| Key Name |
Value Type |
Default Value |
Value Description |
| name |
string |
802-1x |
The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name. |
| identity |
string |
|
Identity string for EAP authentication methods. Often the user's user or login name. |
| anonymous-identity |
string |
|
Anonymous identity string for EAP authentication methods. Used as the unencrypted identity with EAP types that support different tunneled identity like EAP-TTLS. |
| ca-path |
string |
|
UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the 'ca-cert' property. |
| phase1-peapver |
string |
|
Forces which PEAP version is used when PEAP is set as the EAP method in 'eap' property. When unset, the version reported by the server will be used. Sometimes when using older RADIUS servers, it is necessary to force the client to use a particular PEAP version. To do so, this property may be set to '0' or '1; to force that specific PEAP version. |
| phase1-peaplabel |
string |
|
Forces use of the new PEAP label during key derivation. Some RADIUS servers may require forcing the new PEAP label to interoperate with PEAPv1. Set to '1' to force use of the new PEAP label. See the wpa_supplicant documentation for more details. |
| phase1-fast-provisioning |
string |
|
Enables or disables in-line provisioning of EAP-FAST credentials when FAST is specified as the EAP method in the #NMSetting8021x:eap property. Allowed values are '0' (disabled), '1' (allow unauthenticated provisioning), '2' (allow authenticated provisioning), and '3' (allow both authenticated and unauthenticated provisioning). See the wpa_supplicant documentation for more details. |
| phase2-auth |
string |
|
Specifies the allowed 'phase 2' inner non-EAP authentication methods when an EAP method that uses an inner TLS tunnel is specified in the 'eap' property. Recognized non-EAP phase2 methods are 'pap', 'chap', 'mschap', 'mschapv2', 'gtc', 'otp', 'md5', and 'tls'. Each 'phase 2' inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details. |
| phase2-autheap |
string |
|
Specifies the allowed 'phase 2' inner EAP-based authentication methods when an EAP method that uses an inner TLS tunnel is specified in the 'eap' property. Recognized EAP-based 'phase 2' methods are 'md5', 'mschapv2', 'otp', 'gtc', and 'tls'. Each 'phase 2' inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details. |
| phase2-ca-path |
string |
|
UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the 'phase2-ca-cert' property. |
| password |
string |
|
Password used for EAP authentication methods. |
| private-key-password |
string |
|
The password used to decrypt the private key specified in the 'private-key' property when the private key is a PKCS#12 format key. |
| phase2-private-key-password |
string |
|
The password used to decrypt the private key specified in the 'phase2-private-key' property when the phase2 private key is a PKCS#12 format key. |
| system-ca-certs |
boolean |
FALSE |
When TRUE, overrides 'ca-path' and 'phase2-ca-path' properties using the system CA directory specified at configure time with the --system-ca-path switch. The certificates in this directory are added to the verification chain in addition to any certificates specified by the 'ca-cert' and 'phase2-ca-cert' properties. |
| Key Name |
Value Type |
Default Value |
Value Description |
| name |
string |
connection |
The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name. |
| id |
string |
|
User-readable connection identifier/name. Must be one or more characters and may change over the lifetime of the connection if the user decides to rename it. |
| uuid |
string |
|
Universally unique connection identifier. Must be in the format '2815492f-7e56-435e-b2e9-246bd7cdc664' (ie, contains only hexadecimal characters and '-'). The UUID should be assigned when the connection is created and never changed as long as the connection stilla pplies to the same network. For example, it should not be changed when the user changes the connection's 'id', but should be recreated when the WiFi SSID, mobile broadband network provider, or the connection type changes. |
| type |
string |
|
Base type of the connection. For hardware-dependent connections, should contain the setting name of the hardware-type specific setting (ie, '802-3-ethernet' or '802-11-wireless' or 'bluetooth', etc), and for non-hardware dependent connections like VPN or otherwise, should contain the setting name of that setting type (ie, 'vpn' or 'bridge', etc). |
| autoconnect |
boolean |
FALSE |
If TRUE, NetworkManager will activate this connection when its network resources are available. If FALSE, the connection must be manually activated by the user or some other mechanism. |
| timestamp |
uint64 |
0 |
