Discussion:
[PATCH 0/8] Man page overhaul
(too old to reply)
Jaakko Hannikainen
2015-10-26 14:39:59 UTC
Permalink
This patchset rewrites half of the existing man pages and adds 4
new ones, since the old ones were either badly formatted, incomplete
or simply wrong. It also moves them under automake so that end users
will see proper paths to connman's files instead of suggesting that
they are probably under /var/lib/connman/.

Not many changes from the RFC version, mostly typos here and there.
Mainly changed the build system parts, now only the last patch
touches the build system. If/when the discussion about OpenVPN's MTUs
reaches some end, the appropriate documentation should be updated.
Jaakko Hannikainen
2015-10-26 14:40:04 UTC
Permalink
---
doc/connman-vpn.8 | 2 +-
doc/connman-vpn.conf.5 | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+), 1 deletion(-)
create mode 100644 doc/connman-vpn.conf.5

diff --git a/doc/connman-vpn.8 b/doc/connman-vpn.8
index 889faff..e595890 100644
--- a/doc/connman-vpn.8
+++ b/doc/connman-vpn.8
@@ -59,4 +59,4 @@ the controlling terminal in addition to syslog.
.BR \-r ", " \-\-routes
Manage VPN routes instead of telling \fBconnmand\fP(8) to do it.
.SH SEE ALSO
-.BR connmanctl (1), \ connmand (8)
+.BR connmanctl (1), \ connman-vpn.conf (5), \ connmand (8)
diff --git a/doc/connman-vpn.conf.5 b/doc/connman-vpn.conf.5
new file mode 100644
index 0000000..5facd37
--- /dev/null
+++ b/doc/connman-vpn.conf.5
@@ -0,0 +1,48 @@
+.\" connman-vpn.conf(5) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH "connman-vpn.conf" "5" "2015-10-15" ""
+.SH NAME
+connman-vpn.conf \- ConnMan-VPN configuration file
+.SH SYNOPSIS
+.B /etc/connman/connman-vpn.conf
+.br
+or
+.br
+\fI<SYSCONFDIR>\fB/connman/connman-vpn.conf
+.br
+.RI where\ <SYSCONFDIR> " depends on your distribution or build."
+.SH DESCRIPTION
+.P
+.B connman-vpn.conf
+is a configuration file for ConnMan-VPN. The configuration file is
+optional but it can be used to set up various aspects of ConnMan-VPN's
+behavior. The location of the file may be changed through use of
+the \fB\-\-config= \fRargument for \fBconnman-vpn\fP(8).
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [General]
+This section is the only mandatory section of the configuration file.
+.TP
+.BI InputRequestTimeout= secs
+Set input request timeout. Default is 300 seconds. The request for inputs
+like passphrase will timeout after certain amount of time. Use this setting
+to increase the value in case of different user interface designs.
+.SH "EXAMPLE"
+The following example configuration sets InputRequestTimeout to 10 minutes.
+.PP
+.nf
+[General]
+InputRequestTimeout = 600
+.fi
+.SH "SEE ALSO"
+.BR connman (8), \ connman-vpn (8)
--
2.6.1
Jaakko Hannikainen
2015-10-26 14:40:05 UTC
Permalink
---
doc/connman-service.config.5 | 197 +++++++++++++++++++++++++++++++++++++++++++
doc/connman.8 | 3 +-
doc/connmanctl.1 | 3 +-
3 files changed, 201 insertions(+), 2 deletions(-)
create mode 100644 doc/connman-service.config.5

diff --git a/doc/connman-service.config.5 b/doc/connman-service.config.5
new file mode 100644
index 0000000..3cf3692
--- /dev/null
+++ b/doc/connman-service.config.5
@@ -0,0 +1,197 @@
+.\" connman-service.config(5) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH "service-name.config" "5" "2015-10-15" ""
+.SH NAME
+service-name.config \- ConnMan service provisioning file
+.SH SYNOPSIS
+.B /var/lib/connman/\fIservice-name\fB.config
+.SH DESCRIPTION
+.P
+\fIConnMan\fP's services are configured with so called
+"\fBprovisioning files\fP" which reside under \fI/var/lib/connman/\fP.
+The files can be named anything, as long as they end in \fB.config\fP.
+The provisioning files can be used to configure for example secured
+wireless access points which need complex authentication, for example
+eduroam, or for static IPs and so on. Each provisioning file can be
+used for multiple services at once.
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [global]
+This section is optional, and can be used to describe the actual file. The
+two allowed fields for this section are:
+.TP
+.BI Name= name
+Name of the network.
+.TP
+.BI Description= description
+Description of the network.
+.SS [service_*]
+Each provisioned service must start with a [service_*] tag, with * replaced
+by an unique name within the file.
+The allowed fields are:
+.TP
+.B Type=ethernet \fR|\fB wifi
+Mandatory. Other types than ethernet or wifi are not supported.
+.TP
+.BI IPv4=off \ \fR|\ dhcp\ \fR|\ network / netmask / gateway
+IPv4 settings for the service. If set to \fBoff\fP, IPv4 won't be used.
+If set to \fBdhcp\fP, dhcp will be used to obtain the network settings.
+\fInetmask\fP can be specified as length of the mask rather than the
+mask itself. The gateway can be omitted when using a static IP.
+.TP
+.BI IPv6=off \ \fR|\ auto\ \fR|\ network / prefixlength / gateway
+IPv6 settings for the service. If set to \fBoff\fP, IPv6 won't be used.
+If set to \fBauto\fP, settings will be obtained from the network.
+.TP
+.B IPv6.Privacy=disabled \fR|\fB enabled \fR|\fB preferred
+IPv6 privacy settings as per RFC3041.
+.TP
+.BI MAC= address
+MAC address of the interface to be used. If not specified, the first
+found interface is used. Must be in format ab:cd:ef:01:23:45.
+.TP
+.BI Nameservers= servers
+Comma separated list of nameservers.
+.TP
+.BI SearchDomains= domains
+Comma separated list of DNS search domains.
+.TP
+.BI Timeservers= servers
+Comma separated list of timeservers.
+.TP
+.BI Domain= domain
+Domain name to be used.
+.TP
+The following keys can only be used for wireless networks:
+.TP
+.BI Name= name
+A string representation of an network SSID. If the SSID field is
+present, the Name field is ignored. If the SSID field is not present,
+this field is mandatory.
+.TP
+.BI SSID= ssid
+SSID: A hexadecimal representation of an 802.11 SSID. Use this format to
+encode special characters including starting or ending spaces.
+.TP
+.BI Passphrase= passphrase
+RSN/WPA/WPA2 Passphrase.
+.TP
+.BI Security= type
+The security type of the network. Possible values are \fBpsk\fP
+(WPA/WPA2 PSK), \fBieee8021x\fP (WPA EAP), \fBnone\fP and \fBwep\fP.
+When not set, the default value is \fBieee8021x\fP if an EAP type is
+configured, \fBpsk\fP if a passphrase is present and \fBnone\fP otherwise.
+.TP
+.B Hidden=true \fR|\fB false
+If set to \fBtrue\fP, then this AP is hidden. If missing or set to
+\fBfalse\fP, then AP is not hidden.
+.TP
+.B EAP=tls \fR|\fB ttls \fR|\fB peap
+EAP type to use. Only \fBtls\fP, \fBttls\fP and \fBpeap\fP are supported.
+.TP
+.BI CACertFile= file
+Path to the CA certificate file. Only PEM and DER formats are supported.
+.TP
+.BI PrivateKeyFile= file
+Path to the private key file. Only PEM, DER and PFX formats are supported.
+.TP
+.BI PrivateKeyPassphrase= passphrase
+Passphrase of the private key.
+.TP
+.B PrivateKeyPassphraseType=fsid
+If specified, use the private key's fsid as the passphrase, and ignore the
+PrivateKeyPassphrase field.
+.TP
+.BI Identity= identity
+Identity string for EAP.
+.TP
+.BI AnonymousIdentity= identity
+Anonymous identity string for EAP.
+.TP
+.BI Phase2= type
+Inner authentication type with for \fBEAP=tls\fP or \fBEAP=ttls\fP. Prefix
+the value with \fBEAP-\fP to indicate usage of EAP-based authentication
+method (should only be used with \fBEAP=ttls\fP).
+.SH "EXAMPLE"
+.SS Eduroam
+This is a configuration file for eduroam networks. This file could for
+example be /var/lib/connman/eduroam.config. Your university's exact
+settings might be different.
+.PP
+.nf
+[service_eduroam]
+Type = wifi
+Name = eduroam
+EAP = peap
+Phase2 = MSCHAPV2
+CACertFile = /etc/ssl/certs/UNIV_CA.crt
+.fi
+.SS Complex networking
+This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
+EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid
+and the file name could be /var/lib/connman/complex.config.
+.PP
+Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
+746c735f73736964"). If your SSID does not contain any exotic character then
+you should use the Name entry instead (e.g. "Name = tls_ssid").
+.PP
+.nf
+[global]
+Name = Example
+Description = Example network configuration
+
+[service_tls]
+Type = wifi
+SSID = 746c735f73736964
+EAP = tls
+CACertFile = /home/user/.certs/ca.pem
+ClientCertFile = /home/user/devlp/.certs/client.pem
+PrivateKeyFile = /home/user/.certs/client.fsid.pem
+PrivateKeyPassphraseType = fsid
+Identity = user
+
+[service_ttls]
+Type = wifi
+Name = ttls_ssid
+EAP = ttls
+CACertFile = /home/user/.cert/ca.pem
+Phase2 = MSCHAPV2
+Identity = user
+
+[service_peap]
+Type = wifi
+Name = peap_ssid
+EAP = peap
+CACertFile = /home/user/.cert/ca.pem
+Phase2 = MSCHAPV2
+Identity = user
+
+[service_home_ethernet]
+Type = ethernet
+IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
+IPv6 = 2001:db8::42/64/2001:db8::1
+MAC = 01:02:03:04:05:06
+Nameservers = 10.2.3.4,192.168.1.99
+SearchDomains = my.home,isp.net
+Timeservers = 10.172.2.1,ntp.my.isp.net
+Domain = my.home
+
+[service_home_wifi]
+Type = wifi
+Name = my_home_wifi
+Passphrase = password
+IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
+MAC = 06:05:04:03:02:01
+.fi
+.SH "SEE ALSO"
+.BR connman (8)
diff --git a/doc/connman.8 b/doc/connman.8
index 7ae9ff5..3d065db 100644
--- a/doc/connman.8
+++ b/doc/connman.8
@@ -94,4 +94,5 @@ If this option is used, then ConnMan is not able to cache the DNS queries
because the DNS traffic is not going through ConnMan and that can cause
some extra network traffic.
.SH SEE ALSO
-.BR connmanctl (1), \ connman.conf (5), \ connman-vpn (8)
+.BR connmanctl (1), \ connman.conf (5), \ connman-service.config (5), \c
+.BR \ connman-vpn (8)
diff --git a/doc/connmanctl.1 b/doc/connmanctl.1
index 03abf7c..e98a697 100644
--- a/doc/connmanctl.1
+++ b/doc/connmanctl.1
@@ -278,4 +278,5 @@ Tethering a wireless connection (ssid "SSID", passphrase "password"):
.PP
.SH
SEE ALSO
-.BR connman.conf (5), \ connman (8), \ connman-vpn (8)
+.BR connman.conf (5), \ connman-service.config (5), \ connman (8), \c
+.BR \ connman-vpn (8)
--
2.6.1
Jaakko Hannikainen
2015-10-26 14:40:03 UTC
Permalink
---
doc/connman-vpn.8 | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
doc/connman.8 | 2 +-
doc/connmanctl.1 | 2 +-
3 files changed, 64 insertions(+), 2 deletions(-)
create mode 100644 doc/connman-vpn.8

diff --git a/doc/connman-vpn.8 b/doc/connman-vpn.8
new file mode 100644
index 0000000..889faff
--- /dev/null
+++ b/doc/connman-vpn.8
@@ -0,0 +1,62 @@
+.\" connman-vpn(8) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH CONNMAN-VPN "8" "2015-10-15"
+.SH NAME
+ConnMan-VPN \- VPN management daemon
+.SH SYNOPSIS
+.B connman-vpnd
+.RB [\| \-\-version \||\| \-\-help \|]
+.PP
+.B connman-vpnd
+.RB [\| \-c
+.IR file \|]
+.RB [\| \-d\ [\c
+.IR file [,...]\|]\|]
+.RB [\| \-p
+.IR plugin [,...]\|]
+.RB [\| \-P
+.IR plugin [,...]\|]
+.RB [\| \-n \|]
+.RB [\| \-r \|]
+.SH DESCRIPTION
+The \fIConnMan-VPN\fP provides a daemon for managing vpn connections together
+with \fBconnmand\fP(8). The Connection Manager is designed to be slim and to
+use as few resources as possible. The VPN daemon supports \fBopenconnect\fP(8),
+\fBopenvpn\fP(8), \fBvpnc\fP(8) and L2TP/PPTP (\fBxl2tpd.conf\fP(5),
+\fBpptp\fP(8), \fBpppd\fP(8)).
+.P
+.SH OPTIONS
+The following options are supported:
+.TP
+.BR \-v ", " \-\-version
+Print the ConnMan-VPN software version and exit.
+.TP
+.BR \-h ", " \-\-help
+Print ConnMan-VPN's available options and exit.
+.TP
+.BI \-c\ file\fR,\ \fB\-\-config= \fIfile
+Specify configuration file to set up various settings for ConnMan. If not
+specified, the default value of \fI<SYSCONFDIR>/connman/connman-vpn.conf\fP
+is used; where \fI<SYSCONFDIR>\fP is dependent on your distribution (usually
+it's \fI/etc\fP). See \fBconnman-vpn.conf\fP(5) for more information on
+configuration file. The use of config file is optional and sane default values
+are used if config file is missing.
+.TP
+.BR \-d\ [ \fIfile [,...]],\ \-\-debug [= \fIfile [,...]]
+Sets how much information ConnMan-VPN sends to the log destination (usually
+syslog's "daemon" facility). If the file options are omitted, then debugging
+information from all the source files are printed. If file options are
+present, then only debug prints from that source file are printed. Example:
+.PP
+ connman-vpnd --debug=vpn/vpn-provider.c,vpn/vpn-config.c
+.TP
+.BR \-n ", " \-\-nodaemon
+Do not daemonize. This is useful for debugging, and directs log output to
+the controlling terminal in addition to syslog.
+.TP
+.BR \-r ", " \-\-routes
+Manage VPN routes instead of telling \fBconnmand\fP(8) to do it.
+.SH SEE ALSO
+.BR connmanctl (1), \ connmand (8)
diff --git a/doc/connman.8 b/doc/connman.8
index 51c77e3..7ae9ff5 100644
--- a/doc/connman.8
+++ b/doc/connman.8
@@ -94,4 +94,4 @@ If this option is used, then ConnMan is not able to cache the DNS queries
because the DNS traffic is not going through ConnMan and that can cause
some extra network traffic.
.SH SEE ALSO
-.BR connmanctl (1), \ connman.conf (5)
+.BR connmanctl (1), \ connman.conf (5), \ connman-vpn (8)
diff --git a/doc/connmanctl.1 b/doc/connmanctl.1
index cd5fe36..03abf7c 100644
--- a/doc/connmanctl.1
+++ b/doc/connmanctl.1
@@ -278,4 +278,4 @@ Tethering a wireless connection (ssid "SSID", passphrase "password"):
.PP
.SH
SEE ALSO
-.BR connman.conf (5), \ connman (8)
+.BR connman.conf (5), \ connman (8), \ connman-vpn (8)
--
2.6.1
Jaakko Hannikainen
2015-10-26 14:40:06 UTC
Permalink
---
doc/connman-vpn-provider.config.5 | 424 ++++++++++++++++++++++++++++++++++++++
doc/connman-vpn.8 | 3 +-
doc/connmanctl.1 | 4 +-
3 files changed, 428 insertions(+), 3 deletions(-)
create mode 100644 doc/connman-vpn-provider.config.5

