled with the
current MAC address of
the device, while the
unset bits are subject
to randomization.
Setting
"FE:FF:FF:00:00:00"
means to preserve the
OUI of the current MAC
address and only
randomize the lower 3
bytes using the
"random" or "stable"
algorithm. If the
value contains one
additional MAC address
after the mask, this
address is used
instead of the current
MAC address to fill
the bits that shall
not be randomized. For
example, a value of
"FE:FF:FF:00:00:00
68:F7:28:00:00:00"
will set the OUI of
the MAC address to
68:F7:28, while the
lower bits are
randomized. A value of
"02:00:00:00:00:00
00:00:00:00:00:00"
will create a fully
scrambled
globally-administered,
burned-in MAC address.
If the value contains
more then one
additional MAC
addresses, one of them
is chosen randomly.
For example,
"02:00:00:00:00:00
00:00:00:00:00:00
02:00:00:00:00:00"
will create a fully
scrambled MAC address,
randomly locally or
globally administered.
mac-address byte array If specified, this
connection will only
apply to the Ethernet
device whose permanent
MAC address matches.
This property does not
change the MAC address
of the device (i.e.
MAC spoofing).
mac-address-blacklist array of string [] If specified, this
connection will never
apply to the Ethernet
device whose permanent
MAC address matches an
address in the list.
Each MAC address is in
the standard
hex-digits-and-colons
notation
(00:11:22:33:44:55).
mtu uint32 0 If non-zero, only
transmit packets of
the specified size or
smaller, breaking
larger packets up into
multiple Ethernet
frames.
name string 802-3-ethernet The setting's name,
which uniquely
identifies the setting
within the connection.
Each setting type has
a name unique to that
type, for example
"ppp" or "wireless" or
"wired".
port string Specific port type to
use if multiple the
device supports
multiple attachment
methods. One of "tp"
(Twisted Pair), "aui"
(Attachment Unit
Interface), "bnc"
(Thin Ethernet) or
"mii" (Media
Independent Interface.
If the device supports
only one port type,
this setting is
ignored.
s390-nettype string s390 network device
type; one of "qeth",
"lcs", or "ctc",
representing the
different types of
virtual network
devices available on
s390 systems.
s390-options dict of string {} Dictionary of
to string key/value pairs of
s390-specific device
options. Both keys
and values must be
strings. Allowed keys
include "portno",
"layer2", "portname",
"protocol", among
others. Key names
must contain only
alphanumeric
characters (ie,
[a-zA-Z0-9]).
s390-subchannels array of string [] Identifies specific
subchannels that this
network device uses
for communication with
z/VM or s390 host.
Like the "mac-address"
property for non-z/VM
devices, this property
can be used to ensure
this connection only
applies to the network
device that uses these
subchannels. The list
should contain exactly
3 strings, and each
string may only be
composed of
hexadecimal characters
and the period (.)
character.
speed uint32 0 If non-zero, request
that the device use
only the specified
speed. In Mbit/s, ie
100 == 100Mbit/s.
wake-on-lan uint32 1 The
NMSettingWiredWakeOnLan
options to enable. Not
all devices support
all options. May be
any combination of
NM_SETTING_WIRED_WAKE_ON_LAN_PHY
(0x2),
NM_SETTING_WIRED_WAKE_ON_LAN_UNICAST
(0x4),
NM_SETTING_WIRED_WAKE_ON_LAN_MULTICAST
(0x8),
NM_SETTING_WIRED_WAKE_ON_LAN_BROADCAST
(0x10),
NM_SETTING_WIRED_WAKE_ON_LAN_ARP
(0x20),
NM_SETTING_WIRED_WAKE_ON_LAN_MAGIC
(0x40) or the special
values
NM_SETTING_WIRED_WAKE_ON_LAN_DEFAULT
(0x1) (to use global
settings) and
NM_SETTING_WIRED_WAKE_ON_LAN_IGNORE
(0x8000) (to disable
management of
Wake-on-LAN in
NetworkManager).
wake-on-lan-password string If specified, the password used with
magic-packet-based Wake-on-LAN,
represented as an Ethernet MAC
address. If NULL, no password will be
required.
