nm-settings(5)


NAME

   nm-settings - Description of settings and properties of NetworkManager
   connection profiles

DESCRIPTION

   NetworkManager is based on a concept of connection profiles, sometimes
   referred to as connections only. These connection profiles contain a
   network configuration. When NetworkManager activates a connection
   profile on a network device the configuration will be applied and an
   active network connection will be established. Users are free to create
   as many connection profiles as they see fit. Thus they are flexible in
   having various network configurations for different networking needs.
   The connection profiles are handled by NetworkManager via settings
   service and are exported on D-Bus
   (/org/freedesktop/NetworkManager/Settings/<num> objects). The
   conceptual objects can be described as follows:

   Connection (profile)
       A specific, encapsulated, independent group of settings describing
       all the configuration required to connect to a specific network. It
       is referred to by a unique identifier called the UUID. A connection
       is tied to a one specific device type, but not necessarily a
       specific hardware device. It is composed of one or more Settings
       objects.

   Setting
       A group of related key/value pairs describing a specific piece of a
       Connection (profile). Settings keys and allowed values are
       described in the tables below. Keys are also referred to as
       properties. Developers can find the setting objects and their
       properties in the libnm-util sources. Look for the class_init
       functions near the bottom of each setting source file.

   The settings and properties shown in tables below list all available
   connection configuration options. However, note that not all settings
   are applicable to all connection types. NetworkManager provides a
   command-line tool nmcli that allows direct configuration of the
   settings and properties according to a connection profile type.  nmcli
   connection editor has also a built-in describe command that can display
   description of particular settings and properties of this page.

   Table 1. 802-1x setting
   
   Key Name                           Value Type            Default Value  Value                                      
                                                                           Description                                
   
   altsubject-matches                 array of string       []             List of strings                            
                                                                           to be matched                              
                                                                           against the                                
                                                                           altSubjectName                             
                                                                           of the                                     
                                                                           certificate                                
                                                                           presented by the                           
                                                                           authentication                             
                                                                           server. If the                             
                                                                           list is empty,                             
                                                                           no verification                            
                                                                           of the server                              
                                                                           certificate's                              
                                                                           altSubjectName                             
                                                                           is performed.                              
   
   anonymous-identity                 string                               Anonymous                                  
                                                                           identity string                            
                                                                           for EAP                                    
                                                                           authentication                             
                                                                           methods.  Used                             
                                                                           as the                                     
                                                                           unencrypted                                
                                                                           identity with                              
                                                                           EAP types that                             
                                                                           support                                    
                                                                           different                                  
                                                                           tunneled                                   
                                                                           identity like                              
                                                                           EAP-TTLS.                                  
   
   ca-cert                            byte array                           Contains the CA                            
                                                                           certificate if                             
                                                                           used by the EAP                            
                                                                           method specified                           
                                                                           in the "eap"                               
                                                                           property.                                  
                                                                           Certificate data                           
                                                                           is specified                               
                                                                           using a                                    
                                                                           "scheme"; two                              
                                                                           are currently                              
                                                                           supported: blob                            
                                                                           and path. When                             
                                                                           using the blob                             
                                                                           scheme (which is                           
                                                                           backwards                                  
                                                                           compatible with                            
                                                                           NM 0.7.x) this                             
                                                                           property should                            
                                                                           be set to the                              
                                                                           certificate's                              
                                                                           DER encoded                                
                                                                           data. When using                           
                                                                           the path scheme,                           
                                                                           this property                              
                                                                           should be set to                           
                                                                           the full UTF-8                             
                                                                           encoded path of                            
                                                                           the certificate,                           
                                                                           prefixed with                              
                                                                           the string                                 
                                                                           "file://" and                              
                                                                           ending with a                              
                                                                           terminating NUL                            
                                                                           byte. This                                 
                                                                           property can be                            
                                                                           unset even if                              
                                                                           the EAP method                             
                                                                           supports CA                                
                                                                           certificates,                              
                                                                           but this allows                            
                                                                           man-in-the-middle                          
                                                                           attacks and is                             
                                                                           NOT recommended.                           
   
   ca-path                            string                               UTF-8 encoded                              
                                                                           path to a                                  
                                                                           directory                                  
                                                                           containing PEM or                          
                                                                           DER formatted                              
                                                                           certificates to                            
                                                                           be added to the                            
                                                                           verification                               
                                                                           chain in addition                          
                                                                           to the                                     
                                                                           certificate                                
                                                                           specified in the                           
                                                                           "ca-cert"                                  
                                                                           property.                                  
   
   client-cert                        byte array                           Contains the                               
                                                                           client                                     
                                                                           certificate if                             
                                                                           used by the EAP                            
                                                                           method specified                           
                                                                           in the "eap"                               
                                                                           property.                                  
                                                                           Certificate data                           
                                                                           is specified                               
                                                                           using a "scheme";                          
                                                                           two are currently                          
                                                                           supported: blob                            
                                                                           and path. When                             
                                                                           using the blob                             
                                                                           scheme (which is                           
                                                                           backwards                                  
                                                                           compatible with                            
                                                                           NM 0.7.x) this                             
                                                                           property should                            
                                                                           be set to the                              
                                                                           certificate's DER                          
                                                                           encoded data.                              
                                                                           When using the                             
                                                                           path scheme, this                          
                                                                           property should                            
                                                                           be set to the                              
                                                                           full UTF-8                                 
                                                                           encoded path of                            
                                                                           the certificate,                           
                                                                           prefixed with the                          
                                                                           string "file://"                           
                                                                           and ending with a                          
                                                                           terminating NUL                            
                                                                           byte.                                      
   
   domain-suffix-match                string                               Constraint for                             
                                                                           server domain                              
                                                                           name. If set,                              
                                                                           this FQDN is used                          
                                                                           as a suffix match                          
                                                                           requirement for                            
                                                                           dNSName                                    
                                                                           element(s) of the                          
                                                                           certificate                                
                                                                           presented by the                           
                                                                           authentication                             
                                                                           server.  If a                              
                                                                           matching dNSName                           
                                                                           is found, this                             
                                                                           constraint is                              
                                                                           met.  If no                                
                                                                           dNSName values                             
                                                                           are present, this                          
                                                                           constraint is                              
                                                                           matched against                            
                                                                           SubjectName CN                             
                                                                           using same suffix                          
                                                                           match comparison.                          
   
   eap                                array of string       []             The allowed EAP                            
                                                                           method to be used                          
                                                                           when                                       
                                                                           authenticating to                          
                                                                           the network with                           
                                                                           802.1x.  Valid                             
                                                                           methods are:                               
                                                                           "leap", "md5",                             
                                                                           "tls", "peap",                             
                                                                           "ttls", "pwd",                             
                                                                           and "fast".  Each                          
                                                                           method requires                            
                                                                           different                                  
                                                                           configuration                              
                                                                           using the                                  
                                                                           properties of                              
                                                                           this setting;                              
                                                                           refer to                                   
                                                                           wpa_supplicant                             
                                                                           documentation for                          
                                                                           the allowed                                
                                                                           combinations.                              
   
   identity                           string                               Identity string                            
                                                                           for EAP                                    
                                                                           authentication                             
                                                                           methods.  Often                            
                                                                           the user's user                            
                                                                           or login name.                             
   
   name                               string                802-1x         The setting's                              
                                                                           name, which                                
                                                                           uniquely                                   
                                                                           identifies the                             
                                                                           setting within                             
                                                                           the connection.                            
                                                                           Each setting type                          
                                                                           has a name unique                          
                                                                           to that type, for                          
                                                                           example "ppp" or                           
                                                                           "wireless" or                              
                                                                           "wired".                                   
   
   pac-file                           string                               UTF-8 encoded                              
                                                                           file path                                  
                                                                           containing PAC                             
                                                                           for EAP-FAST.                              
   
   password                           string                               UTF-8 encoded                              
                                                                           password used for                          
                                                                           EAP                                        
                                                                           authentication                             
                                                                           methods. If both                           
                                                                           the "password"                             
                                                                           property and the                           
                                                                           "password-raw"                             
                                                                           property are                               
                                                                           specified,                                 
                                                                           "password" is                              
                                                                           preferred.                                 
   
   password-flags                     NMSettingSecretFlags                 Flags indicating                           
                                      (uint32)                             how to handle the                          
                                                                           "password"                                 
                                                                           property. (see                             
                                                                           the section                                
                                                                           called "Secret                             
                                                                           flag types:" for                           
                                                                           flag values)                               
   
   password-raw                       byte array                           Password used for                          
                                                                           EAP                                        
                                                                           authentication                             
                                                                           methods, given as                          
                                                                           a byte array to                            
                                                                           allow passwords                            
                                                                           in other                                   
                                                                           encodings than                             
                                                                           UTF-8 to be used.                          
                                                                           If both the                                
                                                                           "password"                                 
                                                                           property and the                           
                                                                           "password-raw"                             
                                                                           property are                               
                                                                           specified,                                 
                                                                           "password" is                              
                                                                           preferred.                                 
   