diff --git a/doc/connman-vpn-provider.config.5 b/doc/connman-vpn-provider.config.5
new file mode 100644
index 0000000..cb12854
--- /dev/null
+++ b/doc/connman-vpn-provider.config.5
@@ -0,0 +1,424 @@
+.\" connman-vpn-provider.config(5) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH "connection_name.config" "5" "2015-10-15" ""
+.SH NAME
+connection_name.config \- ConnMan vpn connection provisioning file
+.SH SYNOPSIS
+.B /var/lib/connman-vpn/\fIconnection-name\fB.config
+.SH DESCRIPTION
+.P
+\fIConnMan\fP's vpn connections are configured with so called
+"\fBprovisioning files\fP" which reside under \fI/var/lib/connman-vpn/\fP.
+The files can be named anything, as long as they contain only printable
+ascii characers, for example letters, numbers and underscores. The file
+must end with \fB.config\fP. Each VPN connection requires a provisioning
+file, but multiple connections can be specified in the same file.
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [global]
+This section is optional, and can be used to describe the actual file. The
+two allowed fields for this section are:
+.TP
+.BI Name= name
+Name of the network.
+.TP
+.BI Description= description
+Description of the network.
+.SS [provider_*]
+Each provisioned connection must start with a [provider_*] tag,
+with * replaced by an unique name within the file.
+The following fields are mandatory:
+.TP
+.B Type=OpenConnect \fR|\fB OpenVPN \fR|\fB VPNC \fR|\fB L2TP \fR|\fB PPTP
+Specifies the VPN type.
+.TP
+.BI Host= IP
+VPN server IP address.
+.TP
+.BI Domain= domain
+Domain name for the VPN service.
+.TP
+The following field is optional:
+.TP
+.BI Networks= network / netmask / gateway [,...]
+Networks behind the VPN. If all traffic should go through the VPN, this
+field can be left out. The gateway can be left out. For IPv6 addresses,
+only the prefix length is accepted as the netmask.
+.SS OpenConnect
+The following keys can be used for \fBopenconnect\fP(8) networks:
+.TP
+.BI OpenConnect.ServerCert= cert
+SHA1 fingerprint of the VPN server's certificate.
+.TP
+.BI OpenConnect.CACert= cert
+File containing additional CA certificates in addition to the system
+trusted certificate authorities.
+.TP
+.BI OpenConnect.ClientCert= cert
+Client certificate, if needed by web authentication.
+.TP
+.BI OpenConnect.MTU= mtu
+Request \fImtu\fP from the server as the MTU of the tunnel.
+.TP
+.BI OpenConnect.Cookie= cookie
+The resulting cookie of the authentication process. As the cookie lifetime
+can be very limited, it does not usually make sense to add it into the
+configuration file.
+.TP
+.BI OpenConnect.VPNHost= host
+The final VPN server to use after completing the web authentication. Only
+usable for extremely simple VPN configurations and should normally be set
+only via the VPN Agent API.
+.PP
+If \fBOpenConnect.Cookie\fP, \fBOpenConnect.VPNHost\fP or
+\fBOpenConnect.ServerCert\fP are missing, the VPN Agent will be contacted
+to supply the information.
+.SS OpenVPN
+The following keys are mandatory for \fBopenvpn\fP(8) networks:
+.TP
+.BI OpenVPN.CACert= cert
+Certificate authority file.
+.TP
+.BI OpenVPN.Cert= cert
+Local peer's signed certificate.
+.TP
+.BI OpenVPN.Cert= cert
+Local peer's signed certificate.
+.TP
+.BI OpenVPN.Key= key
+Local peer's private key.
+.TP
+The following keys are optional for \fBopenvpn\fP(8) networks:
+.TP
+.BI OpenVPN.MTU= mtu
+MTU of the tunnel.
+.TP
+.B OpenVPN.NSCertType=client \fR|\fB server
+Peer certificate type, either \fBclient\fP or \fBserver\fP.
+.TP
+.BI OpenVPN.Protocol= protocol
+Use \fIprotocol\fP.
+.TP
+.BI OpenVPN.Port= port
+TCP/UDP port number.
+.TP
+.B OpenVPN.AuthUserPass=true \fR|\fB false
+Authenticate on the server using username/password.
+.TP
+.BI OpenVPN.AskPass= file
+Get certificate password from \fIfile\fP.
+.TP
+.B OpenVPN.AuthNoCache=true \fR|\fB false
+Don't cache AskPass or AuthUserPass value.
+.TP
+.BI OpenVPN.TLSRemote= name
+Accept connections only from a host with X509 name or common
+name equal to \fIname\fP.
+.TP
+.BI OpenVPN.TLSAuth= file
+Use \fIfile\fP for HMAC authentication.
+.TP
+.BI OpenVPN.TLSAuthDir= direction
+Use \fIdirection\fP for HMAC authentication direction.
+.TP
+.BI OpenVPN.Cipher= cipher
+Use \fIcipher\fP as the cipher.
+.TP
+.B OpenVPN.Auth=true \fR|\fB false
+Use HMAC authentication.
+.TP
+.B OpenVPN.CompLZO=yes \fR|\fB no \fR|\fB adaptive
+Use fast LZO compression.
+.TP
+.B OpenVPN.RemoteCertTls=client \fR|\fB server
+Require that remote certificate is signed based on RFC3280 TLS rules.
+.TP
+.BI OpenVPN.ConfigFile= file
+OpenVPN config file for extra options not supported by the OpenVPN plugin.
+.SS VPNC
+The following key is mandatory for \fBvpnc\fP(8) networks:
+.TP
+.BI VPNC.IPSec.ID= id
+Group username.
+.TP
+The following keys are optional for \fBvpnc\fP(8) networks:
+.TP
+.BI VPNC.IPSec.Secret= secret
+Group password.
+.TP
+.BI VPNC.XAuth.Username= username
+Username.
+.TP
+.BI VPNC.XAuth.Password= password
+Password.
+.TP
+.BI VPNC.IKE.Authmode= mode
+IKE authentication mode.
+.TP
+.BI VPNC.IKE.DHGroup= group
+IKE DH group name.
+.TP
+.BI VPNC.PFS= group
+Diffie-Hellman group for perfect forward secrecy.
+.TP
+.BI VPNC.Domain= domain
+Domain name for authentication.
+.TP
+.BI VPNC.Vendor= vendor
+Vendor of the IPSec gateway.
+.TP
+.BI VPNC.LocalPort= port
+Local ISAKMP port number to use.
+.TP
+.BI VPNC.CiscoPort= port
+Cisco UDP Encapsulation Port.
+.TP
+.BI VPNC.AppVersion= version
+Application version to report.
+.TP
+.BI VPNC.NATTMode= mode
+NAT-Traversal Method to use.
+.TP
+.BI VPNC.DPDTimeout= timeout
+DPD idle timeout.
+.TP
+.B VPNC.SingleDES=true \fR|\fB false
+Enable single DES encryption.
+.TP
+.B VPNC.NoEncryption=true \fR|\fB false
+Enable usage of no encryption for data traffic.
+.SS L2TP
+The following keys are optional for l2tp (\fBxl2tp.conf\fP(5), \fBpppd\fP(8))
+networks:
+.TP
+.BI L2TP.User= user
+L2TP username.
+.TP
+.BI L2TP.Password= password
+L2TP password.
+.TP
+.BI L2TP.BPS= bps
+Max bandwidth to use.
+.TP
+.BI L2TP.TXBPS= bps
+Max transmit bandwidth to use.
+.TP
+.BI L2TP.RXBPS= bps
+Max receive bandwidth to use.
+.TP
+.B L2TP.LengthBit=yes \fR|\fB no
+Use length bit.
+.TP
+.B L2TP.Challenge=yes \fR|\fB no
+Use challenge authentication.
+.TP
+.BI L2TP.DefaultRoute= route
+Add \fIroute\fP to the routing tables.
+.TP
+.B L2TP.FlowBit=yes \fR|\fB no
+Use seq numbers.
+.TP
+.BI L2TP.TunnelRWS= size
+Window size.
+.TP
+.B L2TP.Exclusive=yes \fR|\fB no
+Use only one control channel.
+.TP
+.B L2TP.Redial=yes \fR|\fB no
+Redial if disconnected.
+.TP
+.BI L2TP.RedialTimeout= timeout
+Redial timeout.
+.TP
+.BI L2TP.MaxRedials= count
+Maximum amount of redial tries.
+.TP
+.B L2TP.RequirePAP=yes \fR|\fB no
+Require PAP.
+.TP
+.B L2TP.RequireCHAP=yes \fR|\fB no
+Require CHAP.
+.TP
+.B L2TP.ReqAuth=yes \fR|\fB no
+Require authentication.
+.TP
+.B L2TP.AccessControl=yes \fR|\fB no
+Use access control.
+.TP
+.BI L2TP.AuthFile= file
+Authentication file location.
+.TP
+.BI L2TP.ListenAddr= address
+Listen address.
+.TP
+.B L2TP.IPSecSaref=yes \fR|\fB no
+Listen address.
+.TP
+.BI L2TP.Port= port
+UDP port used.
+.TP
+.BI PPPD.EchoFailure= count
+Echo failure count.
+.TP
+.BI PPPD.EchoFailure= count
+Dead peer check count.
+.TP
+.BI PPPD.EchoInterval= interval
+Dead peer check interval.
+.TP
+.BI PPPD.Debug= level
+Debug level.
+.TP
+.B PPPD.RefuseEAP=true \fR|\fB false
+Refuse EAP authentication.
+.TP
+.B PPPD.RefusePAP=true \fR|\fB false
+Refuse PAP authentication.
+.TP
+.B PPPD.RefuseCHAP=true \fR|\fB false
+Refuse CHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP=true \fR|\fB false
+Refuse MSCHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP2=true \fR|\fB false
+Refuse MSCHAPv2 authentication.
+.TP
+.B PPPD.NoBSDComp=true \fR|\fB false
+Disable BSD compression.
+.TP
+.B PPPD.NoPcomp=true \fR|\fB false
+Disable protocol compression.
+.TP
+.B PPPD.UseAccomp=true \fR|\fB false
+Disable Access/Control compression.
+.TP
+.B PPPD.NoDeflate=true \fR|\fB false
+Disable deflate compression.
+.TP
+.B PPPD.ReqMPPE=true \fR|\fB false
+Require the use of MPPE.
+.TP
+.B PPPD.ReqMPPE40=true \fR|\fB false
+Require the use of MPPE 40 bit.
+.TP
+.B PPPD.ReqMPPE128=true \fR|\fB false
+Require the use of MPPE 128 bit.
+.TP
+.B PPPD.ReqMPPEStateful=true \fR|\fB false
+Allow MPPE to use stateful mode.
+.TP
+.B PPPD.NoVJ=true \fR|\fB false
+No Van Jacobson compression.
+.SS PPTP
+The following keys are optional for \fBpptp\fP(8) (see also \fBpppd\fP(8))
+networks:
+.TP
+.BI PPTP.User= username
+Username.
+.TP
+.BI PPTP.Password= password
+Password.
+.TP
+.BI PPPD.EchoFailure= count
+Echo failure count.
+.TP
+.BI PPPD.EchoFailure= count
+Dead peer check count.
+.TP
+.BI PPPD.EchoInterval= interval
+Dead peer check interval.
+.TP
+.BI PPPD.Debug= level
+Debug level.
+.TP
+.B PPPD.RefuseEAP=true \fR|\fB false
+Refuse EAP authentication.
+.TP
+.B PPPD.RefusePAP=true \fR|\fB false
+Refuse PAP authentication.
+.TP
+.B PPPD.RefuseCHAP=true \fR|\fB false
+Refuse CHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP=true \fR|\fB false
+Refuse MSCHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP2=true \fR|\fB false
+Refuse MSCHAPv2 authentication.
+.TP
+.B PPPD.NoBSDComp=true \fR|\fB false
+Disable BSD compression.
+.TP
+.B PPPD.NoPcomp=true \fR|\fB false
+Disable protocol compression.
+.TP
+.B PPPD.UseAccomp=true \fR|\fB false
+Disable Access/Control compression.
+.TP
+.B PPPD.NoDeflate=true \fR|\fB false
+Disable deflate compression.
+.TP
+.B PPPD.ReqMPPE=true \fR|\fB false
+Require the use of MPPE.
+.TP
+.B PPPD.ReqMPPE40=true \fR|\fB false
+Require the use of MPPE 40 bit.
+.TP
+.B PPPD.ReqMPPE128=true \fR|\fB false
+Require the use of MPPE 128 bit.
+.TP
+.B PPPD.ReqMPPEStateful=true \fR|\fB false
+Allow MPPE to use stateful mode.
+.TP
+.B PPPD.NoVJ=true \fR|\fB false
+No Van Jacobson compression.
+
+.SH "EXAMPLE"
+This is a configuration file for a VPN providing L2TP, OpenVPN and
+OpenConnect services. It could, for example, be in the file
+.B /var/lib/connman-vpn/example.config\fR.
+.PP
+.nf
+[global]
+Name = Example
+Description = Example VPN configuration
+
+[provider_l2tp]
+Type = L2TP
+Name = Connection to corporate network
+Host = 1.2.3.4
+Domain = corporate.com
+Networks = 10.10.30.0/24
+L2TP.User = username
+
+[provider_openconnect]
+Type = OpenConnect
+Name = Connection to corporate network using Cisco VPN
+Host = 7.6.5.4
+Domain = corporate.com
+Networks = 10.10.20.0/255.255.255.0/10.20.1.5,192.168.99.1/24,2001:db8::1/64
+OpenConnect.ServerCert = 263AFAB4CB2E6621D12E90182008AEF44AEFA031
+OpenConnect.CACert = /etc/certs/certificate.p12
+
+[provider_openvpn]
+Type = OpenVPN
+Name = Connection to corporate network using OpenVPN
+Host = 3.2.5.6
+Domain = my.home.network
+OpenVPN.CACert = /etc/certs/cacert.pem
+OpenVPN.Cert = /etc/certs/cert.pem
+OpenVPN.Key = /etc/certs/cert.key
+.fi
+.SH "SEE ALSO"
+.BR connmanctl (1),\ connman (8),\ connman-vpn (8)
diff --git a/doc/connman-vpn.8 b/doc/connman-vpn.8
index e595890..968ef50 100644
--- a/doc/connman-vpn.8
+++ b/doc/connman-vpn.8
@@ -59,4 +59,5 @@ the controlling terminal in addition to syslog.
.BR \-r ", " \-\-routes
Manage VPN routes instead of telling \fBconnmand\fP(8) to do it.
.SH SEE ALSO
-.BR connmanctl (1), \ connman-vpn.conf (5), \ connmand (8)
+.BR connmanctl (1), \ connman-vpn.conf (5), \c
+.BR \ connman-vpn-provider.config (5), \ connmand (8)
diff --git a/doc/connmanctl.1 b/doc/connmanctl.1
index e98a697..0f891bd 100644
--- a/doc/connmanctl.1
+++ b/doc/connmanctl.1
@@ -278,5 +278,5 @@ Tethering a wireless connection (ssid "SSID", passphrase "password"):
.PP
.SH
SEE ALSO
-.BR connman.conf (5), \ connman-service.config (5), \ connman (8), \c
-.BR \ connman-vpn (8)
+.BR connman.conf (5), \ connman-service.config (5), \c
+.BR \ connman-vpn-provider.config (5), \ connman (8), \ connman-vpn (8)
--
2.6.1
Jaakko Hannikainen
2015-10-26 14:40:07 UTC
Permalink
This change prettifies man pages with <SYSCONFDIR> and /var/lib
so that it will show the actual value connman was compiled with,
rather than just hinting at some magical compile time variable.
---
.gitignore | 8 ++++++--
Makefile.am | 20 ++++++++++++++++----
...-service.config.5 => connman-service.config.5.in} | 8 ++++----
...der.config.5 => connman-vpn-provider.config.5.in} | 6 +++---
doc/{connman-vpn.8 => connman-vpn.8.in} | 5 ++---
doc/{connman-vpn.conf.5 => connman-vpn.conf.5.in} | 8 +-------
doc/{connman.8 => connman.8.in} | 5 ++---
doc/{connman.conf.5 => connman.conf.5.in} | 8 +-------
doc/{connmanctl.1 => connmanctl.1.in} | 0
9 files changed, 35 insertions(+), 33 deletions(-)
rename doc/{connman-service.config.5 => connman-service.config.5.in} (96%)
rename doc/{connman-vpn-provider.config.5 => connman-vpn-provider.config.5.in} (98%)
rename doc/{connman-vpn.8 => connman-vpn.8.in} (90%)
rename doc/{connman-vpn.conf.5 => connman-vpn.conf.5.in} (90%)
rename doc/{connman.8 => connman.8.in} (94%)
rename doc/{connman.conf.5 => connman.conf.5.in} (97%)
rename doc/{connmanctl.1 => connmanctl.1.in} (100%)

diff --git a/.gitignore b/.gitignore
index 9c22e4a..bbb44c3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,8 +64,12 @@ unit/test-nat
doc/*.bak
doc/*.stamp
doc/connman.*
-!doc/connman.8
-!doc/connman.conf.5
+doc/*.1
+doc/*.5
+doc/*.8
+!doc/*.1.in
+!doc/*.5.in
+!doc/*.8.in
doc/connman-*.txt

vpn/builtin.h
diff --git a/Makefile.am b/Makefile.am
index 3d0645e..abd30eb 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -248,8 +248,6 @@ include Makefile.plugins
if CLIENT
bin_PROGRAMS += client/connmanctl

-MANUAL_PAGES += doc/connmanctl.1
-
client_connmanctl_SOURCES = client/dbus_helpers.h client/dbus_helpers.c \
client/services.h client/services.c \
client/commands.h client/commands.c \
@@ -385,7 +383,10 @@ EXTRA_DIST += doc/overview-api.txt doc/behavior-api.txt \
EXTRA_DIST += src/main.conf \
src/eduroam.config

-MANUAL_PAGES += doc/connman.8 doc/connman.conf.5
+MANUAL_PAGES += doc/connmanctl.1 doc/connman.conf.5 \
+ doc/connman-service.config.5 doc/connman-vpn.conf.5 \
+ doc/connman-vpn-provider.config.5 \
+ doc/connman.8 doc/connman-vpn.8

dist_man_MANS = $(MANUAL_PAGES)

@@ -449,8 +450,19 @@ do_subst = $(AM_V_GEN)$(SED) \
-e 's,[@]prefix[@],$(prefix),g' \
-e 's,[@]sbindir[@],$(sbindir),g' \
-e 's,[@]sysconfdir[@],$(sysconfdir),g' \
+ -e 's,[@]storagedir[@],$(storagedir),g' \
+ -e 's,[@]vpn_storagedir[@],$(vpn_storagedir),g' \
-e 's,[@]localstatedir[@],$(localstatedir),g'

+%.1 : %.1.in
+ $(do_subst) < $< > $@
+
+%.5 : %.5.in
+ $(do_subst) < $< > $@
+
+%.8 : %.8.in
+ $(do_subst) < $< > $@
+
%.service: %.service.in Makefile
$(AM_V_at)$(MKDIR_P) $(dir $@)
$(do_subst) < $< > $@
@@ -468,4 +480,4 @@ include/connman/%.h: $(abs_top_srcdir)/include/%.h
$(AM_V_GEN)$(LN_S) $< $@

clean-local:
- @$(RM) -rf include/connman
+ @$(RM) -rf include/connman $(MANUAL_PAGES)
diff --git a/doc/connman-service.config.5 b/doc/connman-service.config.5.in
similarity index 96%
rename from doc/connman-service.config.5
rename to doc/connman-service.config.5.in
index 3cf3692..535c626 100644
--- a/doc/connman-service.config.5
+++ b/doc/connman-service.config.5.in
@@ -6,11 +6,11 @@
.SH NAME
service-name.config \- ConnMan service provisioning file
.SH SYNOPSIS
-.B /var/lib/connman/\fIservice-name\fB.config
+.B @storagedir@/\fIservice-name\fB.config
.SH DESCRIPTION
.P
\fIConnMan\fP's services are configured with so called
-"\fBprovisioning files\fP" which reside under \fI/var/lib/connman/\fP.
+"\fBprovisioning files\fP" which reside under \***@storagedir@/\fP.
The files can be named anything, as long as they end in \fB.config\fP.
The provisioning files can be used to configure for example secured
wireless access points which need complex authentication, for example
@@ -125,7 +125,7 @@ method (should only be used with \fBEAP=ttls\fP).
.SH "EXAMPLE"
.SS Eduroam
This is a configuration file for eduroam networks. This file could for
-example be /var/lib/connman/eduroam.config. Your university's exact
+example be @storagedir@/eduroam.config. Your university's exact
settings might be different.
.PP
.nf
@@ -139,7 +139,7 @@ CACertFile = /etc/ssl/certs/UNIV_CA.crt
.SS Complex networking
This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid
-and the file name could be /var/lib/connman/complex.config.
+and the file name could be @storagedir@/complex.config.
.PP
Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
746c735f73736964"). If your SSID does not contain any exotic character then
diff --git a/doc/connman-vpn-provider.config.5 b/doc/connman-vpn-provider.config.5.in
similarity index 98%
rename from doc/connman-vpn-provider.config.5
rename to doc/connman-vpn-provider.config.5.in
index cb12854..5393260 100644
--- a/doc/connman-vpn-provider.config.5
+++ b/doc/connman-vpn-provider.config.5.in
@@ -6,11 +6,11 @@
.SH NAME
connection_name.config \- ConnMan vpn connection provisioning file
.SH SYNOPSIS
-.B /var/lib/connman-vpn/\fIconnection-name\fB.config
+.B @vpn_storagedir@/\fIconnection-name\fB.config
.SH DESCRIPTION
.P
\fIConnMan\fP's vpn connections are configured with so called
-"\fBprovisioning files\fP" which reside under \fI/var/lib/connman-vpn/\fP.
+"\fBprovisioning files\fP" which reside under \***@vpn_storagedir@/\fP.
The files can be named anything, as long as they contain only printable
ascii characers, for example letters, numbers and underscores. The file
must end with \fB.config\fP. Each VPN connection requires a provisioning
@@ -387,7 +387,7 @@ No Van Jacobson compression.
.SH "EXAMPLE"
This is a configuration file for a VPN providing L2TP, OpenVPN and
OpenConnect services. It could, for example, be in the file
-.B /var/lib/connman-vpn/example.config\fR.
+.B @vpn_storagedir@/example.config\fR.
.PP
.nf
[global]
diff --git a/doc/connman-vpn.8 b/doc/connman-vpn.8.in
similarity index 90%
rename from doc/connman-vpn.8
rename to doc/connman-vpn.8.in
index 968ef50..6130b3b 100644
--- a/doc/connman-vpn.8
+++ b/doc/connman-vpn.8.in
@@ -38,9 +38,8 @@ Print ConnMan-VPN's available options and exit.
.TP
.BI \-c\ file\fR,\ \fB\-\-config= \fIfile
Specify configuration file to set up various settings for ConnMan. If not
-specified, the default value of \fI<SYSCONFDIR>/connman/connman-vpn.conf\fP
-is used; where \fI<SYSCONFDIR>\fP is dependent on your distribution (usually
-it's \fI/etc\fP). See \fBconnman-vpn.conf\fP(5) for more information on
+specified, the default value of \***@sysconfdir@/connman/connman-vpn.conf\fP
+is used. See \fBconnman-vpn.conf\fP(5) for more information on
configuration file. The use of config file is optional and sane default values
are used if config file is missing.
.TP
diff --git a/doc/connman-vpn.conf.5 b/doc/connman-vpn.conf.5.in
similarity index 90%
rename from doc/connman-vpn.conf.5
rename to doc/connman-vpn.conf.5.in
index 5facd37..fcc4c69 100644
--- a/doc/connman-vpn.conf.5
+++ b/doc/connman-vpn.conf.5.in
@@ -6,13 +6,7 @@
.SH NAME
connman-vpn.conf \- ConnMan-VPN configuration file
.SH SYNOPSIS
-.B /etc/connman/connman-vpn.conf
-.br
-or
-.br
-\fI<SYSCONFDIR>\fB/connman/connman-vpn.conf
-.br
-.RI where\ <SYSCONFDIR> " depends on your distribution or build."
+.B @sysconfdir@/connman/connman-vpn.conf
.SH DESCRIPTION
.P
.B connman-vpn.conf
diff --git a/doc/connman.8 b/doc/connman.8.in
similarity index 94%
rename from doc/connman.8
rename to doc/connman.8.in
index 3d065db..9b71779 100644
--- a/doc/connman.8
+++ b/doc/connman.8.in
@@ -48,9 +48,8 @@ Print ConnMan's available options and exit.
.TP
.BI \-c\ file\fR,\ \fB\-\-config= \fIfile
Specify configuration file to set up various settings for ConnMan. If not
-specified, the default value of \fI<SYSCONFDIR>/connman/main.conf\fP
-is used; where \fI<SYSCONFDIR>\fP is dependent on your distribution (usually
-it's \fI/etc\fP). See \fBconnman.conf\fP(5) for more information on
+specified, the default value of \***@sysconfdir@/connman/main.conf\fP
+is used. See \fBconnman.conf\fP(5) for more information on
configuration file. The use of config file is optional and sane default values
are used if config file is missing.
.TP
diff --git a/doc/connman.conf.5 b/doc/connman.conf.5.in
similarity index 97%
rename from doc/connman.conf.5
rename to doc/connman.conf.5.in
index 0da3b47..ff97b7c 100644
--- a/doc/connman.conf.5
+++ b/doc/connman.conf.5.in
@@ -6,13 +6,7 @@
.SH NAME
main.conf \- ConnMan configuration file
.SH SYNOPSIS
-.B /etc/connman/main.conf
-.br
-or
-.br
-\fI<SYSCONFDIR>\fB/connman/main.conf
-.br
-.RI where\ <SYSCONFDIR> " depends on your distribution or build."
+.B @sysconfdir@/connman/main.conf
.SH DESCRIPTION
.P
.B main.conf
diff --git a/doc/connmanctl.1 b/doc/connmanctl.1.in
similarity index 100%
rename from doc/connmanctl.1
rename to doc/connmanctl.1.in
--
2.6.1
Patrik Flykt
2015-10-27 13:21:44 UTC
Permalink
Hi,
Post by Jaakko Hannikainen
--- a/Makefile.am
+++ b/Makefile.am
@@ -248,8 +248,6 @@ include Makefile.plugins
if CLIENT
bin_PROGRAMS += client/connmanctl
-MANUAL_PAGES += doc/connmanctl.1
-
client_connmanctl_SOURCES = client/dbus_helpers.h client/dbus_helpers.c \
client/services.h client/services.c \
client/commands.h client/commands.c \
@@ -385,7 +383,10 @@ EXTRA_DIST += doc/overview-api.txt doc/behavior-api.txt \
EXTRA_DIST += src/main.conf \
src/eduroam.config
-MANUAL_PAGES += doc/connman.8 doc/connman.conf.5
+MANUAL_PAGES += doc/connmanctl.1 doc/connman.conf.5 \
+ doc/connman-service.config.5 doc/connman-vpn.conf.5 \
+ doc/connman-vpn-provider.config.5 \
+ doc/connman.8 doc/connman-vpn.8
dist_man_MANS = $(MANUAL_PAGES)
Here we need to allow the user to set a different prefix
with ./configure. This causes the following changes to this patch:

--- a/Makefile.am
+++ b/Makefile.am
@@ -378,7 +378,12 @@ EXTRA_DIST += doc/overview-api.txt doc/behavior-api.txt \
doc/vpn-config-format.txt \
doc/vpn-connection-api.txt \
doc/vpn-manager-api.txt doc/vpn-overview.txt \
- doc/session-policy-format.txt
+ doc/session-policy-format.txt \
+ doc/connmanctl.1.in doc/connman.conf.5.in \
+ doc/connman-service.config.5.in \
+ doc/connman-vpn.conf.5.in \
+ doc/connman-vpn-provider.config.5.in \
+ doc/connman.8.in doc/connman-vpn.8.in

EXTRA_DIST += src/main.conf \
src/eduroam.config
@@ -388,7 +393,7 @@ MANUAL_PAGES += doc/connmanctl.1 doc/connman.conf.5 \
doc/connman-vpn-provider.config.5 \
doc/connman.8 doc/connman-vpn.8

-dist_man_MANS = $(MANUAL_PAGES)
+nodist_man_MANS = $(MANUAL_PAGES)

pkgconfigdir = $(libdir)/pkgconfig

Notice the 'nodist_man_MANS', which causes the generated man pages not
to end up in the dist tarball. As 'EXTRA_DIST' now contains the man .in
files, running ./configure will create the man pages using the provided
prefix. I'll squash up those changes into this patch and apply it all.