Table 29. 802-11-wireless setting
Key Name Value Type Default Value Value
Description
assigned-mac-address string The new field
for the cloned
MAC address. It
can be either a
hardware address
in ASCII
representation,
or one of the
special values
"preserve",
"permanent",
"random" or
"stable". This
field replaces
the deprecated
"cloned-mac-address"
on D-Bus, which
can only contain
explict hardware
addresses.
band string 802.11 frequency
band of the network.
One of "a" for 5GHz
802.11a or "bg" for
2.4GHz 802.11. This
will lock
associations to the
Wi-Fi network to the
specific band, i.e.
if "a" is specified,
the device will not
associate with the
same network in the
2.4GHz band even if
the network's
settings are
compatible. This
setting depends on
specific driver
capability and may
not work with all
drivers.
bssid byte array If specified,
directs the device
to only associate
with the given
access point. This
capability is highly
driver dependent and
not supported by all
devices. Note: this
property does not
control the BSSID
used when creating
an Ad-Hoc network
and is unlikely to
in the future.
channel uint32 0 Wireless channel to
use for the Wi-Fi
connection. The
device will only
join (or create for
Ad-Hoc networks) a
Wi-Fi network on the
specified channel.
Because channel
numbers overlap
between bands, this
property also
requires the "band"
property to be set.
cloned-mac-address byte array This D-Bus field is
deprecated in favor
of
"assigned-mac-address"
which is more
flexible and allows
specifying special
variants like
"random".
generate-mac-address-mask string With
"cloned-mac-address"
setting "random" or
"stable", by default
all bits of the MAC
address are scrambled
and a
locally-administered,
unicast MAC address is
created. This property
allows to specify that
certain bits are
fixed. Note that the
least significant bit
of the first MAC
address will always be
unset to create a
unicast MAC address.
If the property is
NULL, it is eligible
to be overwritten by a
default connection
setting. If the value
is still NULL or an
empty string, the
default is to create a
locally-administered,
unicast MAC address.
If the value contains
one MAC address, this
address is used as
mask. The set bits of
the mask are to be
filled with the
current MAC address of
the device, while the
unset bits are subject
to randomization.
Setting
"FE:FF:FF:00:00:00"
means to preserve the
OUI of the current MAC
address and only
randomize the lower 3
bytes using the
"random" or "stable"
algorithm. If the
value contains one
additional MAC address
after the mask, this
address is used
instead of the current
MAC address to fill
the bits that shall
not be randomized. For
example, a value of
"FE:FF:FF:00:00:00
68:F7:28:00:00:00"
will set the OUI of
the MAC address to
68:F7:28, while the
lower bits are
randomized. A value of
"02:00:00:00:00:00
00:00:00:00:00:00"
will create a fully
scrambled
globally-administered,
burned-in MAC address.
If the value contains
more then one
additional MAC
addresses, one of them
is chosen randomly.
For example,
"02:00:00:00:00:00
00:00:00:00:00:00
02:00:00:00:00:00"
will create a fully
scrambled MAC address,
randomly locally or
globally administered.
hidden boolean FALSE If TRUE, indicates
this network is a
non-broadcasting
network that hides its
SSID. In this case
various workarounds
may take place, such
as probe-scanning the
SSID for more reliable
network discovery.
However, these
workarounds expose
inherent insecurities
with hidden SSID
networks, and thus
hidden SSID networks
should be used with
caution.
mac-address byte array If specified, this
connection will only
apply to the Wi-Fi
device whose permanent
MAC address matches.
This property does not
change the MAC address
of the device (i.e.