   password-raw-flags                 NMSettingSecretFlags                 Flags indicating                           
                                      (uint32)                             how to handle the                          
                                                                           "password-raw"                             
                                                                           property. (see                             
                                                                           the section                                
                                                                           called "Secret                             
                                                                           flag types:" for                           
                                                                           flag values)                               
   
   phase1-fast-provisioning           string                               Enables or                                 
                                                                           disables in-line                           
                                                                           provisioning of                            
                                                                           EAP-FAST                                   
                                                                           credentials when                           
                                                                           FAST is specified                          
                                                                           as the EAP method                          
                                                                           in the "eap"                               
                                                                           property.                                  
                                                                           Recognized values                          
                                                                           are "0"                                    
                                                                           (disabled), "1"                            
                                                                           (allow                                     
                                                                           unauthenticated                            
                                                                           provisioning),                             
                                                                           "2" (allow                                 
                                                                           authenticated                              
                                                                           provisioning),                             
                                                                           and "3" (allow                             
                                                                           both                                       
                                                                           authenticated and                          
                                                                           unauthenticated                            
                                                                           provisioning).                             
                                                                           See the                                    
                                                                           wpa_supplicant                             
                                                                           documentation for                          
                                                                           more details.                              
   
   phase1-peaplabel                   string                               Forces use of the                          
                                                                           new PEAP label                             
                                                                           during key                                 
                                                                           derivation.  Some                          
                                                                           RADIUS servers                             
                                                                           may require                                
                                                                           forcing the new                            
                                                                           PEAP label to                              
                                                                           interoperate with                          
                                                                           PEAPv1.  Set to                            
                                                                           "1" to force use                           
                                                                           of the new PEAP                            
                                                                           label.  See the                            
                                                                           wpa_supplicant                             
                                                                           documentation for                          
                                                                           more details.                              
   
   phase1-peapver                     string                               Forces which PEAP                          
                                                                           version is used                            
                                                                           when PEAP is set                           
                                                                           as the EAP method                          
                                                                           in the "eap"                               
                                                                           property.  When                            
                                                                           unset, the                                 
                                                                           version reported                           
                                                                           by the server                              
                                                                           will be used.                              
                                                                           Sometimes when                             
                                                                           using older                                
                                                                           RADIUS servers,                            
                                                                           it is necessary                            
                                                                           to force the                               
                                                                           client to use a                            
                                                                           particular PEAP                            
                                                                           version.  To do                            
                                                                           so, this property                          
                                                                           may be set to "0"                          
                                                                           or "1" to force                            
                                                                           that specific                              
                                                                           PEAP version.                              
   
   phase2-altsubject-matches          array of string       []             List of strings                            
                                                                           to be matched                              
                                                                           against the                                
                                                                           altSubjectName of                          
                                                                           the certificate                            
                                                                           presented by the                           
                                                                           authentication                             
                                                                           server during the                          
                                                                           inner "phase 2"                            
                                                                           authentication.                            
                                                                           If the list is                             
                                                                           empty, no                                  
                                                                           verification of                            
                                                                           the server                                 
                                                                           certificate's                              
                                                                           altSubjectName is                          
                                                                           performed.                                 
   
   phase2-auth                        string                               Specifies the                              
                                                                           allowed "phase 2"                          
                                                                           inner non-EAP                              
                                                                           authentication                             
                                                                           methods when an                            
                                                                           EAP method that                            
                                                                           uses an inner TLS                          
                                                                           tunnel is                                  
                                                                           specified in the                           
                                                                           "eap" property.                            
                                                                           Recognized                                 
                                                                           non-EAP "phase 2"                          
                                                                           methods are                                
                                                                           "pap", "chap",                             
                                                                           "mschap",                                  
                                                                           "mschapv2",                                
                                                                           "gtc", "otp",                              
                                                                           "md5", and "tls".                          
                                                                           Each "phase 2"                             
                                                                           inner method                               
                                                                           requires specific                          
                                                                           parameters for                             
                                                                           successful                                 
                                                                           authentication;                            
                                                                           see the                                    
                                                                           wpa_supplicant                             
                                                                           documentation for                          
                                                                           more details.                              
   
   phase2-autheap                     string                               Specifies the                              
                                                                           allowed "phase 2"                          
                                                                           inner EAP-based                            
                                                                           authentication                             
                                                                           methods when an                            
                                                                           EAP method that                            
                                                                           uses an inner TLS                          
                                                                           tunnel is                                  
                                                                           specified in the                           
                                                                           "eap" property.                            
                                                                           Recognized                                 
                                                                           EAP-based "phase                           
                                                                           2" methods are                             
                                                                           "md5",                                     
                                                                           "mschapv2",                                
                                                                           "otp", "gtc", and                          
                                                                           "tls". Each                                
                                                                           "phase 2" inner                            
                                                                           method requires                            
                                                                           specific                                   
                                                                           parameters for                             
                                                                           successful                                 
                                                                           authentication;                            
                                                                           see the                                    
                                                                           wpa_supplicant                             
                                                                           documentation for                          
                                                                           more details.                              
   
   phase2-ca-cert                     byte array                           Contains the                               
                                                                           "phase 2" CA                               
                                                                           certificate if                             
                                                                           used by the EAP                            
                                                                           method specified                           
                                                                           in the                                     
                                                                           "phase2-auth" or                           
                                                                           "phase2-autheap"                           
                                                                           properties.                                
                                                                           Certificate data                           
                                                                           is specified                               
                                                                           using a "scheme";                          
                                                                           two are currently                          
                                                                           supported: blob                            
                                                                           and path. When                             
                                                                           using the blob                             
                                                                           scheme (which is                           
                                                                           backwards                                  
                                                                           compatible with                            
                                                                           NM 0.7.x) this                             
                                                                           property should                            
                                                                           be set to the                              
                                                                           certificate's DER                          
                                                                           encoded data.                              
                                                                           When using the                             
                                                                           path scheme, this                          
                                                                           property should                            
                                                                           be set to the                              
                                                                           full UTF-8                                 
                                                                           encoded path of                            
                                                                           the certificate,                           
                                                                           prefixed with the                          
                                                                           string "file://"                           
                                                                           and ending with a                          
                                                                           terminating NUL                            
                                                                           byte. This                                 
                                                                           property can be                            
                                                                           unset even if the                          
                                                                           EAP method                                 
                                                                           supports CA                                
                                                                           certificates, but                          
                                                                           this allows                                
                                                                           man-in-the-middle                          
                                                                           attacks and is                             
                                                                           NOT recommended.                           
   
   phase2-ca-path                     string                               UTF-8 encoded                              
                                                                           path to a                                  
                                                                           directory                                  
                                                                           containing PEM or                          
                                                                           DER formatted                              
                                                                           certificates to                            
                                                                           be added to the                            
                                                                           verification                               
                                                                           chain in addition                          
                                                                           to the                                     
                                                                           certificate                                
                                                                           specified in the                           
                                                                           "phase2-ca-cert"                           
                                                                           property.                                  
   
   phase2-client-cert                 byte array                           Contains the                               
                                                                           "phase 2" client                           
                                                                           certificate if                             
                                                                           used by the EAP                            
                                                                           method specified                           
                                                                           in the                                     
                                                                           "phase2-auth" or                           
                                                                           "phase2-autheap"                           
                                                                           properties.                                
                                                                           Certificate data                           
                                                                           is specified                               
                                                                           using a "scheme";                          
                                                                           two are currently                          
                                                                           supported: blob                            
                                                                           and path. When                             
                                                                           using the blob                             
                                                                           scheme (which is                           
                                                                           backwards                                  
                                                                           compatible with                            
                                                                           NM 0.7.x) this                             
                                                                           property should                            
                                                                           be set to the                              
                                                                           certificate's DER                          
                                                                           encoded data.                              
                                                                           When using the                             
                                                                           path scheme, this                          
                                                                           property should                            
                                                                           be set to the                              
                                                                           full UTF-8                                 
                                                                           encoded path of                            
                                                                           the certificate,                           
                                                                           prefixed with the                          
                                                                           string "file://"                           
                                                                           and ending with a                          
                                                                           terminating NUL                            
                                                                           byte. This                                 
                                                                           property can be                            
                                                                           unset even if the                          
                                                                           EAP method                                 
                                                                           supports CA                                
                                                                           certificates, but                          
                                                                           this allows                                
                                                                           man-in-the-middle                          
                                                                           attacks and is                             
                                                                           NOT recommended.                           
   