Cheers,

Patrik
Patrik Flykt
2015-10-27 13:58:40 UTC
Permalink
Post by Jaakko Hannikainen
--- a/Makefile.am
+++ b/Makefile.am
@@ -378,7 +378,12 @@ EXTRA_DIST += doc/overview-api.txt doc/behavior-api.txt \
doc/vpn-config-format.txt \
doc/vpn-connection-api.txt \
doc/vpn-manager-api.txt doc/vpn-overview.txt \
- doc/session-policy-format.txt
+ doc/session-policy-format.txt \
+ doc/connmanctl.1.in doc/connman.conf.5.in \
+ doc/connman-service.config.5.in \
+ doc/connman-vpn.conf.5.in \
+ doc/connman-vpn-provider.config.5.in \
+ doc/connman.8.in doc/connman-vpn.8.in
EXTRA_DIST += src/main.conf \
src/eduroam.config
@@ -388,7 +393,7 @@ MANUAL_PAGES += doc/connmanctl.1 doc/connman.conf.5 \
doc/connman-vpn-provider.config.5 \
doc/connman.8 doc/connman-vpn.8
-dist_man_MANS = $(MANUAL_PAGES)
+nodist_man_MANS = $(MANUAL_PAGES)
pkgconfigdir = $(libdir)/pkgconfig
Notice the 'nodist_man_MANS', which causes the generated man pages not
to end up in the dist tarball. As 'EXTRA_DIST' now contains the man .in
files, running ./configure will create the man pages using the provided
prefix. I'll squash up those changes into this patch and apply it all.
And then we also need to do a $(AM_V_at)$(MKDIR_P) $(dir $@) in all the
%.X : %.X.in rules to create the proper directory...

Phew.

Patrik
Patrik Flykt
2015-10-27 14:13:22 UTC
Permalink
From: Jaakko Hannikainen <***@intel.com>

This change prettifies man pages with <SYSCONFDIR> and /var/lib so
that it will show the actual value connman was compiled with, rather
than just hinting at some magical compile time variable.

Add only the man page autoconf .in files to the dist tar ball so
that running ./configure with a different prefix generates the man
pages using the given prefix. As the autoconf .in is not created by
standard rules, ensure also that the target directory is created.
---
.gitignore | 8 +-
Makefile.am | 32 ++-
doc/connman-service.config.5 | 197 ----------------
doc/connman-service.config.5.in | 197 ++++++++++++++++
doc/connman-vpn-provider.config.5 | 424 -----------------------------------
doc/connman-vpn-provider.config.5.in | 424 +++++++++++++++++++++++++++++++++++
doc/connman-vpn.8 | 63 ------
doc/connman-vpn.8.in | 62 +++++
doc/connman-vpn.conf.5 | 48 ----
doc/connman-vpn.conf.5.in | 42 ++++
doc/connman.8 | 98 --------
doc/connman.8.in | 97 ++++++++
doc/connman.conf.5 | 144 ------------
doc/connman.conf.5.in | 138 ++++++++++++
doc/connmanctl.1 | 282 -----------------------
doc/connmanctl.1.in | 282 +++++++++++++++++++++++
16 files changed, 1274 insertions(+), 1264 deletions(-)
delete mode 100644 doc/connman-service.config.5
create mode 100644 doc/connman-service.config.5.in
delete mode 100644 doc/connman-vpn-provider.config.5
create mode 100644 doc/connman-vpn-provider.config.5.in
delete mode 100644 doc/connman-vpn.8
create mode 100644 doc/connman-vpn.8.in
delete mode 100644 doc/connman-vpn.conf.5
create mode 100644 doc/connman-vpn.conf.5.in
delete mode 100644 doc/connman.8
create mode 100644 doc/connman.8.in
delete mode 100644 doc/connman.conf.5
create mode 100644 doc/connman.conf.5.in
delete mode 100644 doc/connmanctl.1
create mode 100644 doc/connmanctl.1.in

diff --git a/.gitignore b/.gitignore
index 9c22e4a..bbb44c3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,8 +64,12 @@ unit/test-nat
doc/*.bak
doc/*.stamp
doc/connman.*
-!doc/connman.8
-!doc/connman.conf.5
+doc/*.1
+doc/*.5
+doc/*.8
+!doc/*.1.in
+!doc/*.5.in
+!doc/*.8.in
doc/connman-*.txt

vpn/builtin.h
diff --git a/Makefile.am b/Makefile.am
index 3d0645e..4319c4c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -248,8 +248,6 @@ include Makefile.plugins
if CLIENT
bin_PROGRAMS += client/connmanctl

-MANUAL_PAGES += doc/connmanctl.1
-
client_connmanctl_SOURCES = client/dbus_helpers.h client/dbus_helpers.c \
client/services.h client/services.c \
client/commands.h client/commands.c \
@@ -380,14 +378,22 @@ EXTRA_DIST += doc/overview-api.txt doc/behavior-api.txt \
doc/vpn-config-format.txt \
doc/vpn-connection-api.txt \
doc/vpn-manager-api.txt doc/vpn-overview.txt \
- doc/session-policy-format.txt
+ doc/session-policy-format.txt \
+ doc/connmanctl.1.in doc/connman.conf.5.in \
+ doc/connman-service.config.5.in \
+ doc/connman-vpn.conf.5.in \
+ doc/connman-vpn-provider.config.5.in \
+ doc/connman.8.in doc/connman-vpn.8.in

EXTRA_DIST += src/main.conf \
src/eduroam.config

-MANUAL_PAGES += doc/connman.8 doc/connman.conf.5
+MANUAL_PAGES += doc/connmanctl.1 doc/connman.conf.5 \
+ doc/connman-service.config.5 doc/connman-vpn.conf.5 \
+ doc/connman-vpn-provider.config.5 \
+ doc/connman.8 doc/connman-vpn.8

-dist_man_MANS = $(MANUAL_PAGES)
+nodist_man_MANS = $(MANUAL_PAGES)

pkgconfigdir = $(libdir)/pkgconfig

@@ -449,8 +455,22 @@ do_subst = $(AM_V_GEN)$(SED) \
-e 's,[@]prefix[@],$(prefix),g' \
-e 's,[@]sbindir[@],$(sbindir),g' \
-e 's,[@]sysconfdir[@],$(sysconfdir),g' \
+ -e 's,[@]storagedir[@],$(storagedir),g' \
+ -e 's,[@]vpn_storagedir[@],$(vpn_storagedir),g' \
-e 's,[@]localstatedir[@],$(localstatedir),g'

+%.1 : %.1.in
+ $(AM_V_at)$(MKDIR_P) $(dir $@)
+ $(do_subst) < $< > $@
+
+%.5 : %.5.in
+ $(AM_V_at)$(MKDIR_P) $(dir $@)
+ $(do_subst) < $< > $@
+
+%.8 : %.8.in
+ $(AM_V_at)$(MKDIR_P) $(dir $@)
+ $(do_subst) < $< > $@
+
%.service: %.service.in Makefile
$(AM_V_at)$(MKDIR_P) $(dir $@)
$(do_subst) < $< > $@
@@ -468,4 +488,4 @@ include/connman/%.h: $(abs_top_srcdir)/include/%.h
$(AM_V_GEN)$(LN_S) $< $@