Timestamp (in seconds since the Unix Epoch) that the connection was last successfully activated. Settings services should update the connection timestamp periodically when the connection is active to ensure that an active connection has the latest timestamp. |
| read-only |
boolean |
FALSE |
If TRUE, the connection is read-only and cannot be changed by the user or any other mechanism. This is normally set for system connections whose plugin cannot yet write updated connections back out. |
| Key Name |
Value Type |
Default Value |
Value Description |
| name |
string |
gsm |
The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name. |
| number |
string |
|
Number to dial when establishing a PPP data session with the GSM-based mobile broadband network. In most cases, leave the number blank and a number selecting the APN specified in the 'apn' property will be used automatically when required. |
| username |
string |
|
Username used to authenticate with the network, if required. Note that many providers do not require a username or accept any username. |
| password |
string |
|
Password used to authenticate with the network, if required. Note that many providers do not require a password or accept any password. |
| apn |
string |
|
The GPRS Access Point Name specifying the APN used when establishing a data session with the GSM-based network. The APN often determines how the user will be billed for their network usage and whether the user has access to the Internet or just a provider-specific walled-garden, so it is important to use the correct APN for the user's mobile broadband plan. |
| network-id |
string |
|
The Network ID (GSM LAI format, ie MCC-MNC) to force specific network registration. If the Network ID is specified, NetworkManager will attempt to force the device to register only on the specified network. This can be used to ensure that the device does not roam when direct roaming control of the device is not otherwise possible. |
| network-type |
int32 |
0 |
Network preference to force the device to only use specific network technologies. The permitted values are: -1: any, 0: 3G only, 1: GPRS/EDGE only, 2: prefer 3G, and 3: prefer 2G. Note that not all devices allow network preference control. |
| band |
int32 |
0 |
Band (currently unused) |
| pin |
string |
|
If the SIM is locked with a PIN it must be unlocked before any other operations are requested. Specify the PIN here to allow operation of the device. |
| puk |
string |
|
If the PIN is incorrectly entered too many times, the PUK (PIN Unlock Code) is required before the device becomes operational. It's usually best not to enter the PUK due to the risk of completely locking your SIM by entering a wrong PUK too many times. |
| Key Name |
Value Type |
Default Value |
Value Description |
| name |
string |
ipv4 |
The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name. |
| method |
string |
|
IPv4 configuration method. If 'auto' is specified then the appropriate automatic method (DHCP, PPP, etc) is used for the interface and most other properties can be left unset. If 'link-local' is specified, then a link-local address in the 169.254/16 range will be assigned to the interface. If 'manual' is specified, static IP addressing is used and at least one IP address must be given in the 'addresses' property. If 'shared' is specified (indicating that this connection will provide network access to other computers) then the interface is assigned an address in the 10.42.x.1/24 range and a DHCP and forwarding DNS server are started, and the interface is NAT-ed to the current default network connection. This property must be set. |
| ignore-auto-routes |
boolean |
FALSE |
When the method is set to 'auto' and this property to TRUE, automatically configured routes are ignored and only routes specified in the 'routes' property, if any, are used. |
| ignore-auto-dns |
boolean |
FALSE |
When the method is set to 'auto' and this property to TRUE, automatically configured nameservers and search domains are ignored and only namservers and search domains specified in the 'dns' and 'dns-search' properties, if any, are used. |
| dhcp-client-id |
string |
|
A string sent to the DHCP server to identify the local machine which the DHCP server may use to cusomize the DHCP lease and options. |
| dhcp-hostname |
string |
|
A hostname to be sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer. |
| never-default |
boolean |
FALSE |
If TRUE, this connection will never be the default IPv4 connection, meaning it will never be assigned the default route by NetworkManager. |
| Key Name |
Value Type |
Default Value |
Value Description |
| name |
string |
ppp |
The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name. |