   phase2-domain-suffix-match         string                               Constraint for                             
                                                                           server domain                              
                                                                           name. If set,                              
                                                                           this FQDN is used                          
                                                                           as a suffix match                          
                                                                           requirement for                            
                                                                           dNSName                                    
                                                                           element(s) of the                          
                                                                           certificate                                
                                                                           presented by the                           
                                                                           authentication                             
                                                                           server during the                          
                                                                           inner "phase 2"                            
                                                                           authentication.                            
                                                                           If a matching                              
                                                                           dNSName is found,                          
                                                                           this constraint                            
                                                                           is met.  If no                             
                                                                           dNSName values                             
                                                                           are present, this                          
                                                                           constraint is                              
                                                                           matched against                            
                                                                           SubjectName CN                             
                                                                           using same suffix                          
                                                                           match comparison.                          
   
   phase2-private-key                 byte array                           Contains the                               
                                                                           "phase 2" inner                            
                                                                           private key when                           
                                                                           the "phase2-auth"                          
                                                                           or                                         
                                                                           "phase2-autheap"                           
                                                                           property is set                            
                                                                           to "tls". Key                              
                                                                           data is specified                          
                                                                           using a "scheme";                          
                                                                           two are currently                          
                                                                           supported: blob                            
                                                                           and path. When                             
                                                                           using the blob                             
                                                                           scheme and                                 
                                                                           private keys,                              
                                                                           this property                              
                                                                           should be set to                           
                                                                           the key's                                  
                                                                           encrypted PEM                              
                                                                           encoded data.                              
                                                                           When using                                 
                                                                           private keys with                          
                                                                           the path scheme,                           
                                                                           this property                              
                                                                           should be set to                           
                                                                           the full UTF-8                             
                                                                           encoded path of                            
                                                                           the key, prefixed                          
                                                                           with the string                            
                                                                           "file://" and                              
                                                                           ending with a                              
                                                                           terminating NUL                            
                                                                           byte. When using                           
                                                                           PKCS#12 format                             
                                                                           private keys and                           
                                                                           the blob scheme,                           
                                                                           this property                              
                                                                           should be set to                           
                                                                           the PKCS#12 data                           
                                                                           and the                                    
                                                                           "phase2-private-key-password"              
                                                                           property must be                           
                                                                           set to password                            
                                                                           used to decrypt                            
                                                                           the PKCS#12                                
                                                                           certificate and                            
                                                                           key. When using                            
                                                                           PKCS#12 files and                          
                                                                           the path scheme,                           
                                                                           this property                              
                                                                           should be set to                           
                                                                           the full UTF-8                             
                                                                           encoded path of                            
                                                                           the key, prefixed                          
                                                                           with the string                            
                                                                           "file://" and and                          
                                                                           ending with a                              
                                                                           terminating NUL                            
                                                                           byte, and as with                          
                                                                           the blob scheme                            
                                                                           the                                        
                                                                           "phase2-private-key-password"              
                                                                           property must be                           
                                                                           set to the                                 
                                                                           password used to                           
                                                                           decode the                                 
                                                                           PKCS#12 private                            
                                                                           key and                                    
                                                                           certificate.                               
   
   phase2-private-key-password        string                               The password used to decrypt               
                                                                           the "phase 2" private key                  
                                                                           specified in the                           
                                                                           "phase2-private-key" property              
                                                                           when the private key either                
                                                                           uses the path scheme, or is a              
                                                                           PKCS#12 format key.                        
   
   phase2-private-key-password-flags  NMSettingSecretFlags                 Flags indicating how to                    
                                      (uint32)                             handle the                                 
                                                                           "phase2-private-key-password"              
                                                                           property. (see the section                 
                                                                           called "Secret flag types:"                
                                                                           for flag values)                           
   
   phase2-subject-match               string                               Substring to be matched                    
                                                                           against the subject of the                 
                                                                           certificate presented by the               
                                                                           authentication server during               
                                                                           the inner "phase 2"                        
                                                                           authentication. When unset,                
                                                                           no verification of the                     
                                                                           authentication server                      
                                                                           certificate's subject is                   
                                                                           performed.  This property                  
                                                                           provides little security, if               
                                                                           any, and its use is                        
                                                                           deprecated in favor of                     
                                                                           NMSetting8021x:phase2-domain-suffix-match. 
   
   pin                                string                               PIN used for EAP authentication methods.   
   
   pin-flags                          NMSettingSecretFlags                 Flags indicating how to handle the "pin"   
                                      (uint32)                             property. (see the section called "Secret  
                                                                           flag types:" for flag values)              
   
   private-key                        byte array                           Contains the private key when the "eap"    
                                                                           property is set to "tls". Key data is      
                                                                           specified using a "scheme"; two are        
                                                                           currently supported: blob and path. When   
                                                                           using the blob scheme and private keys,    
                                                                           this property should be set to the key's   
                                                                           encrypted PEM encoded data. When using     
                                                                           private keys with the path scheme, this    
                                                                           property should be set to the full UTF-8   
                                                                           encoded path of the key, prefixed with the 
                                                                           string "file://" and ending with a         
                                                                           terminating NUL byte. When using PKCS#12   
                                                                           format private keys and the blob scheme,   
                                                                           this property should be set to the PKCS#12 
                                                                           data and the "private-key-password"        
                                                                           property must be set to password used to   
                                                                           decrypt the PKCS#12 certificate and key.   
                                                                           When using PKCS#12 files and the path      
                                                                           scheme, this property should be set to the 
                                                                           full UTF-8 encoded path of the key,        
                                                                           prefixed with the string "file://" and and 
                                                                           ending with a terminating NUL byte, and as 
                                                                           with the blob scheme the                   
                                                                           "private-key-password" property must be    
                                                                           set to the password used to decode the     
                                                                           PKCS#12 private key and certificate.       
                                                                           WARNING: "private-key" is not a "secret"   
                                                                           property, and thus unencrypted private key 
                                                                           data using the BLOB scheme may be readable 
                                                                           by unprivileged users.  Private keys       
                                                                           should always be encrypted with a private  
                                                                           key password to prevent unauthorized       
                                                                           access to unencrypted private key data.    
   
   private-key-password               string                               The password used to decrypt the private   
                                                                           key specified in the "private-key"         
                                                                           property when the private key either uses  
                                                                           the path scheme, or if the private key is  
                                                                           a PKCS#12 format key.                      
   
   private-key-password-flags         NMSettingSecretFlags                 Flags indicating how to handle the         
                                      (uint32)                             "private-key-password" property. (see the  
                                                                           section called "Secret flag types:" for    
                                                                           flag values)                               
   
   subject-match                      string                               Substring to be matched against the        
                                                                           subject of the certificate presented by    
                                                                           the authentication server. When unset, no  
                                                                           verification of the authentication server  
                                                                           certificate's subject is performed.  This  
                                                                           property provides little security, if any, 
                                                                           and its use is deprecated in favor of      
                                                                           NMSetting8021x:domain-suffix-match.        
   
   system-ca-certs                    boolean               FALSE          When TRUE, overrides the "ca-path" and     
                                                                           "phase2-ca-path" properties using the      
                                                                           system CA directory specified at configure 
                                                                           time with the --system-ca-path switch.     
                                                                           The certificates in this directory are     
                                                                           added to the verification chain in         
                                                                           addition to any certificates specified by  
                                                                           the "ca-cert" and "phase2-ca-cert"         
                                                                           properties. If the path provided with      
                                                                           --system-ca-path is rather a file name     
                                                                           (bundle of trusted CA certificates), it    
                                                                           overrides "ca-cert" and "phase2-ca-cert"   
                                                                           properties instead (sets ca_cert/ca_cert2  
                                                                           options for wpa_supplicant).               
   

   Table 2. adsl setting
   
   Key Name        Value Type            Default Value  Value            
                                                        Description      
   
   encapsulation   string                               Encapsulation of 
                                                        ADSL connection. 
                                                        Can be "vcmux"   
                                                        or "llc".        
   
   name            string                adsl           The setting's    
                                                        name, which      
                                                        uniquely         
                                                        identifies the   
                                                        setting within   
                                                        the connection.  
                                                        Each setting     
                                                        type has a name  
                                                        unique to that   
                                                        type, for        
                                                        example "ppp" or 
                                                        "wireless" or    
                                                        "wired".         
   
   password        string                               Password used to 
                                                        authenticate     
                                                        with the ADSL    
                                                        service.         
   
   password-flags  NMSettingSecretFlags                 Flags indicating 
                   (uint32)                             how to handle    
                                                        the "password"   
                                                        property. (see   
                                                        the section      
                                                        called "Secret   
                                                        flag types:" for 
                                                        flag values)     
   
   protocol        string                               ADSL connection  
                                                        protocol.  Can   
                                                        be "pppoa",      
                                                        "pppoe" or       
                                                        "ipoatm".        
   
   username        string                               Username used to 
                                                        authenticate     
                                                        with the ADSL    
                                                        service.         
   
   vci             uint32                0              VCI of ADSL      
                                                        connection       
   
   vpi             uint32                0              VPI of ADSL      
                                                        connection       
   

   Table 3. bluetooth setting
   
   Key Name  Value Type  Default Value  Value            
                                        Description      
   
   bdaddr    byte array                 The Bluetooth    
                                        address of the   
                                        device.          
   
   name      string      bluetooth      The setting's    
                                        name, which      
                                        uniquely         
                                        identifies the   
                                        setting within   
                                        the connection.  
                                        Each setting     
                                        type has a name  
                                        unique to that   
                                        type, for        
                                        example "ppp" or 
                                        "wireless" or    
                                        "wired".         
   
   type      string                     Either "dun" for 
                                        Dial-Up          
                                        Networking       
                                        connections or   
                                        "panu" for       
                                        Personal Area    
                                        Networking       
                                        connections to   
                                        devices          
                                        supporting the   
                                        NAP profile.     
   