clean-local:
- @$(RM) -rf include/connman
+ @$(RM) -rf include/connman $(MANUAL_PAGES)
diff --git a/doc/connman-service.config.5 b/doc/connman-service.config.5
deleted file mode 100644
index 3cf3692..0000000
--- a/doc/connman-service.config.5
+++ /dev/null
@@ -1,197 +0,0 @@
-.\" connman-service.config(5) manual page
-.\"
-.\" Copyright (C) 2015 Intel Corporation
-.\"
-.TH "service-name.config" "5" "2015-10-15" ""
-.SH NAME
-service-name.config \- ConnMan service provisioning file
-.SH SYNOPSIS
-.B /var/lib/connman/\fIservice-name\fB.config
-.SH DESCRIPTION
-.P
-\fIConnMan\fP's services are configured with so called
-"\fBprovisioning files\fP" which reside under \fI/var/lib/connman/\fP.
-The files can be named anything, as long as they end in \fB.config\fP.
-The provisioning files can be used to configure for example secured
-wireless access points which need complex authentication, for example
-eduroam, or for static IPs and so on. Each provisioning file can be
-used for multiple services at once.
-.SH "FILE FORMAT"
-.P
-The configuration file format is key file format.
-It consists of sections (groups) of key-value pairs.
-Lines beginning with a '#' and blank lines are considered comments.
-Sections are started by a header line containing the section enclosed
-in '[' and ']', and ended implicitly by the start of the next section
-or the end of the file. Each key-value pair must be contained in a section.
-.P
-Description of sections and available keys follows:
-.SS [global]
-This section is optional, and can be used to describe the actual file. The
-two allowed fields for this section are:
-.TP
-.BI Name= name
-Name of the network.
-.TP
-.BI Description= description
-Description of the network.
-.SS [service_*]
-Each provisioned service must start with a [service_*] tag, with * replaced
-by an unique name within the file.
-The allowed fields are:
-.TP
-.B Type=ethernet \fR|\fB wifi
-Mandatory. Other types than ethernet or wifi are not supported.
-.TP
-.BI IPv4=off \ \fR|\ dhcp\ \fR|\ network / netmask / gateway
-IPv4 settings for the service. If set to \fBoff\fP, IPv4 won't be used.
-If set to \fBdhcp\fP, dhcp will be used to obtain the network settings.
-\fInetmask\fP can be specified as length of the mask rather than the
-mask itself. The gateway can be omitted when using a static IP.
-.TP
-.BI IPv6=off \ \fR|\ auto\ \fR|\ network / prefixlength / gateway
-IPv6 settings for the service. If set to \fBoff\fP, IPv6 won't be used.
-If set to \fBauto\fP, settings will be obtained from the network.
-.TP
-.B IPv6.Privacy=disabled \fR|\fB enabled \fR|\fB preferred
-IPv6 privacy settings as per RFC3041.
-.TP
-.BI MAC= address
-MAC address of the interface to be used. If not specified, the first
-found interface is used. Must be in format ab:cd:ef:01:23:45.
-.TP
-.BI Nameservers= servers
-Comma separated list of nameservers.
-.TP
-.BI SearchDomains= domains
-Comma separated list of DNS search domains.
-.TP
-.BI Timeservers= servers
-Comma separated list of timeservers.
-.TP
-.BI Domain= domain
-Domain name to be used.
-.TP
-The following keys can only be used for wireless networks:
-.TP
-.BI Name= name
-A string representation of an network SSID. If the SSID field is
-present, the Name field is ignored. If the SSID field is not present,
-this field is mandatory.
-.TP
-.BI SSID= ssid
-SSID: A hexadecimal representation of an 802.11 SSID. Use this format to
-encode special characters including starting or ending spaces.
-.TP
-.BI Passphrase= passphrase
-RSN/WPA/WPA2 Passphrase.
-.TP
-.BI Security= type
-The security type of the network. Possible values are \fBpsk\fP
-(WPA/WPA2 PSK), \fBieee8021x\fP (WPA EAP), \fBnone\fP and \fBwep\fP.
-When not set, the default value is \fBieee8021x\fP if an EAP type is
-configured, \fBpsk\fP if a passphrase is present and \fBnone\fP otherwise.
-.TP
-.B Hidden=true \fR|\fB false
-If set to \fBtrue\fP, then this AP is hidden. If missing or set to
-\fBfalse\fP, then AP is not hidden.
-.TP
-.B EAP=tls \fR|\fB ttls \fR|\fB peap
-EAP type to use. Only \fBtls\fP, \fBttls\fP and \fBpeap\fP are supported.
-.TP
-.BI CACertFile= file
-Path to the CA certificate file. Only PEM and DER formats are supported.
-.TP
-.BI PrivateKeyFile= file
-Path to the private key file. Only PEM, DER and PFX formats are supported.
-.TP
-.BI PrivateKeyPassphrase= passphrase
-Passphrase of the private key.
-.TP
-.B PrivateKeyPassphraseType=fsid
-If specified, use the private key's fsid as the passphrase, and ignore the
-PrivateKeyPassphrase field.
-.TP
-.BI Identity= identity
-Identity string for EAP.
-.TP
-.BI AnonymousIdentity= identity
-Anonymous identity string for EAP.
-.TP
-.BI Phase2= type
-Inner authentication type with for \fBEAP=tls\fP or \fBEAP=ttls\fP. Prefix
-the value with \fBEAP-\fP to indicate usage of EAP-based authentication
-method (should only be used with \fBEAP=ttls\fP).
-.SH "EXAMPLE"
-.SS Eduroam
-This is a configuration file for eduroam networks. This file could for
-example be /var/lib/connman/eduroam.config. Your university's exact
-settings might be different.
-.PP
-.nf
-[service_eduroam]
-Type = wifi
-Name = eduroam
-EAP = peap
-Phase2 = MSCHAPV2
-CACertFile = /etc/ssl/certs/UNIV_CA.crt
-.fi
-.SS Complex networking
-This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
-EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid
-and the file name could be /var/lib/connman/complex.config.
-.PP
-Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
-746c735f73736964"). If your SSID does not contain any exotic character then
-you should use the Name entry instead (e.g. "Name = tls_ssid").
-.PP
-.nf
-[global]
-Name = Example
-Description = Example network configuration
-
-[service_tls]
-Type = wifi
-SSID = 746c735f73736964
-EAP = tls
-CACertFile = /home/user/.certs/ca.pem
-ClientCertFile = /home/user/devlp/.certs/client.pem
-PrivateKeyFile = /home/user/.certs/client.fsid.pem
-PrivateKeyPassphraseType = fsid
-Identity = user
-
-[service_ttls]
-Type = wifi
-Name = ttls_ssid
-EAP = ttls
-CACertFile = /home/user/.cert/ca.pem
-Phase2 = MSCHAPV2
-Identity = user
-
-[service_peap]
-Type = wifi
-Name = peap_ssid
-EAP = peap
-CACertFile = /home/user/.cert/ca.pem
-Phase2 = MSCHAPV2
-Identity = user
-
-[service_home_ethernet]
-Type = ethernet
-IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
-IPv6 = 2001:db8::42/64/2001:db8::1
-MAC = 01:02:03:04:05:06
-Nameservers = 10.2.3.4,192.168.1.99
-SearchDomains = my.home,isp.net
-Timeservers = 10.172.2.1,ntp.my.isp.net
-Domain = my.home
-
-[service_home_wifi]
-Type = wifi
-Name = my_home_wifi
-Passphrase = password
-IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
-MAC = 06:05:04:03:02:01
-.fi
-.SH "SEE ALSO"
-.BR connman (8)
diff --git a/doc/connman-service.config.5.in b/doc/connman-service.config.5.in
new file mode 100644
index 0000000..535c626
--- /dev/null
+++ b/doc/connman-service.config.5.in
@@ -0,0 +1,197 @@
+.\" connman-service.config(5) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH "service-name.config" "5" "2015-10-15" ""
+.SH NAME
+service-name.config \- ConnMan service provisioning file
+.SH SYNOPSIS
+.B @storagedir@/\fIservice-name\fB.config
+.SH DESCRIPTION
+.P
+\fIConnMan\fP's services are configured with so called
+"\fBprovisioning files\fP" which reside under \***@storagedir@/\fP.
+The files can be named anything, as long as they end in \fB.config\fP.
+The provisioning files can be used to configure for example secured
+wireless access points which need complex authentication, for example
+eduroam, or for static IPs and so on. Each provisioning file can be
+used for multiple services at once.
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [global]
+This section is optional, and can be used to describe the actual file. The
+two allowed fields for this section are:
+.TP
+.BI Name= name
+Name of the network.
+.TP
+.BI Description= description
+Description of the network.
+.SS [service_*]
+Each provisioned service must start with a [service_*] tag, with * replaced
+by an unique name within the file.
+The allowed fields are:
+.TP
+.B Type=ethernet \fR|\fB wifi
+Mandatory. Other types than ethernet or wifi are not supported.
+.TP
+.BI IPv4=off \ \fR|\ dhcp\ \fR|\ network / netmask / gateway
+IPv4 settings for the service. If set to \fBoff\fP, IPv4 won't be used.
+If set to \fBdhcp\fP, dhcp will be used to obtain the network settings.
+\fInetmask\fP can be specified as length of the mask rather than the
+mask itself. The gateway can be omitted when using a static IP.
+.TP
+.BI IPv6=off \ \fR|\ auto\ \fR|\ network / prefixlength / gateway
+IPv6 settings for the service. If set to \fBoff\fP, IPv6 won't be used.
+If set to \fBauto\fP, settings will be obtained from the network.
+.TP
+.B IPv6.Privacy=disabled \fR|\fB enabled \fR|\fB preferred
+IPv6 privacy settings as per RFC3041.
+.TP
+.BI MAC= address
+MAC address of the interface to be used. If not specified, the first
+found interface is used. Must be in format ab:cd:ef:01:23:45.
+.TP
+.BI Nameservers= servers
+Comma separated list of nameservers.
+.TP
+.BI SearchDomains= domains
+Comma separated list of DNS search domains.
+.TP
+.BI Timeservers= servers
+Comma separated list of timeservers.
+.TP
+.BI Domain= domain
+Domain name to be used.
+.TP
+The following keys can only be used for wireless networks:
+.TP
+.BI Name= name
+A string representation of an network SSID. If the SSID field is
+present, the Name field is ignored. If the SSID field is not present,
+this field is mandatory.
+.TP
+.BI SSID= ssid
+SSID: A hexadecimal representation of an 802.11 SSID. Use this format to
+encode special characters including starting or ending spaces.
+.TP
+.BI Passphrase= passphrase
+RSN/WPA/WPA2 Passphrase.
+.TP
+.BI Security= type
+The security type of the network. Possible values are \fBpsk\fP
+(WPA/WPA2 PSK), \fBieee8021x\fP (WPA EAP), \fBnone\fP and \fBwep\fP.
+When not set, the default value is \fBieee8021x\fP if an EAP type is
+configured, \fBpsk\fP if a passphrase is present and \fBnone\fP otherwise.
+.TP
+.B Hidden=true \fR|\fB false
+If set to \fBtrue\fP, then this AP is hidden. If missing or set to
+\fBfalse\fP, then AP is not hidden.
+.TP
+.B EAP=tls \fR|\fB ttls \fR|\fB peap
+EAP type to use. Only \fBtls\fP, \fBttls\fP and \fBpeap\fP are supported.
+.TP
+.BI CACertFile= file
+Path to the CA certificate file. Only PEM and DER formats are supported.
+.TP
+.BI PrivateKeyFile= file
+Path to the private key file. Only PEM, DER and PFX formats are supported.
+.TP
+.BI PrivateKeyPassphrase= passphrase
+Passphrase of the private key.
+.TP
+.B PrivateKeyPassphraseType=fsid
+If specified, use the private key's fsid as the passphrase, and ignore the
+PrivateKeyPassphrase field.
+.TP
+.BI Identity= identity
+Identity string for EAP.
+.TP
+.BI AnonymousIdentity= identity
+Anonymous identity string for EAP.
+.TP
+.BI Phase2= type
+Inner authentication type with for \fBEAP=tls\fP or \fBEAP=ttls\fP. Prefix
+the value with \fBEAP-\fP to indicate usage of EAP-based authentication
+method (should only be used with \fBEAP=ttls\fP).
+.SH "EXAMPLE"
+.SS Eduroam
+This is a configuration file for eduroam networks. This file could for
+example be @storagedir@/eduroam.config. Your university's exact
+settings might be different.
+.PP
+.nf
+[service_eduroam]
+Type = wifi
+Name = eduroam
+EAP = peap
+Phase2 = MSCHAPV2
+CACertFile = /etc/ssl/certs/UNIV_CA.crt
+.fi
+.SS Complex networking
+This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
+EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid
+and the file name could be @storagedir@/complex.config.
+.PP
+Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
+746c735f73736964"). If your SSID does not contain any exotic character then
+you should use the Name entry instead (e.g. "Name = tls_ssid").
+.PP
+.nf
+[global]
+Name = Example
+Description = Example network configuration
+
+[service_tls]
+Type = wifi
+SSID = 746c735f73736964
+EAP = tls
+CACertFile = /home/user/.certs/ca.pem
+ClientCertFile = /home/user/devlp/.certs/client.pem
+PrivateKeyFile = /home/user/.certs/client.fsid.pem
+PrivateKeyPassphraseType = fsid
+Identity = user
+
+[service_ttls]
+Type = wifi
+Name = ttls_ssid
+EAP = ttls
+CACertFile = /home/user/.cert/ca.pem
+Phase2 = MSCHAPV2
+Identity = user
+
+[service_peap]
+Type = wifi
+Name = peap_ssid
+EAP = peap
+CACertFile = /home/user/.cert/ca.pem
+Phase2 = MSCHAPV2
+Identity = user
+
+[service_home_ethernet]
+Type = ethernet
+IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
+IPv6 = 2001:db8::42/64/2001:db8::1
+MAC = 01:02:03:04:05:06
+Nameservers = 10.2.3.4,192.168.1.99
+SearchDomains = my.home,isp.net
+Timeservers = 10.172.2.1,ntp.my.isp.net
+Domain = my.home
+
+[service_home_wifi]
+Type = wifi
+Name = my_home_wifi
+Passphrase = password
+IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
+MAC = 06:05:04:03:02:01
+.fi
+.SH "SEE ALSO"
+.BR connman (8)
diff --git a/doc/connman-vpn-provider.config.5 b/doc/connman-vpn-provider.config.5
deleted file mode 100644
index cb12854..0000000
--- a/doc/connman-vpn-provider.config.5
+++ /dev/null
@@ -1,424 +0,0 @@
-.\" connman-vpn-provider.config(5) manual page
-.\"
-.\" Copyright (C) 2015 Intel Corporation
-.\"
-.TH "connection_name.config" "5" "2015-10-15" ""
-.SH NAME
-connection_name.config \- ConnMan vpn connection provisioning file
-.SH SYNOPSIS
-.B /var/lib/connman-vpn/\fIconnection-name\fB.config
-.SH DESCRIPTION
-.P
-\fIConnMan\fP's vpn connections are configured with so called
-"\fBprovisioning files\fP" which reside under \fI/var/lib/connman-vpn/\fP.
-The files can be named anything, as long as they contain only printable
-ascii characers, for example letters, numbers and underscores. The file
-must end with \fB.config\fP. Each VPN connection requires a provisioning
-file, but multiple connections can be specified in the same file.
-.SH "FILE FORMAT"
-.P
-The configuration file format is key file format.
-It consists of sections (groups) of key-value pairs.
-Lines beginning with a '#' and blank lines are considered comments.
-Sections are started by a header line containing the section enclosed
-in '[' and ']', and ended implicitly by the start of the next section
-or the end of the file. Each key-value pair must be contained in a section.
-.P
-Description of sections and available keys follows:
-.SS [global]
-This section is optional, and can be used to describe the actual file. The
-two allowed fields for this section are:
-.TP
-.BI Name= name
-Name of the network.
-.TP
-.BI Description= description
-Description of the network.
-.SS [provider_*]
-Each provisioned connection must start with a [provider_*] tag,
-with * replaced by an unique name within the file.
-The following fields are mandatory:
-.TP
-.B Type=OpenConnect \fR|\fB OpenVPN \fR|\fB VPNC \fR|\fB L2TP \fR|\fB PPTP
-Specifies the VPN type.
-.TP
-.BI Host= IP
-VPN server IP address.
-.TP
-.BI Domain= domain
-Domain name for the VPN service.
-.TP
-The following field is optional:
-.TP
-.BI Networks= network / netmask / gateway [,...]
-Networks behind the VPN. If all traffic should go through the VPN, this
-field can be left out. The gateway can be left out. For IPv6 addresses,
-only the prefix length is accepted as the netmask.
-.SS OpenConnect
-The following keys can be used for \fBopenconnect\fP(8) networks:
-.TP
-.BI OpenConnect.ServerCert= cert
-SHA1 fingerprint of the VPN server's certificate.
-.TP
-.BI OpenConnect.CACert= cert
-File containing additional CA certificates in addition to the system
-trusted certificate authorities.
-.TP
-.BI OpenConnect.ClientCert= cert
-Client certificate, if needed by web authentication.
-.TP
-.BI OpenConnect.MTU= mtu
-Request \fImtu\fP from the server as the MTU of the tunnel.
-.TP
-.BI OpenConnect.Cookie= cookie
-The resulting cookie of the authentication process. As the cookie lifetime
-can be very limited, it does not usually make sense to add it into the
-configuration file.
-.TP
-.BI OpenConnect.VPNHost= host
-The final VPN server to use after completing the web authentication. Only
-usable for extremely simple VPN configurations and should normally be set
-only via the VPN Agent API.
-.PP
-If \fBOpenConnect.Cookie\fP, \fBOpenConnect.VPNHost\fP or
-\fBOpenConnect.ServerCert\fP are missing, the VPN Agent will be contacted
-to supply the information.
-.SS OpenVPN
-The following keys are mandatory for \fBopenvpn\fP(8) networks:
-.TP
-.BI OpenVPN.CACert= cert
-Certificate authority file.
-.TP
-.BI OpenVPN.Cert= cert
-Local peer's signed certificate.
-.TP
-.BI OpenVPN.Cert= cert
-Local peer's signed certificate.
-.TP
-.BI OpenVPN.Key= key
-Local peer's private key.
-.TP
-The following keys are optional for \fBopenvpn\fP(8) networks:
-.TP
-.BI OpenVPN.MTU= mtu
-MTU of the tunnel.
-.TP
-.B OpenVPN.NSCertType=client \fR|\fB server
-Peer certificate type, either \fBclient\fP or \fBserver\fP.
-.TP
-.BI OpenVPN.Protocol= protocol
-Use \fIprotocol\fP.
-.TP
-.BI OpenVPN.Port= port
-TCP/UDP port number.
-.TP
-.B OpenVPN.AuthUserPass=true \fR|\fB false
-Authenticate on the server using username/password.
-.TP
-.BI OpenVPN.AskPass= file
-Get certificate password from \fIfile\fP.
-.TP
-.B OpenVPN.AuthNoCache=true \fR|\fB false
-Don't cache AskPass or AuthUserPass value.
-.TP
-.BI OpenVPN.TLSRemote= name
-Accept connections only from a host with X509 name or common
-name equal to \fIname\fP.
-.TP
-.BI OpenVPN.TLSAuth= file
-Use \fIfile\fP for HMAC authentication.
-.TP
-.BI OpenVPN.TLSAuthDir= direction
-Use \fIdirection\fP for HMAC authentication direction.
-.TP
-.BI OpenVPN.Cipher= cipher
-Use \fIcipher\fP as the cipher.
-.TP
-.B OpenVPN.Auth=true \fR|\fB false
-Use HMAC authentication.
-.TP
-.B OpenVPN.CompLZO=yes \fR|\fB no \fR|\fB adaptive
-Use fast LZO compression.
-.TP
-.B OpenVPN.RemoteCertTls=client \fR|\fB server
-Require that remote certificate is signed based on RFC3280 TLS rules.
-.TP
-.BI OpenVPN.ConfigFile= file
-OpenVPN config file for extra options not supported by the OpenVPN plugin.
-.SS VPNC
-The following key is mandatory for \fBvpnc\fP(8) networks:
-.TP
-.BI VPNC.IPSec.ID= id
-Group username.
-.TP
-The following keys are optional for \fBvpnc\fP(8) networks:
-.TP
-.BI VPNC.IPSec.Secret= secret
-Group password.
-.TP
-.BI VPNC.XAuth.Username= username
-Username.
-.TP
-.BI VPNC.XAuth.Password= password
-Password.
-.TP
-.BI VPNC.IKE.Authmode= mode
-IKE authentication mode.
-.TP
-.BI VPNC.IKE.DHGroup= group
-IKE DH group name.
-.TP
-.BI VPNC.PFS= group
-Diffie-Hellman group for perfect forward secrecy.
-.TP
-.BI VPNC.Domain= domain
-Domain name for authentication.
-.TP
-.BI VPNC.Vendor= vendor
-Vendor of the IPSec gateway.
-.TP
-.BI VPNC.LocalPort= port
-Local ISAKMP port number to use.
-.TP
-.BI VPNC.CiscoPort= port
-Cisco UDP Encapsulation Port.
-.TP
-.BI VPNC.AppVersion= version
-Application version to report.
-.TP
-.BI VPNC.NATTMode= mode
-NAT-Traversal Method to use.
-.TP
-.BI VPNC.DPDTimeout= timeout
-DPD idle timeout.
-.TP
-.B VPNC.SingleDES=true \fR|\fB false
-Enable single DES encryption.
-.TP
-.B VPNC.NoEncryption=true \fR|\fB false
-Enable usage of no encryption for data traffic.
-.SS L2TP
-The following keys are optional for l2tp (\fBxl2tp.conf\fP(5), \fBpppd\fP(8))
-networks:
-.TP
-.BI L2TP.User= user
-L2TP username.
-.TP
-.BI L2TP.Password= password
-L2TP password.
-.TP
-.BI L2TP.BPS= bps
-Max bandwidth to use.
-.TP
-.BI L2TP.TXBPS= bps
-Max transmit bandwidth to use.
-.TP
-.BI L2TP.RXBPS= bps
-Max receive bandwidth to use.
-.TP
-.B L2TP.LengthBit=yes \fR|\fB no
-Use length bit.
-.TP
-.B L2TP.Challenge=yes \fR|\fB no
-Use challenge authentication.
-.TP
-.BI L2TP.DefaultRoute= route
-Add \fIroute\fP to the routing tables.
-.TP
-.B L2TP.FlowBit=yes \fR|\fB no
-Use seq numbers.
-.TP
-.BI L2TP.TunnelRWS= size
-Window size.
-.TP
-.B L2TP.Exclusive=yes \fR|\fB no
-Use only one control channel.
-.TP
-.B L2TP.Redial=yes \fR|\fB no
-Redial if disconnected.
-.TP
-.BI L2TP.RedialTimeout= timeout
-Redial timeout.
-.TP
-.BI L2TP.MaxRedials= count
-Maximum amount of redial tries.
-.TP
-.B L2TP.RequirePAP=yes \fR|\fB no
-Require PAP.
-.TP
-.B L2TP.RequireCHAP=yes \fR|\fB no
-Require CHAP.
-.TP
-.B L2TP.ReqAuth=yes \fR|\fB no
-Require authentication.
-.TP
-.B L2TP.AccessControl=yes \fR|\fB no
-Use access control.
-.TP
-.BI L2TP.AuthFile= file
-Authentication file location.
-.TP
-.BI L2TP.ListenAddr= address
-Listen address.
-.TP
-.B L2TP.IPSecSaref=yes \fR|\fB no
-Listen address.
-.TP
-.BI L2TP.Port= port
-UDP port used.
-.TP
-.BI PPPD.EchoFailure= count
-Echo failure count.
-.TP
-.BI PPPD.EchoFailure= count
-Dead peer check count.
-.TP
-.BI PPPD.EchoInterval= interval
-Dead peer check interval.
-.TP
-.BI PPPD.Debug= level
-Debug level.
-.TP
-.B PPPD.RefuseEAP=true \fR|\fB false
-Refuse EAP authentication.
-.TP
-.B PPPD.RefusePAP=true \fR|\fB false
-Refuse PAP authentication.
-.TP
-.B PPPD.RefuseCHAP=true \fR|\fB false
-Refuse CHAP authentication.
-.TP
-.B PPPD.RefuseMSCHAP=true \fR|\fB false
-Refuse MSCHAP authentication.
-.TP
-.B PPPD.RefuseMSCHAP2=true \fR|\fB false
-Refuse MSCHAPv2 authentication.
-.TP
-.B PPPD.NoBSDComp=true \fR|\fB false
-Disable BSD compression.
-.TP
-.B PPPD.NoPcomp=true \fR|\fB false
-Disable protocol compression.
-.TP
-.B PPPD.UseAccomp=true \fR|\fB false
-Disable Access/Control compression.
-.TP
-.B PPPD.NoDeflate=true \fR|\fB false
-Disable deflate compression.
-.TP
-.B PPPD.ReqMPPE=true \fR|\fB false
-Require the use of MPPE.
-.TP
-.B PPPD.ReqMPPE40=true \fR|\fB false
-Require the use of MPPE 40 bit.
-.TP
-.B PPPD.ReqMPPE128=true \fR|\fB false
-Require the use of MPPE 128 bit.
-.TP
-.B PPPD.ReqMPPEStateful=true \fR|\fB false
-Allow MPPE to use stateful mode.
-.TP
-.B PPPD.NoVJ=true \fR|\fB false
-No Van Jacobson compression.
-.SS PPTP
-The following keys are optional for \fBpptp\fP(8) (see also \fBpppd\fP(8))
-networks:
-.TP
-.BI PPTP.User= username
-Username.
-.TP
-.BI PPTP.Password= password
-Password.
-.TP
-.BI PPPD.EchoFailure= count
-Echo failure count.
-.TP
-.BI PPPD.EchoFailure= count
-Dead peer check count.
-.TP
-.BI PPPD.EchoInterval= interval
-Dead peer check interval.
-.TP
-.BI PPPD.Debug= level
-Debug level.
-.TP
-.B PPPD.RefuseEAP=true \fR|\fB false
-Refuse EAP authentication.
-.TP
-.B PPPD.RefusePAP=true \fR|\fB false
-Refuse PAP authentication.
-.TP
-.B PPPD.RefuseCHAP=true \fR|\fB false
-Refuse CHAP authentication.
-.TP
-.B PPPD.RefuseMSCHAP=true \fR|\fB false
-Refuse MSCHAP authentication.
-.TP
-.B PPPD.RefuseMSCHAP2=true \fR|\fB false
-Refuse MSCHAPv2 authentication.
-.TP
-.B PPPD.NoBSDComp=true \fR|\fB false
-Disable BSD compression.
-.TP
-.B PPPD.NoPcomp=true \fR|\fB false
-Disable protocol compression.
-.TP
-.B PPPD.UseAccomp=true \fR|\fB false
-Disable Access/Control compression.
-.TP
-.B PPPD.NoDeflate=true \fR|\fB false
-Disable deflate compression.
-.TP
-.B PPPD.ReqMPPE=true \fR|\fB false
-Require the use of MPPE.
-.TP
-.B PPPD.ReqMPPE40=true \fR|\fB false
-Require the use of MPPE 40 bit.
-.TP
-.B PPPD.ReqMPPE128=true \fR|\fB false
-Require the use of MPPE 128 bit.
-.TP
-.B PPPD.ReqMPPEStateful=true \fR|\fB false
-Allow MPPE to use stateful mode.
-.TP
-.B PPPD.NoVJ=true \fR|\fB false
-No Van Jacobson compression.
-
-.SH "EXAMPLE"
-This is a configuration file for a VPN providing L2TP, OpenVPN and
-OpenConnect services. It could, for example, be in the file
-.B /var/lib/connman-vpn/example.config\fR.
-.PP
-.nf
-[global]
-Name = Example
-Description = Example VPN configuration
-
-[provider_l2tp]
-Type = L2TP
-Name = Connection to corporate network
-Host = 1.2.3.4
-Domain = corporate.com
-Networks = 10.10.30.0/24
-L2TP.User = username
-
-[provider_openconnect]
-Type = OpenConnect
-Name = Connection to corporate network using Cisco VPN
-Host = 7.6.5.4
-Domain = corporate.com
-Networks = 10.10.20.0/255.255.255.0/10.20.1.5,192.168.99.1/24,2001:db8::1/64
-OpenConnect.ServerCert = 263AFAB4CB2E6621D12E90182008AEF44AEFA031
-OpenConnect.CACert = /etc/certs/certificate.p12
-
-[provider_openvpn]
-Type = OpenVPN
-Name = Connection to corporate network using OpenVPN
-Host = 3.2.5.6
-Domain = my.home.network
-OpenVPN.CACert = /etc/certs/cacert.pem
-OpenVPN.Cert = /etc/certs/cert.pem
-OpenVPN.Key = /etc/certs/cert.key
-.fi
-.SH "SEE ALSO"
-.BR connmanctl (1),\ connman (8),\ connman-vpn (8)
diff --git a/doc/connman-vpn-provider.config.5.in b/doc/connman-vpn-provider.config.5.in
new file mode 100644
index 0000000..5393260
--- /dev/null
+++ b/doc/connman-vpn-provider.config.5.in
@@ -0,0 +1,424 @@
+.\" connman-vpn-provider.config(5) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH "connection_name.config" "5" "2015-10-15" ""
+.SH NAME
+connection_name.config \- ConnMan vpn connection provisioning file
+.SH SYNOPSIS
+.B @vpn_storagedir@/\fIconnection-name\fB.config
+.SH DESCRIPTION
+.P
+\fIConnMan\fP's vpn connections are configured with so called
+"\fBprovisioning files\fP" which reside under \***@vpn_storagedir@/\fP.
+The files can be named anything, as long as they contain only printable
+ascii characers, for example letters, numbers and underscores. The file
+must end with \fB.config\fP. Each VPN connection requires a provisioning
+file, but multiple connections can be specified in the same file.
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [global]
+This section is optional, and can be used to describe the actual file. The
+two allowed fields for this section are:
+.TP
+.BI Name= name
+Name of the network.
+.TP
+.BI Description= description
+Description of the network.
+.SS [provider_*]
+Each provisioned connection must start with a [provider_*] tag,
+with * replaced by an unique name within the file.
+The following fields are mandatory:
+.TP
+.B Type=OpenConnect \fR|\fB OpenVPN \fR|\fB VPNC \fR|\fB L2TP \fR|\fB PPTP
+Specifies the VPN type.
+.TP
+.BI Host= IP
+VPN server IP address.
+.TP
+.BI Domain= domain
+Domain name for the VPN service.
+.TP
+The following field is optional:
+.TP
+.BI Networks= network / netmask / gateway [,...]
+Networks behind the VPN. If all traffic should go through the VPN, this
+field can be left out. The gateway can be left out. For IPv6 addresses,
+only the prefix length is accepted as the netmask.
+.SS OpenConnect
+The following keys can be used for \fBopenconnect\fP(8) networks:
+.TP
+.BI OpenConnect.ServerCert= cert
+SHA1 fingerprint of the VPN server's certificate.
+.TP
+.BI OpenConnect.CACert= cert
+File containing additional CA certificates in addition to the system
+trusted certificate authorities.
+.TP
+.BI OpenConnect.ClientCert= cert
+Client certificate, if needed by web authentication.
+.TP
+.BI OpenConnect.MTU= mtu
+Request \fImtu\fP from the server as the MTU of the tunnel.
+.TP
+.BI OpenConnect.Cookie= cookie
+The resulting cookie of the authentication process. As the cookie lifetime
+can be very limited, it does not usually make sense to add it into the
+configuration file.
+.TP
+.BI OpenConnect.VPNHost= host
+The final VPN server to use after completing the web authentication. Only
+usable for extremely simple VPN configurations and should normally be set
+only via the VPN Agent API.
+.PP
+If \fBOpenConnect.Cookie\fP, \fBOpenConnect.VPNHost\fP or
+\fBOpenConnect.ServerCert\fP are missing, the VPN Agent will be contacted
+to supply the information.
+.SS OpenVPN
+The following keys are mandatory for \fBopenvpn\fP(8) networks:
+.TP
+.BI OpenVPN.CACert= cert
+Certificate authority file.
+.TP
+.BI OpenVPN.Cert= cert
+Local peer's signed certificate.
+.TP
+.BI OpenVPN.Cert= cert
+Local peer's signed certificate.
+.TP
+.BI OpenVPN.Key= key
+Local peer's private key.
+.TP
+The following keys are optional for \fBopenvpn\fP(8) networks:
+.TP
+.BI OpenVPN.MTU= mtu
+MTU of the tunnel.
+.TP
+.B OpenVPN.NSCertType=client \fR|\fB server
+Peer certificate type, either \fBclient\fP or \fBserver\fP.
+.TP
+.BI OpenVPN.Protocol= protocol
+Use \fIprotocol\fP.
+.TP
+.BI OpenVPN.Port= port
+TCP/UDP port number.
+.TP
+.B OpenVPN.AuthUserPass=true \fR|\fB false
+Authenticate on the server using username/password.
+.TP
+.BI OpenVPN.AskPass= file
+Get certificate password from \fIfile\fP.
+.TP
+.B OpenVPN.AuthNoCache=true \fR|\fB false
+Don't cache AskPass or AuthUserPass value.
+.TP
+.BI OpenVPN.TLSRemote= name
+Accept connections only from a host with X509 name or common
+name equal to \fIname\fP.
+.TP
+.BI OpenVPN.TLSAuth= file
+Use \fIfile\fP for HMAC authentication.
+.TP
+.BI OpenVPN.TLSAuthDir= direction
+Use \fIdirection\fP for HMAC authentication direction.
+.TP
+.BI OpenVPN.Cipher= cipher
+Use \fIcipher\fP as the cipher.