MAC spoofing).
mac-address-blacklist array of string [] A list of permanent
MAC addresses of Wi-Fi
devices to which this
connection should
never apply. Each MAC
address should be
given in the standard
hex-digits-and-colons
notation (eg
"00:11:22:33:44:55").
mac-address-randomization uint32 0 One of
NM_SETTING_MAC_RANDOMIZATION_DEFAULT
(0) (never randomize
unless the user has
set a global default
to randomize and the
supplicant supports
randomization),
NM_SETTING_MAC_RANDOMIZATION_NEVER
(1) (never randomize
the MAC address), or
NM_SETTING_MAC_RANDOMIZATION_ALWAYS
(2) (always randomize
the MAC address).
Deprecated: 1
mode string Wi-Fi network mode; one of
"infrastructure", "adhoc" or "ap".
If blank, infrastructure is assumed.
mtu uint32 0 If non-zero, only transmit packets
of the specified size or smaller,
breaking larger packets up into
multiple Ethernet frames.
name string 802-11-wireless The setting's name, which uniquely
identifies the setting within the
connection. Each setting type has a
name unique to that type, for
example "ppp" or "wireless" or
"wired".
powersave uint32 0 One of
NM_SETTING_WIRELESS_POWERSAVE_DISABLE
(2) (disable Wi-Fi power saving),
NM_SETTING_WIRELESS_POWERSAVE_ENABLE
(3) (enable Wi-Fi power saving),
NM_SETTING_WIRELESS_POWERSAVE_IGNORE
(1) (don't touch currently configure
setting) or
NM_SETTING_WIRELESS_POWERSAVE_DEFAULT
(0) (use the globally configured
value). All other values are
reserved.
rate uint32 0 If non-zero, directs the device to
only use the specified bitrate for
communication with the access point.
Units are in Kb/s, ie 5500 = 5.5
Mbit/s. This property is highly
driver dependent and not all devices
support setting a static bitrate.
security None This property is deprecated, but can
be set to the value
'802-11-wireless-security' when a
wireless security setting is also
present in the connection dictionary,
for compatibility with very old
NetworkManager daemons.
seen-bssids array of string [] A list of BSSIDs (each BSSID
formatted as a MAC address like
"00:11:22:33:44:55") that have been
detected as part of the Wi-Fi
network. NetworkManager internally
tracks previously seen BSSIDs. The
property is only meant for reading
and reflects the BSSID list of
NetworkManager. The changes you make
to this property will not be
preserved.
ssid byte array SSID of the Wi-Fi network. Must be
specified.
tx-power uint32 0 If non-zero, directs the device to
use the specified transmit power.
Units are dBm. This property is
highly driver dependent and not all
devices support setting a static
transmit power.
Table 30. 802-11-wireless-security setting
Key Name Value Type Default Value Value
Description
auth-alg string When WEP is used
(ie, key-mgmt =
"none" or
"ieee8021x")
indicate the
802.11
authentication
algorithm
required by the
AP here. One of
"open" for Open
System, "shared"
for Shared Key,
or "leap" for
Cisco LEAP.
When using Cisco
LEAP (ie,
key-mgmt =
"ieee8021x" and
auth-alg =
"leap") the
"leap-username"
and
"leap-password"
properties must
be specified.
group array of string [] A list of
group/broadcast
encryption
algorithms which
prevents
connections to
Wi-Fi networks
that do not
utilize one of
the algorithms
in the list.
For maximum
compatibility
leave this
property empty.
Each list
element may be
one of "wep40",
"wep104",
"tkip", or
"ccmp".
key-mgmt string Key management
used for the
connection. One
of "none" (WEP),
"ieee8021x"
(Dynamic WEP),
"wpa-none"
(Ad-Hoc
WPA-PSK),
"wpa-psk"
(infrastructure
WPA-PSK), or
"wpa-eap"
(WPA-Enterprise).
This property
must be set for
any Wi-Fi
connection that
uses security.
leap-password string The login
password for
legacy LEAP
connections (ie,
key-mgmt =
"ieee8021x" and
auth-alg =
"leap").
leap-password-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle the
"leap-password"
property. (see
the section
called "Secret
flag types:" for
flag values)
leap-username string The login
username for
legacy LEAP
connections (ie,
key-mgmt =
"ieee8021x" and
auth-alg =
"leap").
name string 802-11-wireless-security The setting's
name, which
uniquely
identifies the
setting within
the connection.