   Table 4. bond setting
   
   Key Name        Value Type      Default Value  Value                      
                                                  Description                
   
   interface-name  string                         Deprecated in              
                                                  favor of                   
                                                  connection.interface-name, 
                                                  but can be used            
                                                  for                        
                                                  backward-compatibility     
                                                  with older                 
                                                  daemons, to set            
                                                  the bond's                 
                                                  interface name.            
   
   name            string          bond           The setting's name, which  
                                                  uniquely identifies the    
                                                  setting within the         
                                                  connection.  Each setting  
                                                  type has a name unique to  
                                                  that type, for example     
                                                  "ppp" or "wireless" or     
                                                  "wired".                   
   
   options         dict of string  {'mode':       Dictionary of key/value    
                   to string       'balance-rr'}  pairs of bonding options.  
                                                  Both keys and values must  
                                                  be strings. Option names   
                                                  must contain only          
                                                  alphanumeric characters    
                                                  (ie, [a-zA-Z0-9]).         
   

   Table 5. bridge setting
   
   Key Name            Value Type  Default Value  Value                      
                                                  Description                
   
   ageing-time         uint32      300            The Ethernet MAC           
                                                  address aging              
                                                  time, in                   
                                                  seconds.                   
   
   forward-delay       uint32      15             The Spanning               
                                                  Tree Protocol              
                                                  (STP) forwarding           
                                                  delay, in                  
                                                  seconds.                   
   
   hello-time          uint32      2              The Spanning               
                                                  Tree Protocol              
                                                  (STP) hello                
                                                  time, in                   
                                                  seconds.                   
   
   interface-name      string                     Deprecated in              
                                                  favor of                   
                                                  connection.interface-name, 
                                                  but can be used            
                                                  for                        
                                                  backward-compatibility     
                                                  with older                 
                                                  daemons, to set            
                                                  the bridge's               
                                                  interface name.            
   
   mac-address         byte array                 If specified, the MAC      
                                                  address of bridge. When    
                                                  creating a new bridge,     
                                                  this MAC address will be   
                                                  set. When matching an      
                                                  existing (outside          
                                                  NetworkManager created)    
                                                  bridge, this MAC address   
                                                  must match.                
   
   max-age             uint32      20             The Spanning Tree Protocol 
                                                  (STP) maximum message age, 
                                                  in seconds.                
   
   multicast-snooping  boolean     TRUE           Controls whether IGMP      
                                                  snooping is enabled for    
                                                  this bridge. Note that if  
                                                  snooping was automatically 
                                                  disabled due to hash       
                                                  collisions, the system may 
                                                  refuse to enable the       
                                                  feature until the          
                                                  collisions are resolved.   
   
   name                string      bridge         The setting's name, which  
                                                  uniquely identifies the    
                                                  setting within the         
                                                  connection.  Each setting  
                                                  type has a name unique to  
                                                  that type, for example     
                                                  "ppp" or "wireless" or     
                                                  "wired".                   
   
   priority            uint32      32768          Sets the Spanning Tree     
                                                  Protocol (STP) priority    
                                                  for this bridge.  Lower    
                                                  values are "better"; the   
                                                  lowest priority bridge     
                                                  will be elected the root   
                                                  bridge.                    
   
   stp                 boolean     TRUE           Controls whether Spanning  
                                                  Tree Protocol (STP) is     
                                                  enabled for this bridge.   
   

   Table 6. bridge-port setting
   
   Key Name      Value Type  Default Value  Value            
                                            Description      
   
   hairpin-mode  boolean     FALSE          Enables or       
                                            disabled         
                                            "hairpin mode"   
                                            for the port,    
                                            which allows     
                                            frames to be     
                                            sent back out    
                                            through the port 
                                            the frame was    
                                            received on.     
   
   name          string      bridge-port    The setting's    
                                            name, which      
                                            uniquely         
                                            identifies the   
                                            setting within   
                                            the connection.  
                                            Each setting     
                                            type has a name  
                                            unique to that   
                                            type, for        
                                            example "ppp" or 
                                            "wireless" or    
                                            "wired".         
   
   path-cost     uint32      100            The Spanning     
                                            Tree Protocol    
                                            (STP) port cost  
                                            for destinations 
                                            via this port.   
   
   priority      uint32      32             The Spanning     
                                            Tree Protocol    
                                            (STP) priority   
                                            of this bridge   
                                            port.            
   

   Table 7. cdma setting
   
   Key Name        Value Type            Default Value  Value            
                                                        Description      
   
   name            string                cdma           The setting's    
                                                        name, which      
                                                        uniquely         
                                                        identifies the   
                                                        setting within   
                                                        the connection.  
                                                        Each setting     
                                                        type has a name  
                                                        unique to that   
                                                        type, for        
                                                        example "ppp" or 
                                                        "wireless" or    
                                                        "wired".         
   
   number          string                               The number to    
                                                        dial to          
                                                        establish the    
                                                        connection to    
                                                        the CDMA-based   
                                                        mobile broadband 
                                                        network, if any. 
                                                        If not           
                                                        specified, the   
                                                        default number   
                                                        (#777) is used   
                                                        when required.   
   
   password        string                               The password     
                                                        used to          
                                                        authenticate     
                                                        with the         
                                                        network, if      
                                                        required.  Many  
                                                        providers do not 
                                                        require a        
                                                        password, or     
                                                        accept any       
                                                        password.  But   
                                                        if a password is 
                                                        required, it is  
                                                        specified here.  
   
   password-flags  NMSettingSecretFlags                 Flags indicating 
                   (uint32)                             how to handle    
                                                        the "password"   
                                                        property. (see   
                                                        the section      
                                                        called "Secret   
                                                        flag types:" for 
                                                        flag values)     
   
   username        string                               The username     
                                                        used to          
                                                        authenticate     
                                                        with the         
                                                        network, if      
                                                        required.  Many  
                                                        providers do not 
                                                        require a        
                                                        username, or     
                                                        accept any       
                                                        username.  But   
                                                        if a username is 
                                                        required, it is  
                                                        specified here.  
   

   Table 8. connection setting
   
   Key Name              Value Type                            Default Value  Value                                  
                                                                              Description                            
   
   autoconnect           boolean                               TRUE           Whether or not                         
                                                                              the connection                         
                                                                              should be                              
                                                                              automatically                          
                                                                              connected by                           
                                                                              NetworkManager                         
                                                                              when the                               
                                                                              resources for                          
                                                                              the connection                         
                                                                              are available.                         
                                                                              TRUE to                                
                                                                              automatically                          
                                                                              activate the                           
                                                                              connection,                            
                                                                              FALSE to require                       
                                                                              manual                                 
                                                                              intervention to                        
                                                                              activate the                           
                                                                              connection.                            
   
   autoconnect-priority  int32                                 0              The autoconnect                        
                                                                              priority. If the                       
                                                                              connection is                          
                                                                              set to                                 
                                                                              autoconnect,                           
                                                                              connections with                       
                                                                              higher priority                        
                                                                              will be                                
                                                                              preferred.                             
                                                                              Defaults to 0.                         
                                                                              The higher                             
                                                                              number means                           
                                                                              higher priority.                       
   
   autoconnect-slaves    NMSettingConnectionAutoconnectSlaves                 Whether or not                         
                         (int32)                                              slaves of this                         
                                                                              connection                             
                                                                              should be                              
                                                                              automatically                          
                                                                              brought up when                        
                                                                              NetworkManager                         
                                                                              activates this                         
                                                                              connection. This                       
                                                                              only has a real                        
                                                                              effect for                             
                                                                              master                                 
                                                                              connections. The                       
                                                                              permitted values                       
                                                                              are: 0: leave                          
                                                                              slave                                  
                                                                              connections                            
                                                                              untouched, 1:                          
                                                                              activate all the                       
                                                                              slave                                  
                                                                              connections with                       
                                                                              this connection,                       
                                                                              -1: default. If                        
                                                                              -1 (default) is                        
                                                                              set, global                            
                                                                              connection.autoconnect-slaves          
                                                                              is read to                             
                                                                              determine the                          
                                                                              real value. If                         
                                                                              it is default as                       
                                                                              well, this                             
                                                                              fallbacks to 0.                        
   