+.TP
+.B OpenVPN.Auth=true \fR|\fB false
+Use HMAC authentication.
+.TP
+.B OpenVPN.CompLZO=yes \fR|\fB no \fR|\fB adaptive
+Use fast LZO compression.
+.TP
+.B OpenVPN.RemoteCertTls=client \fR|\fB server
+Require that remote certificate is signed based on RFC3280 TLS rules.
+.TP
+.BI OpenVPN.ConfigFile= file
+OpenVPN config file for extra options not supported by the OpenVPN plugin.
+.SS VPNC
+The following key is mandatory for \fBvpnc\fP(8) networks:
+.TP
+.BI VPNC.IPSec.ID= id
+Group username.
+.TP
+The following keys are optional for \fBvpnc\fP(8) networks:
+.TP
+.BI VPNC.IPSec.Secret= secret
+Group password.
+.TP
+.BI VPNC.XAuth.Username= username
+Username.
+.TP
+.BI VPNC.XAuth.Password= password
+Password.
+.TP
+.BI VPNC.IKE.Authmode= mode
+IKE authentication mode.
+.TP
+.BI VPNC.IKE.DHGroup= group
+IKE DH group name.
+.TP
+.BI VPNC.PFS= group
+Diffie-Hellman group for perfect forward secrecy.
+.TP
+.BI VPNC.Domain= domain
+Domain name for authentication.
+.TP
+.BI VPNC.Vendor= vendor
+Vendor of the IPSec gateway.
+.TP
+.BI VPNC.LocalPort= port
+Local ISAKMP port number to use.
+.TP
+.BI VPNC.CiscoPort= port
+Cisco UDP Encapsulation Port.
+.TP
+.BI VPNC.AppVersion= version
+Application version to report.
+.TP
+.BI VPNC.NATTMode= mode
+NAT-Traversal Method to use.
+.TP
+.BI VPNC.DPDTimeout= timeout
+DPD idle timeout.
+.TP
+.B VPNC.SingleDES=true \fR|\fB false
+Enable single DES encryption.
+.TP
+.B VPNC.NoEncryption=true \fR|\fB false
+Enable usage of no encryption for data traffic.
+.SS L2TP
+The following keys are optional for l2tp (\fBxl2tp.conf\fP(5), \fBpppd\fP(8))
+networks:
+.TP
+.BI L2TP.User= user
+L2TP username.
+.TP
+.BI L2TP.Password= password
+L2TP password.
+.TP
+.BI L2TP.BPS= bps
+Max bandwidth to use.
+.TP
+.BI L2TP.TXBPS= bps
+Max transmit bandwidth to use.
+.TP
+.BI L2TP.RXBPS= bps
+Max receive bandwidth to use.
+.TP
+.B L2TP.LengthBit=yes \fR|\fB no
+Use length bit.
+.TP
+.B L2TP.Challenge=yes \fR|\fB no
+Use challenge authentication.
+.TP
+.BI L2TP.DefaultRoute= route
+Add \fIroute\fP to the routing tables.
+.TP
+.B L2TP.FlowBit=yes \fR|\fB no
+Use seq numbers.
+.TP
+.BI L2TP.TunnelRWS= size
+Window size.
+.TP
+.B L2TP.Exclusive=yes \fR|\fB no
+Use only one control channel.
+.TP
+.B L2TP.Redial=yes \fR|\fB no
+Redial if disconnected.
+.TP
+.BI L2TP.RedialTimeout= timeout
+Redial timeout.
+.TP
+.BI L2TP.MaxRedials= count
+Maximum amount of redial tries.
+.TP
+.B L2TP.RequirePAP=yes \fR|\fB no
+Require PAP.
+.TP
+.B L2TP.RequireCHAP=yes \fR|\fB no
+Require CHAP.
+.TP
+.B L2TP.ReqAuth=yes \fR|\fB no
+Require authentication.
+.TP
+.B L2TP.AccessControl=yes \fR|\fB no
+Use access control.
+.TP
+.BI L2TP.AuthFile= file
+Authentication file location.
+.TP
+.BI L2TP.ListenAddr= address
+Listen address.
+.TP
+.B L2TP.IPSecSaref=yes \fR|\fB no
+Listen address.
+.TP
+.BI L2TP.Port= port
+UDP port used.
+.TP
+.BI PPPD.EchoFailure= count
+Echo failure count.
+.TP
+.BI PPPD.EchoFailure= count
+Dead peer check count.
+.TP
+.BI PPPD.EchoInterval= interval
+Dead peer check interval.
+.TP
+.BI PPPD.Debug= level
+Debug level.
+.TP
+.B PPPD.RefuseEAP=true \fR|\fB false
+Refuse EAP authentication.
+.TP
+.B PPPD.RefusePAP=true \fR|\fB false
+Refuse PAP authentication.
+.TP
+.B PPPD.RefuseCHAP=true \fR|\fB false
+Refuse CHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP=true \fR|\fB false
+Refuse MSCHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP2=true \fR|\fB false
+Refuse MSCHAPv2 authentication.
+.TP
+.B PPPD.NoBSDComp=true \fR|\fB false
+Disable BSD compression.
+.TP
+.B PPPD.NoPcomp=true \fR|\fB false
+Disable protocol compression.
+.TP
+.B PPPD.UseAccomp=true \fR|\fB false
+Disable Access/Control compression.
+.TP
+.B PPPD.NoDeflate=true \fR|\fB false
+Disable deflate compression.
+.TP
+.B PPPD.ReqMPPE=true \fR|\fB false
+Require the use of MPPE.
+.TP
+.B PPPD.ReqMPPE40=true \fR|\fB false
+Require the use of MPPE 40 bit.
+.TP
+.B PPPD.ReqMPPE128=true \fR|\fB false
+Require the use of MPPE 128 bit.
+.TP
+.B PPPD.ReqMPPEStateful=true \fR|\fB false
+Allow MPPE to use stateful mode.
+.TP
+.B PPPD.NoVJ=true \fR|\fB false
+No Van Jacobson compression.
+.SS PPTP
+The following keys are optional for \fBpptp\fP(8) (see also \fBpppd\fP(8))
+networks:
+.TP
+.BI PPTP.User= username
+Username.
+.TP
+.BI PPTP.Password= password
+Password.
+.TP
+.BI PPPD.EchoFailure= count
+Echo failure count.
+.TP
+.BI PPPD.EchoFailure= count
+Dead peer check count.
+.TP
+.BI PPPD.EchoInterval= interval
+Dead peer check interval.
+.TP
+.BI PPPD.Debug= level
+Debug level.
+.TP
+.B PPPD.RefuseEAP=true \fR|\fB false
+Refuse EAP authentication.
+.TP
+.B PPPD.RefusePAP=true \fR|\fB false
+Refuse PAP authentication.
+.TP
+.B PPPD.RefuseCHAP=true \fR|\fB false
+Refuse CHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP=true \fR|\fB false
+Refuse MSCHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP2=true \fR|\fB false
+Refuse MSCHAPv2 authentication.
+.TP
+.B PPPD.NoBSDComp=true \fR|\fB false
+Disable BSD compression.
+.TP
+.B PPPD.NoPcomp=true \fR|\fB false
+Disable protocol compression.
+.TP
+.B PPPD.UseAccomp=true \fR|\fB false
+Disable Access/Control compression.
+.TP
+.B PPPD.NoDeflate=true \fR|\fB false
+Disable deflate compression.
+.TP
+.B PPPD.ReqMPPE=true \fR|\fB false
+Require the use of MPPE.
+.TP
+.B PPPD.ReqMPPE40=true \fR|\fB false
+Require the use of MPPE 40 bit.
+.TP
+.B PPPD.ReqMPPE128=true \fR|\fB false
+Require the use of MPPE 128 bit.
+.TP
+.B PPPD.ReqMPPEStateful=true \fR|\fB false
+Allow MPPE to use stateful mode.
+.TP
+.B PPPD.NoVJ=true \fR|\fB false
+No Van Jacobson compression.
+
+.SH "EXAMPLE"
+This is a configuration file for a VPN providing L2TP, OpenVPN and
+OpenConnect services. It could, for example, be in the file
+.B @vpn_storagedir@/example.config\fR.
+.PP
+.nf
+[global]
+Name = Example
+Description = Example VPN configuration
+
+[provider_l2tp]
+Type = L2TP
+Name = Connection to corporate network
+Host = 1.2.3.4
+Domain = corporate.com
+Networks = 10.10.30.0/24
+L2TP.User = username
+
+[provider_openconnect]
+Type = OpenConnect
+Name = Connection to corporate network using Cisco VPN
+Host = 7.6.5.4
+Domain = corporate.com
+Networks = 10.10.20.0/255.255.255.0/10.20.1.5,192.168.99.1/24,2001:db8::1/64
+OpenConnect.ServerCert = 263AFAB4CB2E6621D12E90182008AEF44AEFA031
+OpenConnect.CACert = /etc/certs/certificate.p12
+
+[provider_openvpn]
+Type = OpenVPN
+Name = Connection to corporate network using OpenVPN
+Host = 3.2.5.6
+Domain = my.home.network
+OpenVPN.CACert = /etc/certs/cacert.pem
+OpenVPN.Cert = /etc/certs/cert.pem
+OpenVPN.Key = /etc/certs/cert.key
+.fi
+.SH "SEE ALSO"
+.BR connmanctl (1),\ connman (8),\ connman-vpn (8)
diff --git a/doc/connman-vpn.8 b/doc/connman-vpn.8
deleted file mode 100644
index 968ef50..0000000
--- a/doc/connman-vpn.8
+++ /dev/null
@@ -1,63 +0,0 @@
-.\" connman-vpn(8) manual page
-.\"
-.\" Copyright (C) 2015 Intel Corporation
-.\"
-.TH CONNMAN-VPN "8" "2015-10-15"
-.SH NAME
-ConnMan-VPN \- VPN management daemon
-.SH SYNOPSIS
-.B connman-vpnd
-.RB [\| \-\-version \||\| \-\-help \|]
-.PP
-.B connman-vpnd
-.RB [\| \-c
-.IR file \|]
-.RB [\| \-d\ [\c
-.IR file [,...]\|]\|]
-.RB [\| \-p
-.IR plugin [,...]\|]
-.RB [\| \-P
-.IR plugin [,...]\|]
-.RB [\| \-n \|]
-.RB [\| \-r \|]
-.SH DESCRIPTION
-The \fIConnMan-VPN\fP provides a daemon for managing vpn connections together
-with \fBconnmand\fP(8). The Connection Manager is designed to be slim and to
-use as few resources as possible. The VPN daemon supports \fBopenconnect\fP(8),
-\fBopenvpn\fP(8), \fBvpnc\fP(8) and L2TP/PPTP (\fBxl2tpd.conf\fP(5),
-\fBpptp\fP(8), \fBpppd\fP(8)).
-.P
-.SH OPTIONS
-The following options are supported:
-.TP
-.BR \-v ", " \-\-version
-Print the ConnMan-VPN software version and exit.
-.TP
-.BR \-h ", " \-\-help
-Print ConnMan-VPN's available options and exit.
-.TP
-.BI \-c\ file\fR,\ \fB\-\-config= \fIfile
-Specify configuration file to set up various settings for ConnMan. If not
-specified, the default value of \fI<SYSCONFDIR>/connman/connman-vpn.conf\fP
-is used; where \fI<SYSCONFDIR>\fP is dependent on your distribution (usually
-it's \fI/etc\fP). See \fBconnman-vpn.conf\fP(5) for more information on
-configuration file. The use of config file is optional and sane default values
-are used if config file is missing.
-.TP
-.BR \-d\ [ \fIfile [,...]],\ \-\-debug [= \fIfile [,...]]
-Sets how much information ConnMan-VPN sends to the log destination (usually
-syslog's "daemon" facility). If the file options are omitted, then debugging
-information from all the source files are printed. If file options are
-present, then only debug prints from that source file are printed. Example:
-.PP
- connman-vpnd --debug=vpn/vpn-provider.c,vpn/vpn-config.c
-.TP
-.BR \-n ", " \-\-nodaemon
-Do not daemonize. This is useful for debugging, and directs log output to
-the controlling terminal in addition to syslog.
-.TP
-.BR \-r ", " \-\-routes
-Manage VPN routes instead of telling \fBconnmand\fP(8) to do it.
-.SH SEE ALSO
-.BR connmanctl (1), \ connman-vpn.conf (5), \c
-.BR \ connman-vpn-provider.config (5), \ connmand (8)
diff --git a/doc/connman-vpn.8.in b/doc/connman-vpn.8.in
new file mode 100644
index 0000000..6130b3b
--- /dev/null
+++ b/doc/connman-vpn.8.in
@@ -0,0 +1,62 @@
+.\" connman-vpn(8) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH CONNMAN-VPN "8" "2015-10-15"
+.SH NAME
+ConnMan-VPN \- VPN management daemon
+.SH SYNOPSIS
+.B connman-vpnd
+.RB [\| \-\-version \||\| \-\-help \|]
+.PP
+.B connman-vpnd
+.RB [\| \-c
+.IR file \|]
+.RB [\| \-d\ [\c
+.IR file [,...]\|]\|]
+.RB [\| \-p
+.IR plugin [,...]\|]
+.RB [\| \-P
+.IR plugin [,...]\|]
+.RB [\| \-n \|]
+.RB [\| \-r \|]
+.SH DESCRIPTION
+The \fIConnMan-VPN\fP provides a daemon for managing vpn connections together
+with \fBconnmand\fP(8). The Connection Manager is designed to be slim and to
+use as few resources as possible. The VPN daemon supports \fBopenconnect\fP(8),
+\fBopenvpn\fP(8), \fBvpnc\fP(8) and L2TP/PPTP (\fBxl2tpd.conf\fP(5),
+\fBpptp\fP(8), \fBpppd\fP(8)).
+.P
+.SH OPTIONS
+The following options are supported:
+.TP
+.BR \-v ", " \-\-version
+Print the ConnMan-VPN software version and exit.
+.TP
+.BR \-h ", " \-\-help
+Print ConnMan-VPN's available options and exit.
+.TP
+.BI \-c\ file\fR,\ \fB\-\-config= \fIfile
+Specify configuration file to set up various settings for ConnMan. If not
+specified, the default value of \***@sysconfdir@/connman/connman-vpn.conf\fP
+is used. See \fBconnman-vpn.conf\fP(5) for more information on
+configuration file. The use of config file is optional and sane default values
+are used if config file is missing.
+.TP
+.BR \-d\ [ \fIfile [,...]],\ \-\-debug [= \fIfile [,...]]
+Sets how much information ConnMan-VPN sends to the log destination (usually
+syslog's "daemon" facility). If the file options are omitted, then debugging
+information from all the source files are printed. If file options are
+present, then only debug prints from that source file are printed. Example:
+.PP
+ connman-vpnd --debug=vpn/vpn-provider.c,vpn/vpn-config.c
+.TP
+.BR \-n ", " \-\-nodaemon
+Do not daemonize. This is useful for debugging, and directs log output to
+the controlling terminal in addition to syslog.
+.TP
+.BR \-r ", " \-\-routes
+Manage VPN routes instead of telling \fBconnmand\fP(8) to do it.
+.SH SEE ALSO
+.BR connmanctl (1), \ connman-vpn.conf (5), \c
+.BR \ connman-vpn-provider.config (5), \ connmand (8)
diff --git a/doc/connman-vpn.conf.5 b/doc/connman-vpn.conf.5
deleted file mode 100644
index 5facd37..0000000
--- a/doc/connman-vpn.conf.5
+++ /dev/null
@@ -1,48 +0,0 @@
-.\" connman-vpn.conf(5) manual page
-.\"
-.\" Copyright (C) 2015 Intel Corporation
-.\"
-.TH "connman-vpn.conf" "5" "2015-10-15" ""
-.SH NAME
-connman-vpn.conf \- ConnMan-VPN configuration file
-.SH SYNOPSIS
-.B /etc/connman/connman-vpn.conf
-.br
-or
-.br
-\fI<SYSCONFDIR>\fB/connman/connman-vpn.conf
-.br
-.RI where\ <SYSCONFDIR> " depends on your distribution or build."
-.SH DESCRIPTION
-.P
-.B connman-vpn.conf
-is a configuration file for ConnMan-VPN. The configuration file is
-optional but it can be used to set up various aspects of ConnMan-VPN's
-behavior. The location of the file may be changed through use of
-the \fB\-\-config= \fRargument for \fBconnman-vpn\fP(8).
-.SH "FILE FORMAT"
-.P
-The configuration file format is key file format.
-It consists of sections (groups) of key-value pairs.
-Lines beginning with a '#' and blank lines are considered comments.
-Sections are started by a header line containing the section enclosed
-in '[' and ']', and ended implicitly by the start of the next section
-or the end of the file. Each key-value pair must be contained in a section.
-.P
-Description of sections and available keys follows:
-.SS [General]
-This section is the only mandatory section of the configuration file.
-.TP
-.BI InputRequestTimeout= secs
-Set input request timeout. Default is 300 seconds. The request for inputs
-like passphrase will timeout after certain amount of time. Use this setting
-to increase the value in case of different user interface designs.
-.SH "EXAMPLE"
-The following example configuration sets InputRequestTimeout to 10 minutes.
-.PP
-.nf
-[General]
-InputRequestTimeout = 600
-.fi
-.SH "SEE ALSO"
-.BR connman (8), \ connman-vpn (8)
diff --git a/doc/connman-vpn.conf.5.in b/doc/connman-vpn.conf.5.in
new file mode 100644
index 0000000..fcc4c69
--- /dev/null
+++ b/doc/connman-vpn.conf.5.in
@@ -0,0 +1,42 @@
+.\" connman-vpn.conf(5) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH "connman-vpn.conf" "5" "2015-10-15" ""
+.SH NAME
+connman-vpn.conf \- ConnMan-VPN configuration file
+.SH SYNOPSIS
+.B @sysconfdir@/connman/connman-vpn.conf
+.SH DESCRIPTION
+.P
+.B connman-vpn.conf
+is a configuration file for ConnMan-VPN. The configuration file is
+optional but it can be used to set up various aspects of ConnMan-VPN's
+behavior. The location of the file may be changed through use of
+the \fB\-\-config= \fRargument for \fBconnman-vpn\fP(8).
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [General]
+This section is the only mandatory section of the configuration file.
+.TP
+.BI InputRequestTimeout= secs
+Set input request timeout. Default is 300 seconds. The request for inputs
+like passphrase will timeout after certain amount of time. Use this setting
+to increase the value in case of different user interface designs.
+.SH "EXAMPLE"
+The following example configuration sets InputRequestTimeout to 10 minutes.
+.PP
+.nf
+[General]
+InputRequestTimeout = 600
+.fi
+.SH "SEE ALSO"
+.BR connman (8), \ connman-vpn (8)
diff --git a/doc/connman.8 b/doc/connman.8
deleted file mode 100644
index 3d065db..0000000
--- a/doc/connman.8
+++ /dev/null
@@ -1,98 +0,0 @@
-.\" connman(8) manual page
-.\"
-.\" Copyright (C) 2012,2015 Intel Corporation
-.\"
-.TH CONNMAN "8" "2015-10-15"
-.SH NAME
-ConnMan \- network management daemon
-.SH SYNOPSIS
-.B connmand
-.RB [\| \-\-version \||\| \-\-help \|]
-.PP
-.B connmand
-.RB [\| \-c
-.IR file \|]
-.RB [\| \-d\ [\c
-.IR file [,...]\|]\|]
-.RB [\| \-i
-.IR interface [,...]\|]
-.RB [\| \-I
-.IR interface [,...]\|]
-.RB [\| \-W
-.IR driver [,...]\|]
-.RB [\| \-p
-.IR plugin [,...]\|]
-.RB [\| \-P
-.IR plugin [,...]\|]
-.RB [\| \-n \|]
-.RB [\| \-r \|]
-.SH DESCRIPTION
-The \fIConnMan\fP provides a daemon for managing internet connections
-within devices running the Linux operating system. The Connection Manager is
-designed to be slim and to use as few resources as possible.
-It is a fully modular system that can be extended, through plug-ins,
-to support all kinds of wired or wireless technologies.
-Also, configuration methods, like DHCP and domain name resolving,
-are implemented using plug-ins.
-The plug-in approach allows for easy adaption and modification for various
-use cases.
-.P
-.SH OPTIONS
-The following options are supported:
-.TP
-.BR \-v ", " \-\-version
-Print the ConnMan software version and exit.
-.TP
-.BR \-h ", " \-\-help
-Print ConnMan's available options and exit.
-.TP
-.BI \-c\ file\fR,\ \fB\-\-config= \fIfile
-Specify configuration file to set up various settings for ConnMan. If not
-specified, the default value of \fI<SYSCONFDIR>/connman/main.conf\fP
-is used; where \fI<SYSCONFDIR>\fP is dependent on your distribution (usually
-it's \fI/etc\fP). See \fBconnman.conf\fP(5) for more information on
-configuration file. The use of config file is optional and sane default values
-are used if config file is missing.
-.TP
-.BR \-d\ [ \fIfile [,...]],\ \-\-debug [= \fIfile [,...]]
-Sets how much information ConnMan sends to the log destination (usually
-syslog's "daemon" facility). If the file options are omitted, then debugging
-information from all the source files are printed. If file options are
-present, then only debug prints from that source file are printed. Example:
-.PP
- connmand --debug=src/service.c,plugins/wifi.c
-.TP
-.BR \-i\ \fIinterface \fR[,...],\ \-\-device= \fIinterface \fR[,...]
-Only manage these network interfaces. By default all network interfaces
-are managed.
-.TP
-.BR \-I\ \fIinterface \fR[,...],\ \-\-nodevice= \fIinterface \fR[,...]
-Never manage these network interfaces.
-.TP
-.BI \-p\ plugin \fR[,...],\ \fB\-\-plugin= plugin \fR[,...]
-Load these plugins only. The option can be a pattern containing
-"*" and "?" characters.
-.TP
-.BI \-P\ plugin \fR[,...],\ \fB\-\-noplugin= plugin \fR[,...]
-Never load these plugins. The option can be a pattern containing
-"*" and "?" characters.
-.TP
-.BI \-W\ driver \fR[,...],\ \fB\-\-wifi= driver \fR[,...]
-Wifi driver that WiFi/Supplicant should use. If this flag is omitted,
-then the value "nl80211,wext" is used by default.
-.TP
-.BR \-n ", " \-\-nodaemon
-Do not daemonize. This is useful for debugging, and directs log output to
-the controlling terminal in addition to syslog.
-.TP
-.BR \-r ", " \-\-nodnsproxy
-Do not act as a DNS proxy. By default ConnMan will direct all DNS traffic
-to itself by setting nameserver to 127.0.0.1 in \fBresolv.conf\fP(5) file.
-If this is not desired and you want that all programs call directly some
-DNS server, then you can use the \fB--nodnsproxy\fP option.
-If this option is used, then ConnMan is not able to cache the DNS queries
-because the DNS traffic is not going through ConnMan and that can cause
-some extra network traffic.
-.SH SEE ALSO
-.BR connmanctl (1), \ connman.conf (5), \ connman-service.config (5), \c
-.BR \ connman-vpn (8)
diff --git a/doc/connman.8.in b/doc/connman.8.in
new file mode 100644
index 0000000..9b71779
--- /dev/null
+++ b/doc/connman.8.in
@@ -0,0 +1,97 @@
+.\" connman(8) manual page
+.\"
+.\" Copyright (C) 2012,2015 Intel Corporation
+.\"
+.TH CONNMAN "8" "2015-10-15"
+.SH NAME
+ConnMan \- network management daemon
+.SH SYNOPSIS
+.B connmand
+.RB [\| \-\-version \||\| \-\-help \|]
+.PP
+.B connmand
+.RB [\| \-c
+.IR file \|]
+.RB [\| \-d\ [\c
+.IR file [,...]\|]\|]
+.RB [\| \-i
+.IR interface [,...]\|]
+.RB [\| \-I
+.IR interface [,...]\|]
+.RB [\| \-W
+.IR driver [,...]\|]
+.RB [\| \-p
+.IR plugin [,...]\|]
+.RB [\| \-P
+.IR plugin [,...]\|]
+.RB [\| \-n \|]
+.RB [\| \-r \|]
+.SH DESCRIPTION
+The \fIConnMan\fP provides a daemon for managing internet connections
+within devices running the Linux operating system. The Connection Manager is
+designed to be slim and to use as few resources as possible.
+It is a fully modular system that can be extended, through plug-ins,
+to support all kinds of wired or wireless technologies.
+Also, configuration methods, like DHCP and domain name resolving,
+are implemented using plug-ins.
+The plug-in approach allows for easy adaption and modification for various
+use cases.
+.P
+.SH OPTIONS
+The following options are supported:
+.TP
+.BR \-v ", " \-\-version
+Print the ConnMan software version and exit.
+.TP
+.BR \-h ", " \-\-help
+Print ConnMan's available options and exit.
+.TP
+.BI \-c\ file\fR,\ \fB\-\-config= \fIfile
+Specify configuration file to set up various settings for ConnMan. If not
+specified, the default value of \***@sysconfdir@/connman/main.conf\fP
+is used. See \fBconnman.conf\fP(5) for more information on
+configuration file. The use of config file is optional and sane default values
+are used if config file is missing.
+.TP
+.BR \-d\ [ \fIfile [,...]],\ \-\-debug [= \fIfile [,...]]
+Sets how much information ConnMan sends to the log destination (usually
+syslog's "daemon" facility). If the file options are omitted, then debugging
+information from all the source files are printed. If file options are
+present, then only debug prints from that source file are printed. Example:
+.PP
+ connmand --debug=src/service.c,plugins/wifi.c
+.TP
+.BR \-i\ \fIinterface \fR[,...],\ \-\-device= \fIinterface \fR[,...]
+Only manage these network interfaces. By default all network interfaces
+are managed.
+.TP
+.BR \-I\ \fIinterface \fR[,...],\ \-\-nodevice= \fIinterface \fR[,...]
+Never manage these network interfaces.
+.TP
+.BI \-p\ plugin \fR[,...],\ \fB\-\-plugin= plugin \fR[,...]
+Load these plugins only. The option can be a pattern containing
+"*" and "?" characters.
+.TP
+.BI \-P\ plugin \fR[,...],\ \fB\-\-noplugin= plugin \fR[,...]
+Never load these plugins. The option can be a pattern containing
+"*" and "?" characters.
+.TP
+.BI \-W\ driver \fR[,...],\ \fB\-\-wifi= driver \fR[,...]
+Wifi driver that WiFi/Supplicant should use. If this flag is omitted,
+then the value "nl80211,wext" is used by default.
+.TP
+.BR \-n ", " \-\-nodaemon
+Do not daemonize. This is useful for debugging, and directs log output to
+the controlling terminal in addition to syslog.
+.TP
+.BR \-r ", " \-\-nodnsproxy
+Do not act as a DNS proxy. By default ConnMan will direct all DNS traffic
+to itself by setting nameserver to 127.0.0.1 in \fBresolv.conf\fP(5) file.
+If this is not desired and you want that all programs call directly some
+DNS server, then you can use the \fB--nodnsproxy\fP option.
+If this option is used, then ConnMan is not able to cache the DNS queries
+because the DNS traffic is not going through ConnMan and that can cause
+some extra network traffic.
+.SH SEE ALSO
+.BR connmanctl (1), \ connman.conf (5), \ connman-service.config (5), \c
+.BR \ connman-vpn (8)
diff --git a/doc/connman.conf.5 b/doc/connman.conf.5
deleted file mode 100644
index 0da3b47..0000000
--- a/doc/connman.conf.5
+++ /dev/null
@@ -1,144 +0,0 @@
-.\" connman.conf(5) manual page
-.\"
-.\" Copyright (C) 2012,2015 Intel Corporation
-.\"
-.TH "connman.conf" "5" "2015-10-15" ""
-.SH NAME
-main.conf \- ConnMan configuration file
-.SH SYNOPSIS
-.B /etc/connman/main.conf
-.br
-or
-.br
-\fI<SYSCONFDIR>\fB/connman/main.conf
-.br
-.RI where\ <SYSCONFDIR> " depends on your distribution or build."
-.SH DESCRIPTION
-.P
-.B main.conf
-is a configuration file for ConnMan. The configuration file is
-optional but it can be used to set up various aspects of ConnMan's
-behavior. The location of the file may be changed through use of
-the \fB\-\-config= \fRargument for \fBconnman\fP(8).
-.SH "FILE FORMAT"
-.P
-The configuration file format is key file format.
-It consists of sections (groups) of key-value pairs.
-Lines beginning with a '#' and blank lines are considered comments.
-Sections are started by a header line containing the section enclosed
-in '[' and ']', and ended implicitly by the start of the next section
-or the end of the file. Each key-value pair must be contained in a section.
-.P
-Description of sections and available keys follows:
-.SS [General]
-This section is the only mandatory section of the configuration file.
-.TP
-.BI InputRequestTimeout= secs
-Set input request timeout. Default is 120 seconds
-The request for inputs like passphrase will timeout
-after certain amount of time. Use this setting to
-increase the value in case of different user
-interface designs.
-.TP
-.BI BrowserLaunchTimeout= secs
-Set browser launch timeout. Default is 300 seconds
-The request for launching a browser for portal pages
-will timeout after certain amount of time. Use this
-setting to increase the value in case of different
-user interface designs.
-.TP
-.BI BackgroundScanning=true\ \fR|\fB\ false
-Enable background scanning. Default is true.
-Background scanning will start every 5 minutes unless
-the scan list is empty. In that case, a simple backoff
-mechanism starting from 10s up to 5 minutes will run.
-.TP
-.BI FallbackTimeservers= server\fR[,...]
-List of Fallback timeservers separated by ",".
-These timeservers are used for NTP sync when there are
-no timeserver set by the user or by the service.
-These can contain mixed combination of fully qualified
-domain names, IPv4 and IPv6 addresses.
-.TP
-.BI FallbackNameservers= server\fR[,...]
-List of fallback nameservers separated by "," appended
-to the list of nameservers given by the service. The
-nameserver entries must be in numeric format, host
-names are ignored.
-.TP
-.BI DefaultAutoConnectTechnologies= technology\fR[,...]
-List of technologies that are marked autoconnectable
-by default, separated by commas ",". The default value
-for this entry when empty is ethernet,wifi,cellular.
-Services that are automatically connected must have been
-set up and saved to storage beforehand.
-.TP
-.BI PreferredTechnologies= technology\fR[,...]
-List of preferred technologies from the most preferred
-one to the least preferred one separated by commas ",".
-Services of the listed technology type will be tried one
-by one in the order given, until one of them gets connected
-or they are all tried. A service of a preferred technology
-type in state 'ready' will get the default route when
-compared to another preferred type further down the list
-with state 'ready' or with a non-preferred type; a service
-of a preferred technology type in state 'online' will get
-the default route when compared to either a non-preferred
-type or a preferred type further down in the list.
-.TP
-.BI NetworkInterfaceBlacklist= interface\fR[,...]
-List of blacklisted network interfaces separated by ",".
-Found interfaces will be compared to the list and will
-not be handled by connman, if their first characters
-match any of the list entries. Default value is
-vmnet,vboxnet,virbr,ifb.
-.TP
-.BI AllowHostnameUpdates=true\ \fR|\fB\ false
-Allow connman to change the system hostname. This can
-happen for example if we receive DHCP hostname option.
-Default value is true.
-.TP
-.BI SingleConnectedTechnology=true\ \fR|\fB\ false
-Keep only a single connected technology at any time. When a new
-service is connected by the user or a better one is found according
-to PreferredTechnologies, the new service is kept connected and all
-the other previously connected services are disconnected. With this
-setting it does not matter whether the previously connected services
-are in 'online' or 'ready' states, the newly connected service is
-the only one that will be kept connected. A service connected by the
-user will be used until going out of network coverage. With this
-setting enabled applications will notice more network breaks than
-normal. Default value is false.
-.TP
-.BI TetheringTechnologies= technology\fR[,...]
-List of technologies that are allowed to enable tethering separated by ",".
-The default value is wifi,bluetooth,gadget. Only those technologies listed
-here are used for tethering. If one wants to tether ethernet,
-then add "ethernet" in the list.
-NOTE that if ethernet tethering is enabled, then a DHCP server is
-started on all ethernet interfaces. Tethered ethernet should
-never be connected to corporate or home network as it will disrupt
-normal operation of these networks. Due to this ethernet is not
-tethered by default. Do not activate ethernet tethering unless you
-really know what you are doing.
-.TP
-.BI PersistentTetheringMode=true\ \fR|\fB\ false
-Restore earlier tethering status when returning from offline mode,
-re-enabling a technology, and after restarts and reboots.
-Default value is false.
-.TP
-.BI Enable6to4=true\ \fR|\fB\ false
-Automatically enable Anycast 6to4 if possible. This is not recommended, as the
-use of 6to4 will generally lead to a severe degradation of connection quality.
-See RFC6343. Default value is false (as recommended by RFC6343 section 4.1).
-.SH "EXAMPLE"
-The following example configuration disables hostname updates and enables
-ethernet tethering.
-.PP
-.nf
-[General]
-AllowHostnameUpdates = false
-TetheringTechnologies = ethernet,wifi,bluetooth,gadget
-.fi
-.SH "SEE ALSO"
-.BR connman (8)