| noauth |
boolean |
FALSE |
If TRUE, do not require the other side (usually the PPP server) to authenticate itself to the client. If FALSE, require authentication from the remote side. In almost all cases, this should be TRUE. |
| refuse-eap |
boolean |
FALSE |
If TRUE, the EAP authentication method will not be used. |
| refuse-pap |
boolean |
FALSE |
If TRUE, the PAP authentication method will not be used. |
| refuse-chap |
boolean |
FALSE |
If TRUE, the CHAP authentication method will not be used. |
| refuse-mschap |
boolean |
FALSE |
If TRUE, the MSCHAP authentication method will not be used. |
| refuse-mschapv2 |
boolean |
FALSE |
If TRUE, the MSCHAPv2 authentication method will not be used. |
| nobsdcomp |
boolean |
FALSE |
If TRUE, BSD compression will not be requested. |
| nodeflate |
boolean |
FALSE |
If TRUE, 'deflate' compression will not be requested. |
| no-vj-comp |
boolean |
FALSE |
If TRUE, Van Jacobsen TCP header compression will not be requested. |
| require-mppe |
boolean |
FALSE |
If TRUE, MPPE (Microsoft Point-to-Point Encrpytion) will be required for the PPP session. If either 64-bit or 128-bit MPPE is not available the session will fail. Note that MPPE is not used on mobile broadband connections. |
| require-mppe-128 |
boolean |
FALSE |
If TRUE, 128-bit MPPE (Microsoft Point-to-Point Encrpytion) will be required for the PPP session, and the 'require-mppe' property must also be set to TRUE. If 128-bit MPPE is not available the session will fail. |
| mppe-stateful |
boolean |
FALSE |
If TRUE, stateful MPPE is used. See pppd documentation for more information on stateful MPPE. |
| crtscts |
boolean |
FALSE |
If TRUE, specify that pppd should set the serial port to use hardware flow control with RTS and CTS signals. This value should normally be set to FALSE. |
| baud |
uint32 |
0 |
If non-zero, instruct pppd to set the serial port to the specified baudrate. This value should normally be left as 0 to automatically choose the speed. |
| mru |
uint32 |
0 |
If non-zero, instruct pppd to request that the peer send packets no larger than the specified size. If non-zero, the MRU should be between 128 and 16384. |
| mtu |
uint32 |
0 |
If non-zero, instruct pppd to send packets no larger than the specified size. |
| lcp-echo-failure |
uint32 |
0 |
If non-zero, instruct pppd to presume the connection to the peer has failed if the specified number of LCP echo-requests go unanswered by the peer. The 'lcp-echo-interval' property must also be set to a non-zero value if this property is used. |
| lcp-echo-interval |
uint32 |
0 |
If non-zero, instruct pppd to send an LCP echo-request frame to the peer every n seconds (where n is the specified value). Note that some PPP peers will respond to echo requests and some will not, and it is not possible to autodetect this. |
| Key Name |
Value Type |
Default Value |
Value Description |
| name |
string |
serial |
The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name. |
| baud |
uint32 |
0 |
Speed to use for communication over the serial port. Note that this value usually has no effect for mobile broadband modems as they generally ignore speed settings and use the highest available speed. |
| bits |
uint32 |
0 |
Byte-width of the serial communication. The 8 in '8n1' for example. |
| parity |
gchar |
0 |
Parity setting of the serial port. Either 'E' for even parity, 'o' for odd parity, or 'n' for no parity. |
| stopbits |
uint32 |
0 |
Number of stop bits for communication on the serial port. Either 1 or 2. The 1 in '8n1' for example. |
| send-delay |
uint64 |
0 |
Time to delay between each byte sent to the modem, in microseconds. |
| Key Name |
Value Type |
Default Value |
Value Description |
| name |
string |
802-3-ethernet |
The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name. |
| port |
string |
|
Specific port type to use if multiple the device supports multiple attachment methods. One of 'tp' (Twisted Pair), 'aui' (Attachment Unit Interface), 'bnc' (Thin Ethernet) or 'mii' (Media Independent Interface. If the device supports only one port type, this setting is ignored. |
| speed |
uint32 |
0 |
If non-zero, request that the device use only the specified speed. In Mbit/s, ie 100 == 100Mbit/s. |
| duplex |
string |
|
If specified, request that the device only use the specified duplex mode. Either 'half' or 'full'. |
| auto-negotiate |
boolean |
FALSE |
If TRUE, allow auto-negotiation of port speed and duplex mode. If FALSE, do not allow auto-negotiation,in which case the 'speed' and 'duplex' properties should be set. |
| mtu |
uint32 |
0 |
If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames. |
| Key Name |
Value Type |
Default Value |
Value Description |
| name |
string |
802-11-wireless |