   gateway-ping-timeout  uint32                                0              If greater than zero, delay            
                                                                              success of IP addressing               
                                                                              until either the timeout is            
                                                                              reached, or an IP gateway              
                                                                              replies to a ping.                     
   
   id                    string                                               A human readable unique                
                                                                              identifier for the                     
                                                                              connection, like "Work Wi-Fi"          
                                                                              or "T-Mobile 3G".                      
   
   interface-name        string                                               The name of the network                
                                                                              interface this connection is           
                                                                              bound to. If not set, then             
                                                                              the connection can be                  
                                                                              attached to any interface of           
                                                                              the appropriate type (subject          
                                                                              to restrictions imposed by             
                                                                              other settings). For software          
                                                                              devices this specifies the             
                                                                              name of the created device.            
                                                                              For connection types where             
                                                                              interface names cannot easily          
                                                                              be made persistent (e.g.               
                                                                              mobile broadband or USB                
                                                                              Ethernet), this property               
                                                                              should not be used. Setting            
                                                                              this property restricts the            
                                                                              interfaces a connection can            
                                                                              be used with, and if                   
                                                                              interface names change or are          
                                                                              reordered the connection may           
                                                                              be applied to the wrong                
                                                                              interface.                             
   
   lldp                  int32                                 -1             Whether LLDP is enabled for            
                                                                              the connection.                        
   
   master                string                                               Interface name of the master           
                                                                              device or UUID of the master           
                                                                              connection.                            
   
   metered               NMMetered (int32)                                    Whether the connection is              
                                                                              metered. When updating this            
                                                                              property on a currently                
                                                                              activated connection, the              
                                                                              change takes effect                    
                                                                              immediately.                           
   
   name                  string                                connection     The setting's name, which              
                                                                              uniquely identifies the                
                                                                              setting within the                     
                                                                              connection.  Each setting              
                                                                              type has a name unique to              
                                                                              that type, for example "ppp"           
                                                                              or "wireless" or "wired".              
   
   permissions           array of string                       []             An array of strings defining           
                                                                              what access a given user has           
                                                                              to this connection.  If this           
                                                                              is NULL or empty, all users            
                                                                              are allowed to access this             
                                                                              connection.  Otherwise a user          
                                                                              is allowed to access this              
                                                                              connection if and only if              
                                                                              they are in this list. Each            
                                                                              entry is of the form                   
                                                                              "[type]:[id]:[reserved]"; for          
                                                                              example, "user:dcbw:blah". At          
                                                                              this time only the "user"              
                                                                              [type] is allowed.  Any other          
                                                                              values are ignored and                 
                                                                              reserved for future use.               
                                                                              [id] is the username that              
                                                                              this permission refers to,             
                                                                              which may not contain the ":"          
                                                                              character. Any [reserved]              
                                                                              information present must be            
                                                                              ignored and is reserved for            
                                                                              future use.  All of [type],            
                                                                              [id], and [reserved] must be           
                                                                              valid UTF-8.                           
   
   read-only             boolean                               FALSE          FALSE if the connection can            
                                                                              be modified using the                  
                                                                              provided settings service's            
                                                                              D-Bus interface with the               
                                                                              right privileges, or TRUE if           
                                                                              the connection is read-only            
                                                                              and cannot be modified.                
   
   secondaries           array of string                       []             List of connection UUIDs that          
                                                                              should be activated when the           
                                                                              base connection itself is              
                                                                              activated. Currently only VPN          
                                                                              connections are supported.             
   
   slave-type            string                                               Setting name of the device             
                                                                              type of this slave's master            
                                                                              connection (eg, "bond"), or            
                                                                              NULL if this connection is             
                                                                              not a slave.                           
   
   stable-id             string                                               This token to generate stable          
                                                                              IDs for the connection. If             
                                                                              unset, the UUID will be used           
                                                                              instead. The stable-id is              
                                                                              used instead of the                    
                                                                              connection UUID for                    
                                                                              generating IPv6 stable                 
                                                                              private addresses with                 
                                                                              ipv6.addr-gen-mode=stable-privacy.     
                                                                              It is also used to seed the            
                                                                              generated cloned MAC address           
                                                                              for                                    
                                                                              ethernet.cloned-mac-address=stable     
                                                                              and                                    
                                                                              wifi.cloned-mac-address=stable.        
   
   timestamp             uint64                                0              The time, in seconds since the         
                                                                              Unix Epoch, that the connection        
                                                                              was last _successfully_ fully          
                                                                              activated. NetworkManager updates      
                                                                              the connection timestamp               
                                                                              periodically when the connection       
                                                                              is active to ensure that an active     
                                                                              connection has the latest              
                                                                              timestamp. The property is only        
                                                                              meant for reading (changes to this     
                                                                              property will not be preserved).       
   
   type                  string                                               Base type of the connection. For       
                                                                              hardware-dependent connections,        
                                                                              should contain the setting name of     
                                                                              the hardware-type specific setting     
                                                                              (ie, "802-3-ethernet" or               
                                                                              "802-11-wireless" or "bluetooth",      
                                                                              etc), and for non-hardware             
                                                                              dependent connections like VPN or      
                                                                              otherwise, should contain the          
                                                                              setting name of that setting type      
                                                                              (ie, "vpn" or "bridge", etc).          
   
   uuid                  string                                               A universally unique identifier        
                                                                              for the connection, for example        
                                                                              generated with libuuid.  It should     
                                                                              be assigned when the connection is     
                                                                              created, and never changed as long     
                                                                              as the connection still applies to     
                                                                              the same network.  For example, it     
                                                                              should not be changed when the         
                                                                              "id" property or                       
                                                                              NMSettingIP4Config changes, but        
                                                                              might need to be re-created when       
                                                                              the Wi-Fi SSID, mobile broadband       
                                                                              network provider, or "type"            
                                                                              property changes. The UUID must be     
                                                                              in the format                          
                                                                              "2815492f-7e56-435e-b2e9-246bd7cdc664" 
                                                                              (ie, contains only hexadecimal         
                                                                              characters and "-").                   
   
   zone                  string                                               The trust level of a the connection.   
                                                                              Free form case-insensitive string (for 
                                                                              example "Home", "Work", "Public").     
                                                                              NULL or unspecified zone means the     
                                                                              connection will be placed in the       
                                                                              default zone as defined by the         
                                                                              firewall. When updating this property  
                                                                              on a currently activated connection,   
                                                                              the change takes effect immediately.   
   

   Table 9. dcb setting
   
   Key Name                     Value Type         Default Value    Value                         
                                                                    Description                   
   
   app-fcoe-flags               NMSettingDcbFlags                   Specifies the                 
                                (uint32)                            NMSettingDcbFlags             
                                                                    for the DCB FCoE              
                                                                    application.                  
                                                                    Flags may be any              
                                                                    combination of                
                                                                    NM_SETTING_DCB_FLAG_ENABLE    
                                                                    (0x1),                        
                                                                    NM_SETTING_DCB_FLAG_ADVERTISE 
                                                                    (0x2), and                    
                                                                    NM_SETTING_DCB_FLAG_WILLING   
                                                                    (0x4).                        
   
   app-fcoe-mode                string             "fabric"         The FCoE controller mode;     
                                                                    either "fabric" (default) or  
                                                                    "vn2vn".                      
   
   app-fcoe-priority            int32              -1               The highest User Priority (0  
                                                                    - 7) which FCoE frames should 
                                                                    use, or -1 for default        
                                                                    priority.  Only used when the 
                                                                    "app-fcoe-flags" property     
                                                                    includes the                  
                                                                    NM_SETTING_DCB_FLAG_ENABLE    
                                                                    (0x1) flag.                   
   
   app-fip-flags                NMSettingDcbFlags                   Specifies the                 
                                (uint32)                            NMSettingDcbFlags for the DCB 
                                                                    FIP application.  Flags may   
                                                                    be any combination of         
                                                                    NM_SETTING_DCB_FLAG_ENABLE    
                                                                    (0x1),                        
                                                                    NM_SETTING_DCB_FLAG_ADVERTISE 
                                                                    (0x2), and                    
                                                                    NM_SETTING_DCB_FLAG_WILLING   
                                                                    (0x4).                        
   
   app-fip-priority             int32              -1               The highest User Priority (0  
                                                                    - 7) which FIP frames should  
                                                                    use, or -1 for default        
                                                                    priority.  Only used when the 
                                                                    "app-fip-flags" property      
                                                                    includes the                  
                                                                    NM_SETTING_DCB_FLAG_ENABLE    
                                                                    (0x1) flag.                   
   