diff --git a/doc/connman.conf.5.in b/doc/connman.conf.5.in
new file mode 100644
index 0000000..ff97b7c
--- /dev/null
+++ b/doc/connman.conf.5.in
@@ -0,0 +1,138 @@
+.\" connman.conf(5) manual page
+.\"
+.\" Copyright (C) 2012,2015 Intel Corporation
+.\"
+.TH "connman.conf" "5" "2015-10-15" ""
+.SH NAME
+main.conf \- ConnMan configuration file
+.SH SYNOPSIS
+.B @sysconfdir@/connman/main.conf
+.SH DESCRIPTION
+.P
+.B main.conf
+is a configuration file for ConnMan. The configuration file is
+optional but it can be used to set up various aspects of ConnMan's
+behavior. The location of the file may be changed through use of
+the \fB\-\-config= \fRargument for \fBconnman\fP(8).
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [General]
+This section is the only mandatory section of the configuration file.
+.TP
+.BI InputRequestTimeout= secs
+Set input request timeout. Default is 120 seconds
+The request for inputs like passphrase will timeout
+after certain amount of time. Use this setting to
+increase the value in case of different user
+interface designs.
+.TP
+.BI BrowserLaunchTimeout= secs
+Set browser launch timeout. Default is 300 seconds
+The request for launching a browser for portal pages
+will timeout after certain amount of time. Use this
+setting to increase the value in case of different
+user interface designs.
+.TP
+.BI BackgroundScanning=true\ \fR|\fB\ false
+Enable background scanning. Default is true.
+Background scanning will start every 5 minutes unless
+the scan list is empty. In that case, a simple backoff
+mechanism starting from 10s up to 5 minutes will run.
+.TP
+.BI FallbackTimeservers= server\fR[,...]
+List of Fallback timeservers separated by ",".
+These timeservers are used for NTP sync when there are
+no timeserver set by the user or by the service.
+These can contain mixed combination of fully qualified
+domain names, IPv4 and IPv6 addresses.
+.TP
+.BI FallbackNameservers= server\fR[,...]
+List of fallback nameservers separated by "," appended
+to the list of nameservers given by the service. The
+nameserver entries must be in numeric format, host
+names are ignored.
+.TP
+.BI DefaultAutoConnectTechnologies= technology\fR[,...]
+List of technologies that are marked autoconnectable
+by default, separated by commas ",". The default value
+for this entry when empty is ethernet,wifi,cellular.
+Services that are automatically connected must have been
+set up and saved to storage beforehand.
+.TP
+.BI PreferredTechnologies= technology\fR[,...]
+List of preferred technologies from the most preferred
+one to the least preferred one separated by commas ",".
+Services of the listed technology type will be tried one
+by one in the order given, until one of them gets connected
+or they are all tried. A service of a preferred technology
+type in state 'ready' will get the default route when
+compared to another preferred type further down the list
+with state 'ready' or with a non-preferred type; a service
+of a preferred technology type in state 'online' will get
+the default route when compared to either a non-preferred
+type or a preferred type further down in the list.
+.TP
+.BI NetworkInterfaceBlacklist= interface\fR[,...]
+List of blacklisted network interfaces separated by ",".
+Found interfaces will be compared to the list and will
+not be handled by connman, if their first characters
+match any of the list entries. Default value is
+vmnet,vboxnet,virbr,ifb.
+.TP
+.BI AllowHostnameUpdates=true\ \fR|\fB\ false
+Allow connman to change the system hostname. This can
+happen for example if we receive DHCP hostname option.
+Default value is true.
+.TP
+.BI SingleConnectedTechnology=true\ \fR|\fB\ false
+Keep only a single connected technology at any time. When a new
+service is connected by the user or a better one is found according
+to PreferredTechnologies, the new service is kept connected and all
+the other previously connected services are disconnected. With this
+setting it does not matter whether the previously connected services
+are in 'online' or 'ready' states, the newly connected service is
+the only one that will be kept connected. A service connected by the
+user will be used until going out of network coverage. With this
+setting enabled applications will notice more network breaks than
+normal. Default value is false.
+.TP
+.BI TetheringTechnologies= technology\fR[,...]
+List of technologies that are allowed to enable tethering separated by ",".
+The default value is wifi,bluetooth,gadget. Only those technologies listed
+here are used for tethering. If one wants to tether ethernet,
+then add "ethernet" in the list.
+NOTE that if ethernet tethering is enabled, then a DHCP server is
+started on all ethernet interfaces. Tethered ethernet should
+never be connected to corporate or home network as it will disrupt
+normal operation of these networks. Due to this ethernet is not
+tethered by default. Do not activate ethernet tethering unless you
+really know what you are doing.
+.TP
+.BI PersistentTetheringMode=true\ \fR|\fB\ false
+Restore earlier tethering status when returning from offline mode,
+re-enabling a technology, and after restarts and reboots.
+Default value is false.
+.TP
+.BI Enable6to4=true\ \fR|\fB\ false
+Automatically enable Anycast 6to4 if possible. This is not recommended, as the
+use of 6to4 will generally lead to a severe degradation of connection quality.
+See RFC6343. Default value is false (as recommended by RFC6343 section 4.1).
+.SH "EXAMPLE"
+The following example configuration disables hostname updates and enables
+ethernet tethering.
+.PP
+.nf
+[General]
+AllowHostnameUpdates = false
+TetheringTechnologies = ethernet,wifi,bluetooth,gadget
+.fi
+.SH "SEE ALSO"
+.BR connman (8)
diff --git a/doc/connmanctl.1 b/doc/connmanctl.1
deleted file mode 100644
index 0f891bd..0000000
--- a/doc/connmanctl.1
+++ /dev/null
@@ -1,282 +0,0 @@
-.TH connmanctl 1 "2015-10-15" ""
-.SH
-NAME
-connmanctl \- Connman CLI
-.SH
-SYNOPSIS
-.BR connmanctl \ [\|\c
-.BI state\fR\ |
-.BI technologies\fR\ |
-.BI enable \ technology\fR|offline\ |
-.BI disable \ technology\fR|offline\ |
-.BI tether \ technology\ \fRon|off\ |
-.BI tether\fR\ wifi\ on|off\ ssid\ passphrase\fR\ |
-.BR services \ [\fIservice\fR]\ |
-.BI peers \ peer\fR\ |
-.BI scan \ technology\fR\ |
-.RI \fBconnect \ service | peer \ |
-.RI \fBdisconnect \ service | peer \ |
-.B config \ \fIservice\ option\ arg\fR...\ |
-.BR vpnconnections \ [\fIconnection\fR]\ |
-.BI help \fR\|]
-.PP
-.SH
-DESCRIPTION
-Connmanctl is a Connman command line interface which can be run in two modes:
-a plain synchronous command input, and an asynchronous interactive shell.
-To run a specific command the user may enter
-.RI \fBconnmanctl\ command\ [ options ] \fR
-or just \fBconnmanctl\fR, in the latter case an interactive shell will start.
-.PP
-Connmanctl can handle most network connections. It can be used to
-enable/disable any technology that exists on the system, display a list of
-services available, connect/disconnect networks, show properties of the system,
-the technologies, and any individual service, and configure all of the
-properties. It is also able to monitor changes in the properties of the
-services, technologies, and the system.
-.PP
-In the interactive shell, all of the same commands can be used. It
-provides quicker usage when needing to use connmanctl more extensively. In
-addition, connecting to protected wireless access points for the first time
-requires interactive shell.
-.SH
-COMMANDS AND OPTIONS
-.TP
-.B help
-Shows the abbreviated help menu in the terminal.
-.PP
-.TP
-.B state
-Shows the system properties. Includes ths online state of the
-system, offline mode, and session mode.
-.PP
-.TP
-.B technologies
-Shows a list of all technology types existing on the system and
-their properties. See the properties section of the Technology
-API for explanations of each property.
-.PP
-.TP
-.BI enable \ technology
-Enables the given technology type (e.g. ethernet, wifi, 3g, etc.)
-Turns power on to the technology, but doesn't connect unless
-there is a service with autoconnect set to True.
-.PP
-.TP
-.BI disable \ technology
-Disables the given technology type. Turns power off to the
-technology and disconnects if it is already connected.
-.PP
-.TP
-.B enable offline
-Enables offline mode. Disconnects and powers down all
-technologies system-wide, however each technology can be powered
-back on individually.
-.PP
-.TP
-.B disable offline
-Disables offline mode. Technologies are powered back on according
-to their individual policies.
-.PP
-.TP
-.BI tether \ technology \ on \ \fR|\ off
-Enable or disable tethering on \fItechnology\fR. Ethernet cannot be tethered
-by default since tethering it usually breaks local networks. See
-.BR connman.conf (5)
-for enabling.
-.PP
-.TP
-.BR tether\ wifi\ on \ |\ off \ \fIssid\ passphrase
-Enable or disable wireless tethering, as well set the SSID and passphrase.
-.PP
-.TP
-.B services
-Shows a list of all available services. This includes the
-nearby wifi networks, the wired ethernet connections, bluetooth devices, etc.
-An asterisk in front of the service indicates that the service
-has been connected before.
-.PP
-.TP
-.BI services \ service
-Shows a list of all properties for that service.
-Only the service path (e.g. wifi_6834534139723_managed_none)
-is accepted as a parameter.
-.PP
-.TP
-.BI scan \ technology
-Scans for new services on the given technology.
-.PP
-.TP
-.BI connect \ service
-Connects to the given service. Some services need a so-called
-\fBprovisioning file\fR in order to connect to them, see
-\fBconnman-service.config\fR(5).
-.PP
-.TP
-.BI disconnect \ service
-Disconnects from the given service.
-.PP
-.TP
-.BI move-before \ service\ target-service
-Prefer connecting to \fIservice\fR over \fItarget-service\fR.
-.PP
-.TP
-.BI move-after \ service\ target-service
-Prefer connecting to \fItarget-service\fR over \fIservice\fR.
-.PP
-.TP
-.BI config \ service\ option\ arg\fR...
-Configures a writable property of the given service to the value(s) entered
-after \fIoption\fR. See the \fBConfig Options\fR subsection for details.
-.PP
-.TP
-.BI monitor \ target
-Listens for and displays DBus signals sent by Connman. If a currently monitored
-property changes, the changes will be shown. If no \fItarget\fR is specified,
-all changes will be shown. See the \fBMonitor Options\fR subsection for a
-summary of parameters.
-.PP
-.TP
-.BI vpnconnections
-Shows a list of all available vpn connections.
-.PP
-.TP
-.BI vpnconnections \ connection
-Shows the current properties of \fIconnection\fR.
-.PP
-.SS
-Commands only available in interactive mode:
-.PP
-.TP
-.BR agent\ on \ |\ off
-Enable or disable the wireless agent, used for entering wireless
-network passphrases. See the \fBEXAMPLE\fR section of this man page for
-an example of connecting to a wireless access point.
-.PP
-.TP
-.BR vpnagent\ on \ |\ off
-Enable or disable the vpn agent, used for entering vpn credentials.
-.SS
-Config Options:
-.PP
-.TP
-.BR \fBautoconnect\ on \ |\ off
-Sets the autoconnect property of the service.
-.PP
-.TP
-.BR ipv4\ off \ |\ dhcp \ |\ manual\ \fIaddress\ netmask\ gateway
-Configures the IPv4 settings for the service. The argument
-\fBoff\fR means that IPv4 won't be used, \fBdhcp\fR means that
-dhcp will be used to get the settings and \fBmanual\fR means
-that the given arguments will be used as IPv4 settings.
-.IR address ,\ netmask " and " gateway
-must be valid IPv4 addresses. See the \fBEXAMPLE\fR section
-of this man page for details.
-.PP
-.TP
-.BR ipv6\ off \ |\ auto \ |\ manual\ \fIaddress\ prefixlength\ gateway
-Configures the IPv6 settings for the service. The argument
-\fBoff\fR means that IPv6 won't be used, \fBauto\fR means that
-settings will be asked from the network and \fBmanual\fR means
-that the given arguments will be used as IPv6 settings.
-.IR address " and " gateway
-must be valid IPv4 addresses. \fIprefixlength\fR is the length
-of the prefix in bits. See the \fBEXAMPLE\fR section of this man
-page for details.
-.PP
-.TP
-.BI nameservers\ dns\fR\ [...]
-Set the list of nameservers, separated by spaces.
-.PP
-.TP
-.BI timeservers\ server\fR\ [...]
-Set the list of timeservers, separated by spaces.
-.PP
-.TP
-.BI domains\ domain\fR\ [...]
-Set the list of search domains, separated by spaces.
-.PP
-.TP
-.BR proxy\ direct \ |\ auto\fI\ URL \ |\ manual\ \fIserver [...]\ [--excludes\ \fIserver [...]]
-Configures the proxy settings for the service. \fBdirect\fR means that no
-proxy will be used. If using \fBauto\fR without a parameter, the network
-will be asked for the proxy settings. Otherwise, use \fIURL\fR as an
-proxy autoconfiguration URL. When set to \fBmanual\fR, the first list of servers
-is used as proxy servers, and the traffic to the second list of servers are
-excluded from the proxy. The list of excluded servers is optional. See the
-\fBEXAMPLE\fR section of this man page for details.
-.PP
-.SS
-Monitor Options:
-.PP
-.TP
-.BR services\ [ off ]
-Listens for changes to services, for example a service getting an IP address.
-.PP
-.TP
-.BR tech\ [ off ]
-Listens for changes to technologies, for example a technology getting enabled.
-.PP
-.TP
-.BR manager\ [ off ]
-Listens for the changes to global properties, available technologies,
-services, and peers.
-.PP
-.TP
-.BR vpnmanager\ [ off ]
-Listens for added or removed vpn connections.
-.PP
-.TP
-.BR vpnconnection\ [ off ]
-Listens for the changes to vpn connections, for example connecting to a VPN.
-.PP
-.SH
-EXAMPLE
-Listing available technologies:
-.PP
- $ connmanctl technologies
-.PP
-Listing available services:
-.PP
- $ connmanctl services
-.PP
-Scanning for wireless networks:
-.PP
- $ connmanctl scan wifi
-.PP
-Using the interactive mode to access a wireless access point:
-.PP
- $ connmanctl
- connmanctl> agent on
- Agent registered
- connmanctl> connect wifi_100ba9d170fc_666f6f626172_managed_psk
- Agent RequestInput wifi_100ba9d170fc_666f6f626172_managed_psk
- Passphrase = [ Type=psk, Requirement=mandatory ]
- Passphrase? password
- Connected wifi_100ba9d170fc_666f6f626172_managed_psk
- connmanctl>
-.PP
-Configuring a static IP from the command line:
-.PP
- $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk ipv4 manual 192.168.1.101 255.255.255.0 192.168.1.1
-.PP
-Changing the IP back to dhcp:
-.PP
- $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk ipv4 dhcp
-.PP
-Setting a proxy server:
-.PP
- $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk proxy manual proxy.example.com
-.PP
-Setting multiple proxy servers:
-.PP
- $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk proxy manual proxy.example.com http://httpproxy.example.com --excludes internal.example.com
-.PP
-Tethering a wireless connection (ssid "SSID", passphrase "password"):
-.PP
- $ connmanctl tether wifi on SSID password
-.PP
-.SH
-SEE ALSO
-.BR connman.conf (5), \ connman-service.config (5), \c
-.BR \ connman-vpn-provider.config (5), \ connman (8), \ connman-vpn (8)
diff --git a/doc/connmanctl.1.in b/doc/connmanctl.1.in
new file mode 100644
index 0000000..0f891bd
--- /dev/null
+++ b/doc/connmanctl.1.in
@@ -0,0 +1,282 @@
+.TH connmanctl 1 "2015-10-15" ""
+.SH
+NAME
+connmanctl \- Connman CLI
+.SH
+SYNOPSIS
+.BR connmanctl \ [\|\c
+.BI state\fR\ |
+.BI technologies\fR\ |
+.BI enable \ technology\fR|offline\ |
+.BI disable \ technology\fR|offline\ |
+.BI tether \ technology\ \fRon|off\ |
+.BI tether\fR\ wifi\ on|off\ ssid\ passphrase\fR\ |
+.BR services \ [\fIservice\fR]\ |
+.BI peers \ peer\fR\ |
+.BI scan \ technology\fR\ |
+.RI \fBconnect \ service | peer \ |
+.RI \fBdisconnect \ service | peer \ |
+.B config \ \fIservice\ option\ arg\fR...\ |
+.BR vpnconnections \ [\fIconnection\fR]\ |
+.BI help \fR\|]
+.PP
+.SH
+DESCRIPTION
+Connmanctl is a Connman command line interface which can be run in two modes:
+a plain synchronous command input, and an asynchronous interactive shell.
+To run a specific command the user may enter
+.RI \fBconnmanctl\ command\ [ options ] \fR
+or just \fBconnmanctl\fR, in the latter case an interactive shell will start.
+.PP
+Connmanctl can handle most network connections. It can be used to
+enable/disable any technology that exists on the system, display a list of
+services available, connect/disconnect networks, show properties of the system,
+the technologies, and any individual service, and configure all of the
+properties. It is also able to monitor changes in the properties of the
+services, technologies, and the system.
+.PP
+In the interactive shell, all of the same commands can be used. It
+provides quicker usage when needing to use connmanctl more extensively. In
+addition, connecting to protected wireless access points for the first time
+requires interactive shell.
+.SH
+COMMANDS AND OPTIONS
+.TP
+.B help
+Shows the abbreviated help menu in the terminal.
+.PP
+.TP
+.B state
+Shows the system properties. Includes ths online state of the
+system, offline mode, and session mode.
+.PP
+.TP
+.B technologies
+Shows a list of all technology types existing on the system and
+their properties. See the properties section of the Technology
+API for explanations of each property.
+.PP
+.TP
+.BI enable \ technology
+Enables the given technology type (e.g. ethernet, wifi, 3g, etc.)
+Turns power on to the technology, but doesn't connect unless
+there is a service with autoconnect set to True.
+.PP
+.TP
+.BI disable \ technology
+Disables the given technology type. Turns power off to the
+technology and disconnects if it is already connected.
+.PP
+.TP
+.B enable offline
+Enables offline mode. Disconnects and powers down all
+technologies system-wide, however each technology can be powered
+back on individually.
+.PP
+.TP
+.B disable offline
+Disables offline mode. Technologies are powered back on according
+to their individual policies.
+.PP
+.TP
+.BI tether \ technology \ on \ \fR|\ off
+Enable or disable tethering on \fItechnology\fR. Ethernet cannot be tethered
+by default since tethering it usually breaks local networks. See
+.BR connman.conf (5)
+for enabling.
+.PP
+.TP
+.BR tether\ wifi\ on \ |\ off \ \fIssid\ passphrase
+Enable or disable wireless tethering, as well set the SSID and passphrase.
+.PP
+.TP
+.B services
+Shows a list of all available services. This includes the
+nearby wifi networks, the wired ethernet connections, bluetooth devices, etc.
+An asterisk in front of the service indicates that the service
+has been connected before.
+.PP
+.TP
+.BI services \ service
+Shows a list of all properties for that service.
+Only the service path (e.g. wifi_6834534139723_managed_none)
+is accepted as a parameter.
+.PP
+.TP
+.BI scan \ technology
+Scans for new services on the given technology.
+.PP
+.TP
+.BI connect \ service
+Connects to the given service. Some services need a so-called
+\fBprovisioning file\fR in order to connect to them, see
+\fBconnman-service.config\fR(5).
+.PP
+.TP
+.BI disconnect \ service
+Disconnects from the given service.
+.PP
+.TP
+.BI move-before \ service\ target-service
+Prefer connecting to \fIservice\fR over \fItarget-service\fR.
+.PP
+.TP
+.BI move-after \ service\ target-service
+Prefer connecting to \fItarget-service\fR over \fIservice\fR.
+.PP
+.TP
+.BI config \ service\ option\ arg\fR...
+Configures a writable property of the given service to the value(s) entered
+after \fIoption\fR. See the \fBConfig Options\fR subsection for details.
+.PP
+.TP
+.BI monitor \ target
+Listens for and displays DBus signals sent by Connman. If a currently monitored
+property changes, the changes will be shown. If no \fItarget\fR is specified,
+all changes will be shown. See the \fBMonitor Options\fR subsection for a
+summary of parameters.
+.PP
+.TP
+.BI vpnconnections
+Shows a list of all available vpn connections.
+.PP
+.TP
+.BI vpnconnections \ connection
+Shows the current properties of \fIconnection\fR.
+.PP
+.SS
+Commands only available in interactive mode:
+.PP
+.TP
+.BR agent\ on \ |\ off
+Enable or disable the wireless agent, used for entering wireless
+network passphrases. See the \fBEXAMPLE\fR section of this man page for
+an example of connecting to a wireless access point.
+.PP
+.TP
+.BR vpnagent\ on \ |\ off
+Enable or disable the vpn agent, used for entering vpn credentials.
+.SS
+Config Options:
+.PP
+.TP
+.BR \fBautoconnect\ on \ |\ off
+Sets the autoconnect property of the service.
+.PP
+.TP
+.BR ipv4\ off \ |\ dhcp \ |\ manual\ \fIaddress\ netmask\ gateway
+Configures the IPv4 settings for the service. The argument
+\fBoff\fR means that IPv4 won't be used, \fBdhcp\fR means that
+dhcp will be used to get the settings and \fBmanual\fR means
+that the given arguments will be used as IPv4 settings.
+.IR address ,\ netmask " and " gateway
+must be valid IPv4 addresses. See the \fBEXAMPLE\fR section
+of this man page for details.
+.PP
+.TP
+.BR ipv6\ off \ |\ auto \ |\ manual\ \fIaddress\ prefixlength\ gateway
+Configures the IPv6 settings for the service. The argument
+\fBoff\fR means that IPv6 won't be used, \fBauto\fR means that
+settings will be asked from the network and \fBmanual\fR means
+that the given arguments will be used as IPv6 settings.
+.IR address " and " gateway
+must be valid IPv4 addresses. \fIprefixlength\fR is the length
+of the prefix in bits. See the \fBEXAMPLE\fR section of this man
+page for details.
+.PP
+.TP
+.BI nameservers\ dns\fR\ [...]
+Set the list of nameservers, separated by spaces.
+.PP
+.TP
+.BI timeservers\ server\fR\ [...]
+Set the list of timeservers, separated by spaces.
+.PP
+.TP
+.BI domains\ domain\fR\ [...]
+Set the list of search domains, separated by spaces.
+.PP
+.TP
+.BR proxy\ direct \ |\ auto\fI\ URL \ |\ manual\ \fIserver [...]\ [--excludes\ \fIserver [...]]
+Configures the proxy settings for the service. \fBdirect\fR means that no
+proxy will be used. If using \fBauto\fR without a parameter, the network
+will be asked for the proxy settings. Otherwise, use \fIURL\fR as an
+proxy autoconfiguration URL. When set to \fBmanual\fR, the first list of servers
+is used as proxy servers, and the traffic to the second list of servers are
+excluded from the proxy. The list of excluded servers is optional. See the
+\fBEXAMPLE\fR section of this man page for details.
+.PP
+.SS
+Monitor Options:
+.PP
+.TP
+.BR services\ [ off ]
+Listens for changes to services, for example a service getting an IP address.
+.PP
+.TP
+.BR tech\ [ off ]
+Listens for changes to technologies, for example a technology getting enabled.
+.PP
+.TP
+.BR manager\ [ off ]
+Listens for the changes to global properties, available technologies,
+services, and peers.
+.PP
+.TP
+.BR vpnmanager\ [ off ]
+Listens for added or removed vpn connections.
+.PP
+.TP
+.BR vpnconnection\ [ off ]
+Listens for the changes to vpn connections, for example connecting to a VPN.
+.PP
+.SH
+EXAMPLE
+Listing available technologies:
+.PP
+ $ connmanctl technologies
+.PP
+Listing available services:
+.PP
+ $ connmanctl services
+.PP
+Scanning for wireless networks:
+.PP
+ $ connmanctl scan wifi
+.PP
+Using the interactive mode to access a wireless access point:
+.PP
+ $ connmanctl
+ connmanctl> agent on
+ Agent registered
+ connmanctl> connect wifi_100ba9d170fc_666f6f626172_managed_psk
+ Agent RequestInput wifi_100ba9d170fc_666f6f626172_managed_psk
+ Passphrase = [ Type=psk, Requirement=mandatory ]
+ Passphrase? password
+ Connected wifi_100ba9d170fc_666f6f626172_managed_psk
+ connmanctl>
+.PP
+Configuring a static IP from the command line:
+.PP
+ $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk ipv4 manual 192.168.1.101 255.255.255.0 192.168.1.1
+.PP
+Changing the IP back to dhcp:
+.PP
+ $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk ipv4 dhcp
+.PP
+Setting a proxy server:
+.PP
+ $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk proxy manual proxy.example.com
+.PP
+Setting multiple proxy servers:
+.PP
+ $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk proxy manual proxy.example.com http://httpproxy.example.com --excludes internal.example.com
+.PP
+Tethering a wireless connection (ssid "SSID", passphrase "password"):
+.PP
+ $ connmanctl tether wifi on SSID password
+.PP
+.SH
+SEE ALSO
+.BR connman.conf (5), \ connman-service.config (5), \c
+.BR \ connman-vpn-provider.config (5), \ connman (8), \ connman-vpn (8)
--
2.1.4
Jaakko Hannikainen
2015-10-26 14:40:00 UTC
Permalink
Presenting arguments in the format -W driver[,...] is
preferred over -W driver1,driver2,... so use it instead.
Change the modification date to YYYY-MM-DD. Update the
copyright date. Show examples on their own line. Add
additional See Also -manpage.
---
doc/connman.8 | 41 +++++++++++++++++++++--------------------
1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/doc/connman.8 b/doc/connman.8
index 20c0596..51c77e3 100644
--- a/doc/connman.8
+++ b/doc/connman.8
@@ -1,8 +1,8 @@
.\" connman(8) manual page
.\"
-.\" Copyright (C) 2012 Intel Corporation
+.\" Copyright (C) 2012,2015 Intel Corporation
.\"
-.TH CONNMAN "8" "21 August 2012"
+.TH CONNMAN "8" "2015-10-15"
.SH NAME
ConnMan \- network management daemon
.SH SYNOPSIS
@@ -12,18 +12,18 @@ ConnMan \- network management daemon
.B connmand
.RB [\| \-c
.IR file \|]
-.RB [\| \-d\ \fR[\c
-.IR file1:file2:...\fR] \|]
+.RB [\| \-d\ [\c
+.IR file [,...]\|]\|]
.RB [\| \-i
-.IR interface1,interface2,... \|]
+.IR interface [,...]\|]
.RB [\| \-I
-.IR interface1,interface2,.. \|]
+.IR interface [,...]\|]
.RB [\| \-W
-.IR driver1,driver2,... \|]
+.IR driver [,...]\|]
.RB [\| \-p
-.IR plugin1,plugin2,... \|]
+.IR plugin [,...]\|]
.RB [\| \-P
-.IR plugin1,plugin2,... \|]
+.IR plugin [,...]\|]
.RB [\| \-n \|]
.RB [\| \-r \|]
.SH DESCRIPTION
@@ -54,31 +54,32 @@ it's \fI/etc\fP). See \fBconnman.conf\fP(5) for more information on
configuration file. The use of config file is optional and sane default values
are used if config file is missing.
.TP
-.BR \-d\ [ \fIfile1:file2:... ],\ \-\-debug [= \fIfile1:file2:... ]
+.BR \-d\ [ \fIfile [,...]],\ \-\-debug [= \fIfile [,...]]
Sets how much information ConnMan sends to the log destination (usually
syslog's "daemon" facility). If the file options are omitted, then debugging
information from all the source files are printed. If file options are
-present, then only debug prints from that source file are printed.
-Example: \fB--debug=src/service.c:plugins/wifi.c
+present, then only debug prints from that source file are printed. Example:
+.PP
+ connmand --debug=src/service.c,plugins/wifi.c
.TP
-.BI \-i\ if1,if2,... \fR,\ \fB\-\-device= interface1,interface2,...
+.BR \-i\ \fIinterface \fR[,...],\ \-\-device= \fIinterface \fR[,...]
Only manage these network interfaces. By default all network interfaces
are managed.
.TP
-.BI \-I\ if1,if2,... \fR,\ \fB\-\-nodevice= interface1,interface2,...
+.BR \-I\ \fIinterface \fR[,...],\ \-\-nodevice= \fIinterface \fR[,...]
Never manage these network interfaces.
.TP
-.BI \-p\ plugin1,plugin2,... \fR,\ \fB\-\-plugin= plugin1,plugin2,...
+.BI \-p\ plugin \fR[,...],\ \fB\-\-plugin= plugin \fR[,...]
Load these plugins only. The option can be a pattern containing
"*" and "?" characters.
.TP
-.BI \-P\ plugin1,plugin2,... \fR,\ \fB\-\-noplugin= plugin1,plugin2,...
+.BI \-P\ plugin \fR[,...],\ \fB\-\-noplugin= plugin \fR[,...]
Never load these plugins. The option can be a pattern containing
"*" and "?" characters.
.TP
-.BI \-W\ driver1,driver2,... \fR,\ \fB\-\-wifi= driver1,driver2,...
-Wifi driver that WiFi/Supplicant should use. If omitted, then the value
-of "nl80211,wext" is used by default.
+.BI \-W\ driver \fR[,...],\ \fB\-\-wifi= driver \fR[,...]
+Wifi driver that WiFi/Supplicant should use. If this flag is omitted,
+then the value "nl80211,wext" is used by default.
.TP
.BR \-n ", " \-\-nodaemon
Do not daemonize. This is useful for debugging, and directs log output to
@@ -93,4 +94,4 @@ If this option is used, then ConnMan is not able to cache the DNS queries
because the DNS traffic is not going through ConnMan and that can cause
some extra network traffic.
.SH SEE ALSO
-.BR connman.conf (5).
+.BR connmanctl (1), \ connman.conf (5)
--
2.6.1
Jaakko Hannikainen
2015-10-26 14:40:01 UTC
Permalink
Reformat the man page for main.conf according to common
man page conventions. In addition, add an example section
with a simple configuration example. Update copyright and
last modification dates.
---
doc/connman.conf.5 | 51 ++++++++++++++++++++++++++++++---------------------
1 file changed, 30 insertions(+), 21 deletions(-)