The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name. |
| mode |
string |
|
WiFi network mode; one of 'infrastructure' or 'adhoc'. If blank, infrastructure is assumed. |
| band |
string |
|
802.11 frequency band of the network. One of 'a' for 5GHz 802.11a or 'bg' for 2.4GHz 802.11. This will lock associations to the WiFi network to the specific band, i.e. if 'a' is specified, the device will not associate with the same network in the 2.4GHz band even if the network's settings are compatible. This setting depends on specific driver capability and may not work with all drivers. |
| channel |
uint32 |
0 |
Wireless channel to use for the WiFi connection. The device will only join (or create for Ad-Hoc networks) a WiFi network on the specified channel. Because channel numbers overlap between bands, this property also requires the 'band' property to be set. |
| rate |
uint32 |
0 |
If non-zero, directs the device to only use the specified bitrate for communication with the access point. Units are in Kb/s, ie 5500 = 5.5 Mbit/s. This property is highly driver dependent and not all devices support setting a static bitrate. |
| tx-power |
uint32 |
0 |
If non-zero, directs the device to use the specified transmit power. Units are dBm. This property is highly driver dependent and not all devices support setting a static transmit power. |
| mtu |
uint32 |
0 |
If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames. |
| security |
string |
|
If the wireless connection has any security restrictions, like 802.1x, WEP, or WPA, set this property to '802-11-wireless-security' and ensure the connection contains a valid 802-11-wireless-security setting. |
| Key Name |
Value Type |
Default Value |
Value Description |
| name |
string |
802-11-wireless-security |
The setting's name; these names are defined by the specification and cannot be changed after the object has been created. Each setting class has a name, and all objects of that class share the same name. |
| key-mgmt |
string |
|
Key management used for the connection. One of 'none' (WEP), 'ieee8021x' (Dynamic WEP), 'wpa-none' (WPA-PSK Ad-Hoc), 'wpa-psk' (infrastructure WPA-PSK), or 'wpa-eap' (WPA-Enterprise). This property must be set for any WiFi connection that uses security. |
| wep-tx-keyidx |
uint32 |
0 |
When static WEP is used (ie, key-mgmt = 'none') and a non-default WEP key index is used by the AP, put that WEP key index here. Valid values are 0 (default key) through 3. Note that some consumer access points (like the Linksys WRT54G) number the keys 1 - 4. |
| auth-alg |
string |
|
When WEP is used (ie, key-mgmt = 'none' or 'ieee8021x') indicate the 802.11 authentication algorithm required by the AP here. One of 'open' for Open System, 'shared' for Shared Key, or 'leap' for Cisco LEAP. When using Cisco LEAP (ie, key-mgmt = 'ieee8021x' and auth-alg = 'leap') the 'leap-username' and 'leap-password' properties must be specified. |
| leap-username |
string |
|
The login username for legacy LEAP connections (ie, key-mgmt = 'ieee8021x' and auth-alg = 'leap'). |
| wep-key0 |
string |
|
Index 0 WEP key. This is the WEP key used in most networks. See the 'wep-key-type' property for a description of how this key is interpreted. |
| wep-key1 |
string |
|
Index 1 WEP key. This WEP index is not used by most networks. See the 'wep-key-type' property for a description of how this key is interpreted. |
| wep-key2 |
string |
|
Index 2 WEP key. This WEP index is not used by most networks. See the 'wep-key-type' property for a description of how this key is interpreted. |
| wep-key3 |
string |
|
Index 3 WEP key. This WEP index is not used by most networks. See the 'wep-key-type' property for a description of how this key is interpreted. |
| psk |
string |
|
Pre-Shared-Key for WPA networks. If the key is 64-characters long, it must contain only hexadecimal characters and is interpreted as a hexadecimal WPA key. Otherwise, the key must be between 8 and 63 ASCII characters (as specified in the 802.11i standard) and is interpreted as a WPA passphrase, and is hashed to derive the actual WPA-PSK used when connecting to the WiFi network. |
| leap-password |
string |
|
The login password for legacy LEAP connections (ie, key-mgmt = 'ieee8021x' and auth-alg = 'leap'). |
| wep-key-type |
uint32 |
0 |
Controls the interpretation of WEP keys. Allowed values are 1 (interpret WEP keys as hexadecimal or ASCII keys) or 2 (interpret WEP keys as WEP Passphrases). If set to 1 and the keys are hexadecimal, they must be either 10 or 26 characters in length. If set to 1 and the keys are ASCII keys, they must be either 5 or 13 characters in length. If set to 2, the passphrase is hashed using the de-facto MD5 method to derive the actual WEP key. |