   app-iscsi-flags              NMSettingDcbFlags                   Specifies the                 
                                (uint32)                            NMSettingDcbFlags for the DCB 
                                                                    iSCSI application.  Flags may 
                                                                    be any combination of         
                                                                    NM_SETTING_DCB_FLAG_ENABLE    
                                                                    (0x1),                        
                                                                    NM_SETTING_DCB_FLAG_ADVERTISE 
                                                                    (0x2), and                    
                                                                    NM_SETTING_DCB_FLAG_WILLING   
                                                                    (0x4).                        
   
   app-iscsi-priority           int32              -1               The highest User Priority (0  
                                                                    - 7) which iSCSI frames       
                                                                    should use, or -1 for default 
                                                                    priority. Only used when the  
                                                                    "app-iscsi-flags" property    
                                                                    includes the                  
                                                                    NM_SETTING_DCB_FLAG_ENABLE    
                                                                    (0x1) flag.                   
   
   name                         string             dcb              The setting's name, which     
                                                                    uniquely identifies the       
                                                                    setting within the            
                                                                    connection.  Each setting     
                                                                    type has a name unique to     
                                                                    that type, for example "ppp"  
                                                                    or "wireless" or "wired".     
   
   priority-bandwidth           array of uint32    [0, 0, 0, 0, 0,  An array of 8 uint values,    
                                                   0, 0, 0]         where the array index         
                                                                    corresponds to the User       
                                                                    Priority (0 - 7) and the      
                                                                    value indicates the           
                                                                    percentage of bandwidth of    
                                                                    the priority's assigned group 
                                                                    that the priority may use.    
                                                                    The sum of all percentages    
                                                                    for priorities which belong   
                                                                    to the same group must total  
                                                                    100 percent.                  
   
   priority-flow-control        array of uint32    [0, 0, 0, 0, 0,  An array of 8 boolean values, 
                                                   0, 0, 0]         where the array index         
                                                                    corresponds to the User       
                                                                    Priority (0 - 7) and the      
                                                                    value indicates whether or    
                                                                    not the corresponding         
                                                                    priority should transmit      
                                                                    priority pause.               
   
   priority-flow-control-flags  NMSettingDcbFlags                   Specifies the                 
                                (uint32)                            NMSettingDcbFlags for DCB     
                                                                    Priority Flow Control (PFC).  
                                                                    Flags may be any combination  
                                                                    of NM_SETTING_DCB_FLAG_ENABLE 
                                                                    (0x1),                        
                                                                    NM_SETTING_DCB_FLAG_ADVERTISE 
                                                                    (0x2), and                    
                                                                    NM_SETTING_DCB_FLAG_WILLING   
                                                                    (0x4).                        
   
   priority-group-bandwidth     array of uint32    [0, 0, 0, 0, 0,  An array of 8 uint values,    
                                                   0, 0, 0]         where the array index         
                                                                    corresponds to the Priority   
                                                                    Group ID (0 - 7) and the      
                                                                    value indicates the           
                                                                    percentage of link bandwidth  
                                                                    allocated to that group.      
                                                                    Allowed values are 0 - 100,   
                                                                    and the sum of all values     
                                                                    must total 100 percent.       
   
   priority-group-flags         NMSettingDcbFlags                   Specifies the                 
                                (uint32)                            NMSettingDcbFlags for DCB     
                                                                    Priority Groups.  Flags may   
                                                                    be any combination of         
                                                                    NM_SETTING_DCB_FLAG_ENABLE    
                                                                    (0x1),                        
                                                                    NM_SETTING_DCB_FLAG_ADVERTISE 
                                                                    (0x2), and                    
                                                                    NM_SETTING_DCB_FLAG_WILLING   
                                                                    (0x4).                        
   
   priority-group-id            array of uint32    [0, 0, 0, 0, 0,  An array of 8 uint values,    
                                                   0, 0, 0]         where the array index         
                                                                    corresponds to the User       
                                                                    Priority (0 - 7) and the      
                                                                    value indicates the Priority  
                                                                    Group ID.  Allowed Priority   
                                                                    Group ID values are 0 - 7 or  
                                                                    15 for the unrestricted       
                                                                    group.                        
   
   priority-strict-bandwidth    array of uint32    [0, 0, 0, 0, 0,  An array of 8 boolean values, 
                                                   0, 0, 0]         where the array index         
                                                                    corresponds to the User       
                                                                    Priority (0 - 7) and the      
                                                                    value indicates whether or    
                                                                    not the priority may use all  
                                                                    of the bandwidth allocated to 
                                                                    its assigned group.           
   
   priority-traffic-class       array of uint32    [0, 0, 0, 0, 0,  An array of 8 uint values,    
                                                   0, 0, 0]         where the array index         
                                                                    corresponds to the User       
                                                                    Priority (0 - 7) and the      
                                                                    value indicates the traffic   
                                                                    class (0 - 7) to which the    
                                                                    priority is mapped.           
   

   Table 10. generic setting
   
   Key Name  Value Type  Default Value  Value            
                                        Description      
   
   name      string      generic        The setting's    
                                        name, which      
                                        uniquely         
                                        identifies the   
                                        setting within   
                                        the connection.  
                                        Each setting     
                                        type has a name  
                                        unique to that   
                                        type, for        
                                        example "ppp" or 
                                        "wireless" or    
                                        "wired".         
   

   Table 11. gsm setting
   
   Key Name         Value Type            Default Value  Value             
                                                         Description       
   
   apn              string                               The GPRS Access   
                                                         Point Name        
                                                         specifying the    
                                                         APN used when     
                                                         establishing a    
                                                         data session      
                                                         with the          
                                                         GSM-based         
                                                         network.  The     
                                                         APN often         
                                                         determines how    
                                                         the user will be  
                                                         billed for their  
                                                         network usage     
                                                         and whether the   
                                                         user has access   
                                                         to the Internet   
                                                         or just a         
                                                         provider-specific 
                                                         walled-garden,    
                                                         so it is          
                                                         important to use  
                                                         the correct APN   
                                                         for the user's    
                                                         mobile broadband  
                                                         plan. The APN     
                                                         may only be       
                                                         composed of the   
                                                         characters a-z,   
                                                         0-9, ., and -     
                                                         per GSM 03.60     
                                                         Section 14.9.     
   
   device-id        string                               The device unique 
                                                         identifier (as    
                                                         given by the WWAN 
                                                         management        
                                                         service) which    
                                                         this connection   
                                                         applies to.  If   
                                                         given, the        
                                                         connection will   
                                                         only apply to the 
                                                         specified device. 
   
   home-only        boolean               FALSE          When TRUE, only   
                                                         connections to    
                                                         the home network  
                                                         will be allowed.  
                                                         Connections to    
                                                         roaming networks  
                                                         will not be made. 
   
   name             string                gsm            The setting's     
                                                         name, which       
                                                         uniquely          
                                                         identifies the    
                                                         setting within    
                                                         the connection.   
                                                         Each setting type 
                                                         has a name unique 
                                                         to that type, for 
                                                         example "ppp" or  
                                                         "wireless" or     
                                                         "wired".          
   
   network-id       string                               The Network ID    
                                                         (GSM LAI format,  
                                                         ie MCC-MNC) to    
                                                         force specific    
                                                         network           
                                                         registration.  If 
                                                         the Network ID is 
                                                         specified,        
                                                         NetworkManager    
                                                         will attempt to   
                                                         force the device  
                                                         to register only  
                                                         on the specified  
                                                         network. This can 
                                                         be used to ensure 
                                                         that the device   
                                                         does not roam     
                                                         when direct       
                                                         roaming control   
                                                         of the device is  
                                                         not otherwise     
                                                         possible.         
   
   number           string                               Number to dial    
                                                         when establishing 
                                                         a PPP data        
                                                         session with the  
                                                         GSM-based mobile  
                                                         broadband         
                                                         network.  Many    
                                                         modems do not     
                                                         require PPP for   
                                                         connections to    
                                                         the mobile        
                                                         network and thus  
                                                         this property     
                                                         should be left    
                                                         blank, which      
                                                         allows            
                                                         NetworkManager to 
                                                         select the        
                                                         appropriate       
                                                         settings          
                                                         automatically.    
   
   password         string                               The password used 
                                                         to authenticate   
                                                         with the network, 
                                                         if required.      
                                                         Many providers do 
                                                         not require a     
                                                         password, or      
                                                         accept any        
                                                         password.  But if 
                                                         a password is     
                                                         required, it is   
                                                         specified here.   
   