diff --git a/doc/connman.conf.5 b/doc/connman.conf.5
index c1ca75c..0da3b47 100644
--- a/doc/connman.conf.5
+++ b/doc/connman.conf.5
@@ -1,25 +1,25 @@
.\" connman.conf(5) manual page
.\"
-.\" Copyright (C) 2012 Intel Corporation
+.\" Copyright (C) 2012,2015 Intel Corporation
.\"
-.TH "connman.conf" "5" "21 August 2012" ""
+.TH "connman.conf" "5" "2015-10-15" ""
.SH NAME
main.conf \- ConnMan configuration file
.SH SYNOPSIS
-/etc/connman/main.conf
+.B /etc/connman/main.conf
.br
or
.br
-\fI<SYSCONFDIR>\fP/connman/main.conf
+\fI<SYSCONFDIR>\fB/connman/main.conf
.br
-where <SYSCONFDIR> depends on your distribution or build.
+.RI where\ <SYSCONFDIR> " depends on your distribution or build."
.SH DESCRIPTION
.P
-.I main.conf
+.B main.conf
is a configuration file for ConnMan. The configuration file is
optional but it can be used to set up various aspects of ConnMan's
behavior. The location of the file may be changed through use of
-the "\-\-config=" argument for \fBconnman\fP (8).
+the \fB\-\-config= \fRargument for \fBconnman\fP(8).
.SH "FILE FORMAT"
.P
The configuration file format is key file format.
@@ -33,47 +33,47 @@ Description of sections and available keys follows:
.SS [General]
This section is the only mandatory section of the configuration file.
.TP
-.B InputRequestTimeout=\fPsecs\fP
+.BI InputRequestTimeout= secs
Set input request timeout. Default is 120 seconds
The request for inputs like passphrase will timeout
after certain amount of time. Use this setting to
increase the value in case of different user
interface designs.
.TP
-.B BrowserLaunchTimeout=\fPsecs\fP
+.BI BrowserLaunchTimeout= secs
Set browser launch timeout. Default is 300 seconds
The request for launching a browser for portal pages
will timeout after certain amount of time. Use this
setting to increase the value in case of different
user interface designs.
.TP
-.B BackgroundScanning=\fPtrue|false\fP
+.BI BackgroundScanning=true\ \fR|\fB\ false
Enable background scanning. Default is true.
Background scanning will start every 5 minutes unless
the scan list is empty. In that case, a simple backoff
mechanism starting from 10s up to 5 minutes will run.
.TP
-.B FallbackTimeservers=\fPserver1,server2,...\fP
+.BI FallbackTimeservers= server\fR[,...]
List of Fallback timeservers separated by ",".
These timeservers are used for NTP sync when there are
no timeserver set by the user or by the service.
These can contain mixed combination of fully qualified
domain names, IPv4 and IPv6 addresses.
.TP
-.B FallbackNameservers=\fPserver1,server2,...\fP
+.BI FallbackNameservers= server\fR[,...]
List of fallback nameservers separated by "," appended
to the list of nameservers given by the service. The
nameserver entries must be in numeric format, host
names are ignored.
.TP
-.B DefaultAutoConnectTechnologies=\fPtechnology1,technology2,...\fP
+.BI DefaultAutoConnectTechnologies= technology\fR[,...]
List of technologies that are marked autoconnectable
by default, separated by commas ",". The default value
for this entry when empty is ethernet,wifi,cellular.
Services that are automatically connected must have been
set up and saved to storage beforehand.
.TP
-.B PreferredTechnologies=\fPtechnology1,technology2,...\fP
+.BI PreferredTechnologies= technology\fR[,...]
List of preferred technologies from the most preferred
one to the least preferred one separated by commas ",".
Services of the listed technology type will be tried one
@@ -86,19 +86,19 @@ of a preferred technology type in state 'online' will get
the default route when compared to either a non-preferred
type or a preferred type further down in the list.
.TP
-.B NetworkInterfaceBlacklist=\fPinterface1,interface2,...\fP
+.BI NetworkInterfaceBlacklist= interface\fR[,...]
List of blacklisted network interfaces separated by ",".
Found interfaces will be compared to the list and will
not be handled by connman, if their first characters
match any of the list entries. Default value is
vmnet,vboxnet,virbr,ifb.
.TP
-.B AllowHostnameUpdates=\fPtrue|false\fP
+.BI AllowHostnameUpdates=true\ \fR|\fB\ false
Allow connman to change the system hostname. This can
happen for example if we receive DHCP hostname option.
Default value is true.
.TP
-.B SingleConnectedTechnology=\fPtrue|false\fP
+.BI SingleConnectedTechnology=true\ \fR|\fB\ false
Keep only a single connected technology at any time. When a new
service is connected by the user or a better one is found according
to PreferredTechnologies, the new service is kept connected and all
@@ -110,7 +110,7 @@ user will be used until going out of network coverage. With this
setting enabled applications will notice more network breaks than
normal. Default value is false.
.TP
-.B TetheringTechnologies=\fPtechnology1,technology2,...\fP
+.BI TetheringTechnologies= technology\fR[,...]
List of technologies that are allowed to enable tethering separated by ",".
The default value is wifi,bluetooth,gadget. Only those technologies listed
here are used for tethering. If one wants to tether ethernet,
@@ -122,14 +122,23 @@ normal operation of these networks. Due to this ethernet is not
tethered by default. Do not activate ethernet tethering unless you
really know what you are doing.
.TP
-.B PersistentTetheringMode=\fPtrue|false\fP
+.BI PersistentTetheringMode=true\ \fR|\fB\ false
Restore earlier tethering status when returning from offline mode,
re-enabling a technology, and after restarts and reboots.
Default value is false.
.TP
-.B Enable6to4=\fPtrue|false\fP
+.BI Enable6to4=true\ \fR|\fB\ false
Automatically enable Anycast 6to4 if possible. This is not recommended, as the
use of 6to4 will generally lead to a severe degradation of connection quality.
See RFC6343. Default value is false (as recommended by RFC6343 section 4.1).
+.SH "EXAMPLE"
+The following example configuration disables hostname updates and enables
+ethernet tethering.
+.PP
+.nf
+[General]
+AllowHostnameUpdates = false
+TetheringTechnologies = ethernet,wifi,bluetooth,gadget
+.fi
.SH "SEE ALSO"
-.BR Connman (8)
+.BR connman (8)
--
2.6.1
Jaakko Hannikainen
2015-10-26 14:40:02 UTC
Permalink
The 2.5 year old version has tons of outdated info and
is badly formatted. Rewrite the man page for up to date
information, better formatting and examples.
---
doc/connmanctl.1 | 307 ++++++++++++++++++++++++++++++++++++-------------------
1 file changed, 199 insertions(+), 108 deletions(-)