Each setting type
has a name unique
to that type, for
example "ppp" or
"wireless" or
"wired".
pairwise array of string [] A list of
pairwise
encryption
algorithms which
prevents
connections to
Wi-Fi networks
that do not
utilize one of
the algorithms in
the list. For
maximum
compatibility
leave this
property empty.
Each list element
may be one of
"tkip" or "ccmp".
proto array of string [] List of strings
specifying the
allowed WPA
protocol versions
to use. Each
element may be
one "wpa" (allow
WPA) or "rsn"
(allow WPA2/RSN).
If not specified,
both WPA and RSN
connections are
allowed.
psk string Pre-Shared-Key
for WPA networks.
If the key is
64-characters
long, it must
contain only
hexadecimal
characters and is
interpreted as a
hexadecimal WPA
key. Otherwise,
the key must be
between 8 and 63
ASCII characters
(as specified in
the 802.11i
standard) and is
interpreted as a
WPA passphrase,
and is hashed to
derive the actual
WPA-PSK used when
connecting to the
Wi-Fi network.
psk-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle the
"psk" property.
(see the section
called "Secret
flag types:" for
flag values)
wep-key-flags NMSettingSecretFlags Flags indicating
(uint32) how to handle the
"wep-key0",
"wep-key1",
"wep-key2", and
"wep-key3"
properties. (see
the section
called "Secret
flag types:" for
flag values)
wep-key-type NMWepKeyType Controls the
(uint32) interpretation of
WEP keys.
Allowed values
are
NM_WEP_KEY_TYPE_KEY
(1), in which
case the key is
either a 10- or
26-character
hexadecimal
string, or a 5-
or 13-character
ASCII password;
or
NM_WEP_KEY_TYPE_PASSPHRASE
(2), in which
case the
passphrase is
provided as a
string and will
be hashed using
the de-facto MD5
method to derive
the actual WEP
key.
wep-key0 string Index 0 WEP key. This is
the WEP key used in most
networks. See the
"wep-key-type" property
for a description of how
this key is interpreted.
wep-key1 string Index 1 WEP key. This WEP
index is not used by most
networks. See the
"wep-key-type" property
for a description of how
this key is interpreted.
wep-key2 string Index 2 WEP key. This WEP
index is not used by most
networks. See the
"wep-key-type" property
for a description of how
this key is interpreted.
wep-key3 string Index 3 WEP key. This WEP
index is not used by most
networks. See the
"wep-key-type" property
for a description of how
this key is interpreted.
wep-tx-keyidx uint32 0 When static WEP is used
(ie, key-mgmt = "none")
and a non-default WEP key
index is used by the AP,
put that WEP key index
here. Valid values are 0
(default key) through 3.
Note that some consumer
access points (like the
Linksys WRT54G) number the
keys 1 - 4.
Secret flag types:
Each secret property in a setting has an associated flags property that
describes how to handle that secret. The flags property is a bitfield
that contains zero or more of the following values logically OR-ed
together.
* 0x0 (none) - the system is responsible for providing and storing
this secret.
* 0x1 (agent-owned) - a user-session secret agent is responsible for
providing and storing this secret; when it is required, agents will
be asked to provide it.
* 0x2 (not-saved) - this secret should not be saved but should be
requested from the user each time it is required. This flag should
be used for One-Time-Pad secrets, PIN codes from hardware tokens,
or if the user simply does not want to save the secret.
* 0x4 (not-required) - in some situations it cannot be automatically
determined that a secret is required or not. This flag hints that
the secret is not required and should not be requested from the
user.
FILES
/etc/NetworkManager/system-connections or distro plugin-specific location
SEE ALSO
NetworkManager(8), nmcli(1), nmcli-examples(7), NetworkManager.conf(5)
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