   password-flags   NMSettingSecretFlags                 Flags indicating  
                    (uint32)                             how to handle the 
                                                         "password"        
                                                         property. (see    
                                                         the section       
                                                         called "Secret    
                                                         flag types:" for  
                                                         flag values)      
   
   pin              string                               If the SIM is     
                                                         locked with a PIN 
                                                         it must be        
                                                         unlocked before   
                                                         any other         
                                                         operations are    
                                                         requested.        
                                                         Specify the PIN   
                                                         here to allow     
                                                         operation of the  
                                                         device.           
   
   pin-flags        NMSettingSecretFlags                 Flags indicating  
                    (uint32)                             how to handle the 
                                                         "pin" property.   
                                                         (see the section  
                                                         called "Secret    
                                                         flag types:" for  
                                                         flag values)      
   
   sim-id           string                               The SIM card      
                                                         unique identifier 
                                                         (as given by the  
                                                         WWAN management   
                                                         service) which    
                                                         this connection   
                                                         applies to.  If   
                                                         given, the        
                                                         connection will   
                                                         apply to any      
                                                         device also       
                                                         allowed by        
                                                         "device-id" which 
                                                         contains a SIM    
                                                         card matching the 
                                                         given identifier. 
   
   sim-operator-id  string                               A MCC/MNC string  
                                                         like "310260" or  
                                                         "21601"           
                                                         identifying the   
                                                         specific mobile   
                                                         network operator  
                                                         which this        
                                                         connection        
                                                         applies to.  If   
                                                         given, the        
                                                         connection will   
                                                         apply to any      
                                                         device also       
                                                         allowed by        
                                                         "device-id" and   
                                                         "sim-id" which    
                                                         contains a SIM    
                                                         card provisioined 
                                                         by the given      
                                                         operator.         
   
   username         string                               The username used 
                                                         to authenticate   
                                                         with the network, 
                                                         if required.      
                                                         Many providers do 
                                                         not require a     
                                                         username, or      
                                                         accept any        
                                                         username.  But if 
                                                         a username is     
                                                         required, it is   
                                                         specified here.   
   

   Table 12. infiniband setting
   
   Key Name        Value Type  Default Value  Value              
                                              Description        
   
   mac-address     byte array                 If specified,      
                                              this connection    
                                              will only apply    
                                              to the IPoIB       
                                              device whose       
                                              permanent MAC      
                                              address matches.   
                                              This property      
                                              does not change    
                                              the MAC address    
                                              of the device      
                                              (i.e. MAC          
                                              spoofing).         
   
   mtu             uint32      0              If non-zero,       
                                              only transmit      
                                              packets of the     
                                              specified size     
                                              or smaller,        
                                              breaking larger    
                                              packets up into    
                                              multiple frames.   
   
   name            string      infiniband     The setting's      
                                              name, which        
                                              uniquely           
                                              identifies the     
                                              setting within     
                                              the connection.    
                                              Each setting       
                                              type has a name    
                                              unique to that     
                                              type, for          
                                              example "ppp" or   
                                              "wireless" or      
                                              "wired".           
   
   p-key           int32       -1             The InfiniBand     
                                              P_Key to use for   
                                              this device. A     
                                              value of -1        
                                              means to use the   
                                              default P_Key      
                                              (aka "the P_Key    
                                              at index 0").      
                                              Otherwise it is    
                                              a 16-bit           
                                              unsigned           
                                              integer, whose     
                                              high bit is set    
                                              if it is a "full   
                                              membership"        
                                              P_Key.             
   
   parent          string                     The interface      
                                              name of the        
                                              parent device of   
                                              this device.       
                                              Normally NULL,     
                                              but if the         
                                              "p_key" property   
                                              is set, then you   
                                              must specify the   
                                              base device by     
                                              setting either     
                                              this property or   
                                              "mac-address".     
   
   transport-mode  string                     The                
                                              IP-over-InfiniBand 
                                              transport mode.    
                                              Either             
                                              "datagram" or      
                                              "connected".       
   

   Table 13. ipv4 setting
   
   Key Name            Value Type        Default Value  Value                  
                                                        Description            
   
   address-data        array of vardict                 Array of IPv4          
                                                        addresses. Each        
                                                        address                
                                                        dictionary             
                                                        contains at            
                                                        least 'address'        
                                                        and 'prefix'           
                                                        entries,               
                                                        containing the         
                                                        IP address as a        
                                                        string, and the        
                                                        prefix length as       
                                                        a uint32.              
                                                        Additional             
                                                        attributes may         
                                                        also exist on          
                                                        some addresses.        
   
   addresses           array of array    []             Deprecated in          
                       of uint32                        favor of the           
                                                        'address-data'         
                                                        and 'gateway'          
                                                        properties, but        
                                                        this can be used       
                                                        for                    
                                                        backward-compatibility 
                                                        with older             
                                                        daemons. Note          
                                                        that if you send       
                                                        this property          
                                                        the daemon will        
                                                        ignore                 
                                                        'address-data'         
                                                        and 'gateway'.         
                                                        Array of IPv4          
                                                        address                
                                                        structures.            
                                                        Each IPv4              
                                                        address                
                                                        structure is           
                                                        composed of 3          
                                                        32-bit values;         
                                                        the first being        
                                                        the IPv4 address       
                                                        (network byte          
                                                        order), the            
                                                        second the             
                                                        prefix (1 - 32),       
                                                        and last the           
                                                        IPv4 gateway           
                                                        (network byte          
                                                        order). The            
                                                        gateway may be         
                                                        left as 0 if no        
                                                        gateway exists         
                                                        for that subnet.       
   
   dad-timeout         int32             -1             Timeout in             
                                                        milliseconds used to   
                                                        check for the presence 
                                                        of duplicate IP        
                                                        addresses on the       
                                                        network.  If an        
                                                        address conflict is    
                                                        detected, the          
                                                        activation will fail.  
                                                        A zero value means     
                                                        that no duplicate      
                                                        address detection is   
                                                        performed, -1 means    
                                                        the default value      
                                                        (either configuration  
                                                        ipvx.dad-timeout       
                                                        override or 3          
                                                        seconds).  A value     
                                                        greater than zero is a 
                                                        timeout in             
                                                        milliseconds.          
   
   dhcp-client-id      string                           A string sent to the   
                                                        DHCP server to         
                                                        identify the local     
                                                        machine which the DHCP 
                                                        server may use to      
                                                        customize the DHCP     
                                                        lease and options.     
   
   dhcp-fqdn           string                           If the                 
                                                        "dhcp-send-hostname"   
                                                        property is TRUE, then 
                                                        the specified FQDN     
                                                        will be sent to the    
                                                        DHCP server when       
                                                        acquiring a lease.     
                                                        This property and      
                                                        "dhcp-hostname" are    
                                                        mutually exclusive and 
                                                        cannot be set at the   
                                                        same time.             
   
   dhcp-hostname       string                           If the                 
                                                        "dhcp-send-hostname"   
                                                        property is TRUE, then 
                                                        the specified name     
                                                        will be sent to the    
                                                        DHCP server when       
                                                        acquiring a lease.     
                                                        This property and      
                                                        "dhcp-fqdn" are        
                                                        mutually exclusive and 
                                                        cannot be set at the   
                                                        same time.             
   
   dhcp-send-hostname  boolean           TRUE           If TRUE, a hostname is 
                                                        sent to the DHCP       
                                                        server when acquiring  
                                                        a lease. Some DHCP     
                                                        servers use this       
                                                        hostname to update DNS 
                                                        databases, essentially 
                                                        providing a static     
                                                        hostname for the       
                                                        computer.  If the      
                                                        "dhcp-hostname"        
                                                        property is NULL and   
                                                        this property is TRUE, 
                                                        the current persistent 
                                                        hostname of the        
                                                        computer is sent.      
   
   dhcp-timeout        int32             0              A timeout for a DHCP   
                                                        transaction in         
                                                        seconds.               
   
   dns                 array of uint32   []             Array of IP addresses  
                                                        of DNS servers (as     
                                                        network-byte-order     
                                                        integers)              
   
   dns-options         array of string   []             Array of DNS options.  
                                                        NULL means that the    
                                                        options are unset and  
                                                        left at the default.   
                                                        In this case           
                                                        NetworkManager will    
                                                        use default options.   
                                                        This is distinct from  
                                                        an empty list of       
                                                        properties.            
   
   dns-priority        int32             0              DNS priority. The      
                                                        relative priority to   
                                                        be used when           
                                                        determining the order  
                                                        of DNS servers in      
                                                        resolv.conf.  A lower  
                                                        value means that       
                                                        servers will be on top 
                                                        of the file.  Zero     
                                                        selects the default    
                                                        value, which is 50 for 
                                                        VPNs and 100 for other 
                                                        connections.  When     
                                                        multiple devices have  
                                                        configurations with    
                                                        the same priority, the 
                                                        one with an active     
                                                        default route will be  
                                                        preferred.  Note that  
                                                        when using dns=dnsmasq 
                                                        the order is           
                                                        meaningless since      
                                                        dnsmasq forwards       
                                                        queries to all known   
                                                        servers at the same    
                                                        time. Negative values  
                                                        have the special       
                                                        effect of excluding    
                                                        other configurations   
                                                        with a greater         
                                                        priority value; so in  
                                                        presence of at least a 
                                                        negative priority,     
                                                        only DNS servers from  
                                                        configurations with    
                                                        the lowest priority    
                                                        value will be used.    
   