diff --git a/doc/connmanctl.1 b/doc/connmanctl.1
index b71c6e6..cd5fe36 100644
--- a/doc/connmanctl.1
+++ b/doc/connmanctl.1
@@ -1,190 +1,281 @@
-.TH connmanctl 1 07/31/2012 "" "User Commands for Connman CLI"
+.TH connmanctl 1 "2015-10-15" ""
.SH
NAME
connmanctl \- Connman CLI
.SH
SYNOPSIS
-.BR connmanctl " ["
-.BR enable " <technology> | "
-.BR offlinemode "] ["
-.BR disable " <technology> | "
-.BR offlinemode "] ["
-.BR technologies "] ["
-.BR state "] ["
-.BR services " [\-\-properties <service>]] ["
-.BR scan " <technology>] ["
-.BR connect " <service>] ["
-.BR config " <service> \-\-<option> ARGS...] ["
-.BR help " | \-\-help]"
+.BR connmanctl \ [\|\c
+.BI state\fR\ |
+.BI technologies\fR\ |
+.BI enable \ technology\fR|offline\ |
+.BI disable \ technology\fR|offline\ |
+.BI tether \ technology\ \fRon|off\ |
+.BI tether\fR\ wifi\ on|off\ ssid\ passphrase\fR\ |
+.BR services \ [\fIservice\fR]\ |
+.BI peers \ peer\fR\ |
+.BI scan \ technology\fR\ |
+.RI \fBconnect \ service | peer \ |
+.RI \fBdisconnect \ service | peer \ |
+.B config \ \fIservice\ option\ arg\fR...\ |
+.BR vpnconnections \ [\fIconnection\fR]\ |
+.BI help \fR\|]
.PP
.SH
DESCRIPTION
Connmanctl is a Connman command line interface which can be run in two modes:
a plain synchronous command input, and an asynchronous interactive shell.
-To run a specific command the user may enter connmanctl <command> [options]
-[args], or enter connmanctl; in this case, the program will drop into the
-interactive shell.
+To run a specific command the user may enter
+.RI \fBconnmanctl\ command\ [ options ] \fR
+or just \fBconnmanctl\fR, in the latter case an interactive shell will start.
.PP
-Connmantl can handle most simple network connections. It is able to enable/
-disable any technology that exists on the system, display a list of
-services available, connect to/disconnect from any unsecured networks,
-show properties of the system, the technologies, and any individual
-service, and configure all of the properties. It is also able to monitor
-changes in the properties of the services, technologies, and the system.
+Connmanctl can handle most network connections. It can be used to
+enable/disable any technology that exists on the system, display a list of
+services available, connect/disconnect networks, show properties of the system,
+the technologies, and any individual service, and configure all of the
+properties. It is also able to monitor changes in the properties of the
+services, technologies, and the system.
.PP
In the interactive shell, all of the same commands can be used. It
-provides quicker usage when needing to use connmanctl more extensively.
+provides quicker usage when needing to use connmanctl more extensively. In
+addition, connecting to protected wireless access points for the first time
+requires interactive shell.
.SH
COMMANDS AND OPTIONS
.TP
-.BR "help | \-\-help | " "(no arguments)"
+.B help
Shows the abbreviated help menu in the terminal.
.PP
.TP
-.BR enable " <technology>"
+.B state
+Shows the system properties. Includes ths online state of the
+system, offline mode, and session mode.
+.PP
+.TP
+.B technologies
+Shows a list of all technology types existing on the system and
+their properties. See the properties section of the Technology
+API for explanations of each property.
+.PP
+.TP
+.BI enable \ technology
Enables the given technology type (e.g. ethernet, wifi, 3g, etc.)
Turns power on to the technology, but doesn't connect unless
there is a service with autoconnect set to True.
.PP
.TP
-.BR disable " <technology>"
+.BI disable \ technology
Disables the given technology type. Turns power off to the
technology and disconnects if it is already connected.
.PP
.TP
-.B enable offlinemode
+.B enable offline
Enables offline mode. Disconnects and powers down all
technologies system-wide, however each technology can be powered
back on individually.
.PP
.TP
-.B disable offlinemode
+.B disable offline
Disables offline mode. Technologies are powered back on according
to their individual policies.
.PP
.TP
-.B technologies
-Shows a list of all technology types existing on the system and
-their properties. See the properties section of the Technology
-API for explanations of each property.
+.BI tether \ technology \ on \ \fR|\ off
+Enable or disable tethering on \fItechnology\fR. Ethernet cannot be tethered
+by default since tethering it usually breaks local networks. See
+.BR connman.conf (5)
+for enabling.
.PP
.TP
-.B state
-Shows the system properties. Includes ths online state of the
-system, offline mode, and session mode.
+.BR tether\ wifi\ on \ |\ off \ \fIssid\ passphrase
+Enable or disable wireless tethering, as well set the SSID and passphrase.
.PP
.TP
-.BR scan " <technology>"
-Scans for new services on the given technology.
+.B services
+Shows a list of all available services. This includes the
+nearby wifi networks, the wired ethernet connections, bluetooth devices, etc.
+An asterisk in front of the service indicates that the service
+has been connected before.
.PP
.TP
-.B services
-Shows a list of all available service names. This includes the
-names of wifi networks, the wired ethernet connection, names of
-bluetooth devices, etc. These are the names used when a
-<service> command is called for. The service name
-(e.g. Joes-wifi), the service path (e.g.
-wifi_6834534139723_managed_none), or the full service path (e.g.
-/net/connman/Service/wifi_5467631...) are all accepted as valid
-input. An asterisk in front of the service indicates that the
-service is favorited, and a "C" indicates a service that is
-already connected.
+.BI services \ service
+Shows a list of all properties for that service.
+Only the service path (e.g. wifi_6834534139723_managed_none)
+is accepted as a parameter.
.PP
.TP
-.BR "services \-\-properties" " <service>"
-Shows a list of all properties for that service. See the
-properties section of the Service API for explanations of each
-property.
+.BI scan \ technology
+Scans for new services on the given technology.
.PP
.TP
-.BR connect " <service>"
-Connects to the given service if it is unsecured.
+.BI connect \ service
+Connects to the given service. Some services need a so-called
+\fBprovisioning file\fR in order to connect to them, see
+\fBconnman-service.config\fR(5).
.PP
.TP
-.BR disconnect " <service>"
+.BI disconnect \ service
Disconnects from the given service.
.PP
.TP
-.BR config " <service> " \-\-<option>
-Configures a writable property of the given service to the
-value(s) entered after --<option>.
+.BI move-before \ service\ target-service
+Prefer connecting to \fIservice\fR over \fItarget-service\fR.
+.PP
+.TP
+.BI move-after \ service\ target-service
+Prefer connecting to \fItarget-service\fR over \fIservice\fR.
+.PP
+.TP
+.BI config \ service\ option\ arg\fR...
+Configures a writable property of the given service to the value(s) entered
+after \fIoption\fR. See the \fBConfig Options\fR subsection for details.
+.PP
+.TP
+.BI monitor \ target
+Listens for and displays DBus signals sent by Connman. If a currently monitored
+property changes, the changes will be shown. If no \fItarget\fR is specified,
+all changes will be shown. See the \fBMonitor Options\fR subsection for a
+summary of parameters.
+.PP
+.TP
+.BI vpnconnections
+Shows a list of all available vpn connections.
.PP
.TP
-.BR monitor " [\-\-<option>]"
-Listens for and displays DBus signals sent by Connman. The option indicates
-which signals you want to subscribe to. If no option is entered, it displays
-all signals from all interfaces.
+.BI vpnconnections \ connection
+Shows the current properties of \fIconnection\fR.
.PP
.SS
+Commands only available in interactive mode:
+.PP
+.TP
+.BR agent\ on \ |\ off
+Enable or disable the wireless agent, used for entering wireless
+network passphrases. See the \fBEXAMPLE\fR section of this man page for
+an example of connecting to a wireless access point.
+.PP
+.TP
+.BR vpnagent\ on \ |\ off
+Enable or disable the vpn agent, used for entering vpn credentials.
+.SS
Config Options:
.PP
.TP
-.B \-\-autoconnect=y/n
+.BR \fBautoconnect\ on \ |\ off
Sets the autoconnect property of the service.
.PP
.TP
-.B \-\-ipv4
-Configures the IPv4 settings for the service. Enter the settings
-in the order "Method", "Address", "Netmask", then "Gateway"
-after the argument. See the properties section of the Service
-API for more information on these settings and the values
-accepted for them. It also displays a list of changes to both the
-IPv4 settings, and incidental changes to other values related to
-it.
+.BR ipv4\ off \ |\ dhcp \ |\ manual\ \fIaddress\ netmask\ gateway
+Configures the IPv4 settings for the service. The argument
+\fBoff\fR means that IPv4 won't be used, \fBdhcp\fR means that
+dhcp will be used to get the settings and \fBmanual\fR means
+that the given arguments will be used as IPv4 settings.
+.IR address ,\ netmask " and " gateway
+must be valid IPv4 addresses. See the \fBEXAMPLE\fR section
+of this man page for details.
.PP
.TP
-.B \-\-ipv6
-Configures the IPv6 settings for the service. Enter the settings
-in the order "Method", "Address", "PrefixLength", "Gateway", then
-"Privacy". See the properties section of the Service API for more
-information on these settings and the values accepted for them.
-It also displays a list of entered changes to the IPv6 settings,
-and incidental changes to other values related to it.
+.BR ipv6\ off \ |\ auto \ |\ manual\ \fIaddress\ prefixlength\ gateway
+Configures the IPv6 settings for the service. The argument
+\fBoff\fR means that IPv6 won't be used, \fBauto\fR means that
+settings will be asked from the network and \fBmanual\fR means
+that the given arguments will be used as IPv6 settings.
+.IR address " and " gateway
+must be valid IPv4 addresses. \fIprefixlength\fR is the length
+of the prefix in bits. See the \fBEXAMPLE\fR section of this man
+page for details.
.PP
.TP
-.B \-\-nameservers
-Adds to the list of manually configured domain name servers.
-Enter the name servers after the argument separated by spaces.
+.BI nameservers\ dns\fR\ [...]
+Set the list of nameservers, separated by spaces.
.PP
.TP
-.B \-\-timeservers
-Adds to the list of manually configured time servers. Enter the
-time servers after the argument separated by spaces.
+.BI timeservers\ server\fR\ [...]
+Set the list of timeservers, separated by spaces.
.PP
.TP
-.B \-\-domains
-Adds to the list of manually configured search domains. Enter
-the domains after the argument, separated by spaces.
+.BI domains\ domain\fR\ [...]
+Set the list of search domains, separated by spaces.
.PP
.TP
-.B \-\-proxy
-Configures the IPv6 settings for the service. Enter the settings in the
-order "Method", "URL". If the Method is set to "direct", no other arguments
-are taken. If the Method is set to "auto", the URL is optional. To set the
-Servers and Excludes manually, enter "manual" followed by "servers" with a
-list of servers separated by spaces. Then, optionally, the word "excludes"
-followed by a list of excludes separated by spaces. e.g. "./connmanctl config
-joes-wifi \-\-proxy manual servers serv1 serv2 serv3 excludes excl1 excl2"
+.BR proxy\ direct \ |\ auto\fI\ URL \ |\ manual\ \fIserver [...]\ [--excludes\ \fIserver [...]]
+Configures the proxy settings for the service. \fBdirect\fR means that no
+proxy will be used. If using \fBauto\fR without a parameter, the network
+will be asked for the proxy settings. Otherwise, use \fIURL\fR as an
+proxy autoconfiguration URL. When set to \fBmanual\fR, the first list of servers
+is used as proxy servers, and the traffic to the second list of servers are
+excluded from the proxy. The list of excluded servers is optional. See the
+\fBEXAMPLE\fR section of this man page for details.
.PP
.SS
Monitor Options:
.PP
.TP
-.B \-\-services
-Listens for and displays the PropertyChanged signal from the Service interface.
-Also displays the service name (e.g. Joes-wifi) that the property is part of.
-More information, including a list of possible properties can be found in the
-Service API.
+.BR services\ [ off ]
+Listens for changes to services, for example a service getting an IP address.
+.PP
+.TP
+.BR tech\ [ off ]
+Listens for changes to technologies, for example a technology getting enabled.
.PP
.TP
-.B \-\-tech
-Listens for and displays the PropertyChanged signal from the Technology
-interface. More information, including a list of possible properties can be
-found in the Technology API.
+.BR manager\ [ off ]
+Listens for the changes to global properties, available technologies,
+services, and peers.
.PP
.TP
-.B \-\-manager
-Listens for and displays the PropertyChanged, ServicesChanged, TechnologyAdded,
-and TechnologyRemoved signals from the Manager interface. More information on
-these signals and a list of possible properties can be found in the Manager API.
+.BR vpnmanager\ [ off ]
+Listens for added or removed vpn connections.
+.PP
+.TP
+.BR vpnconnection\ [ off ]
+Listens for the changes to vpn connections, for example connecting to a VPN.
+.PP
+.SH
+EXAMPLE
+Listing available technologies:
+.PP
+ $ connmanctl technologies
+.PP
+Listing available services:
+.PP
+ $ connmanctl services
+.PP
+Scanning for wireless networks:
.PP
+ $ connmanctl scan wifi
+.PP
+Using the interactive mode to access a wireless access point:
+.PP
+ $ connmanctl
+ connmanctl> agent on
+ Agent registered
+ connmanctl> connect wifi_100ba9d170fc_666f6f626172_managed_psk
+ Agent RequestInput wifi_100ba9d170fc_666f6f626172_managed_psk
+ Passphrase = [ Type=psk, Requirement=mandatory ]
+ Passphrase? password
+ Connected wifi_100ba9d170fc_666f6f626172_managed_psk
+ connmanctl>
+.PP
+Configuring a static IP from the command line:
+.PP
+ $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk ipv4 manual 192.168.1.101 255.255.255.0 192.168.1.1
+.PP
+Changing the IP back to dhcp:
+.PP
+ $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk ipv4 dhcp
+.PP
+Setting a proxy server:
+.PP
+ $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk proxy manual proxy.example.com
+.PP
+Setting multiple proxy servers:
+.PP
+ $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk proxy manual proxy.example.com http://httpproxy.example.com --excludes internal.example.com
+.PP
+Tethering a wireless connection (ssid "SSID", passphrase "password"):
+.PP
+ $ connmanctl tether wifi on SSID password
+.PP
+.SH
+SEE ALSO
+.BR connman.conf (5), \ connman (8)
--
2.6.1
Patrik Flykt
2015-10-28 08:29:07 UTC
Permalink
Post by Jaakko Hannikainen
This patchset rewrites half of the existing man pages and adds 4
new ones, since the old ones were either badly formatted, incomplete
or simply wrong. It also moves them under automake so that end users
will see proper paths to connman's files instead of suggesting that
they are probably under /var/lib/connman/.
Not many changes from the RFC version, mostly typos here and there.
Mainly changed the build system parts, now only the last patch
touches the build system. If/when the discussion about OpenVPN's MTUs
reaches some end, the appropriate documentation should be updated.
Applied with v2 for patch 8/8, thanks!

Patrik

Loading...