   dns-search          array of string   []             Array of DNS search    
                                                        domains.               
   
   gateway             string                           The gateway associated 
                                                        with this              
                                                        configuration. This is 
                                                        only meaningful if     
                                                        "addresses" is also    
                                                        set.                   
   
   ignore-auto-dns     boolean           FALSE          When "method" is set   
                                                        to "auto" and this     
                                                        property to TRUE,      
                                                        automatically          
                                                        configured nameservers 
                                                        and search domains are 
                                                        ignored and only       
                                                        nameservers and search 
                                                        domains specified in   
                                                        the "dns" and          
                                                        "dns-search"           
                                                        properties, if any,    
                                                        are used.              
   
   ignore-auto-routes  boolean           FALSE          When "method" is set   
                                                        to "auto" and this     
                                                        property to TRUE,      
                                                        automatically          
                                                        configured routes are  
                                                        ignored and only       
                                                        routes specified in    
                                                        the "routes" property, 
                                                        if any, are used.      
   
   may-fail            boolean           TRUE           If TRUE, allow overall 
                                                        network configuration  
                                                        to proceed even if the 
                                                        configuration          
                                                        specified by this      
                                                        property times out.    
                                                        Note that at least one 
                                                        IP configuration must  
                                                        succeed or overall     
                                                        network configuration  
                                                        will still fail.  For  
                                                        example, in IPv6-only  
                                                        networks, setting this 
                                                        property to TRUE on    
                                                        the NMSettingIP4Config 
                                                        allows the overall     
                                                        network configuration  
                                                        to succeed if IPv4     
                                                        configuration fails    
                                                        but IPv6 configuration 
                                                        completes              
                                                        successfully.          
   
   method              string                           IP configuration       
                                                        method.                
                                                        NMSettingIP4Config and 
                                                        NMSettingIP6Config     
                                                        both support "auto",   
                                                        "manual", and          
                                                        "link-local". See the  
                                                        subclass-specific      
                                                        documentation for      
                                                        other values. In       
                                                        general, for the       
                                                        "auto" method,         
                                                        properties such as     
                                                        "dns" and "routes"     
                                                        specify information    
                                                        that is added on to    
                                                        the information        
                                                        returned from          
                                                        automatic              
                                                        configuration.  The    
                                                        "ignore-auto-routes"   
                                                        and "ignore-auto-dns"  
                                                        properties modify this 
                                                        behavior. For methods  
                                                        that imply no upstream 
                                                        network, such as       
                                                        "shared" or            
                                                        "link-local", these    
                                                        properties must be     
                                                        empty. For IPv4 method 
                                                        "shared", the IP       
                                                        subnet can be          
                                                        configured by adding   
                                                        one manual IPv4        
                                                        address or otherwise   
                                                        10.42.x.0/24 is        
                                                        chosen.                
   
   name                string            ipv4           The setting's name,    
                                                        which uniquely         
                                                        identifies the setting 
                                                        within the connection. 
                                                        Each setting type has  
                                                        a name unique to that  
                                                        type, for example      
                                                        "ppp" or "wireless" or 
                                                        "wired".               
   
   never-default       boolean           FALSE          If TRUE, this          
                                                        connection will never  
                                                        be the default         
                                                        connection for this IP 
                                                        type, meaning it will  
                                                        never be assigned the  
                                                        default route by       
                                                        NetworkManager.        
   
   route-data          array of vardict                 Array of IPv4 routes.  
                                                        Each route dictionary  
                                                        contains at least      
                                                        'dest' and 'prefix'    
                                                        entries, containing    
                                                        the destination IP     
                                                        address as a string,   
                                                        and the prefix length  
                                                        as a uint32. Most      
                                                        routes will also have  
                                                        a 'gateway' entry,     
                                                        containing the gateway 
                                                        IP address as a        
                                                        string. If the route   
                                                        has a 'metric' entry   
                                                        (containing a uint32), 
                                                        that will be used as   
                                                        the metric for the     
                                                        route (otherwise NM    
                                                        will pick a default    
                                                        value appropriate to   
                                                        the device).           
                                                        Additional attributes  
                                                        may also exist on some 
                                                        routes.                
   
   route-metric        int64             -1             The default metric for 
                                                        routes that don't      
                                                        explicitly specify a   
                                                        metric. The default    
                                                        value -1 means that    
                                                        the metric is choosen  
                                                        automatically based on 
                                                        the device type. The   
                                                        metric applies to      
                                                        dynamic routes, manual 
                                                        (static) routes that   
                                                        don't have an explicit 
                                                        metric setting,        
                                                        address prefix routes, 
                                                        and the default route. 
                                                        Note that for IPv6,    
                                                        the kernel accepts     
                                                        zero (0) but coerces   
                                                        it to 1024 (user       
                                                        default). Hence,       
                                                        setting this property  
                                                        to zero effectively    
                                                        mean setting it to     
                                                        1024. For IPv4, zero   
                                                        is a regular value for 
                                                        the metric.            
   
   routes              array of array    []             Deprecated in favor of 
                       of uint32                        the 'route-data'       
                                                        property, but this can 
                                                        be used for            
                                                        backward-compatibility 
                                                        with older daemons.    
                                                        Note that if you send  
                                                        this property the      
                                                        daemon will ignore     
                                                        'route-data'.  Array   
                                                        of IPv4 route          
                                                        structures.  Each IPv4 
                                                        route structure is     
                                                        composed of 4 32-bit   
                                                        values; the first      
                                                        being the destination  
                                                        IPv4 network or        
                                                        address (network byte  
                                                        order), the second the 
                                                        destination network or 
                                                        address prefix (1 -    
                                                        32), the third being   
                                                        the next-hop (network  
                                                        byte order) if any,    
                                                        and the fourth being   
                                                        the route metric. If   
                                                        the metric is 0, NM    
                                                        will choose an         
                                                        appropriate default    
                                                        metric for the device. 
                                                        (There is no way to    
                                                        explicitly specify an  
                                                        actual metric of 0     
                                                        with this property.)   
   

   Table 14. ipv6 setting
   
   Key Name            Value Type                 Default Value  Value                                           
                                                                 Description                                     
   
   addr-gen-mode       int32                      1              Configure method                                
                                                                 for creating the                                
                                                                 address for use                                 
                                                                 with RFC4862                                    
                                                                 IPv6 Stateless                                  
                                                                 Address                                         
                                                                 Autoconfiguration.                              
                                                                 The permitted                                   
                                                                 values are:                                     
                                                                 "eui64", or                                     
                                                                 "stable-privacy".                               
                                                                 If the property                                 
                                                                 is set to                                       
                                                                 "eui64", the                                    
                                                                 addresses will                                  
                                                                 be generated                                    
                                                                 using the                                       
                                                                 interface tokens                                
                                                                 derived from                                    
                                                                 hardware                                        
                                                                 address. This                                   
                                                                 makes the host                                  
                                                                 part of the                                     
                                                                 address to stay                                 
                                                                 constant, making                                
                                                                 it possible to                                  
                                                                 track host's                                    
                                                                 presence when it                                
                                                                 changes                                         
                                                                 networks. The                                   
                                                                 address changes                                 
                                                                 when the                                        
                                                                 interface                                       
                                                                 hardware is                                     
                                                                 replaced. The                                   
                                                                 value of                                        
                                                                 "stable-privacy"                                
                                                                 enables use of                                  
                                                                 cryptographically                               
                                                                 secure hash of a                                
                                                                 secret                                          
                                                                 host-specific                                   
                                                                 key along with                                  
                                                                 the connection                                  
                                                                 identification                                  
                                                                 and the network                                 
                                                                 address as                                      
                                                                 specified by                                    
                                                                 RFC7217. This                                   
                                                                 makes it                                        
                                                                 impossible to                                   
                                                                 use the address                                 
                                                                 track host's                                    
                                                                 presence, and                                   
                                                                 makes the                                       
                                                                 address stable                                  
                                                                 when the network                                
                                                                 interface                                       
                                                                 hardware is                                     
                                                                 replaced. On                                    
                                                                 D-Bus, the                                      
                                                                 absence of an                                   
                                                                 addr-gen-mode                                   
                                                                 setting equals                                  
                                                                 enabling                                        
                                                                 "stable-privacy".                               
                                                                 For keyfile                                     
                                                                 plugin, the                                     
                                                                 absence of the                                  
                                                                 setting on disk                                 
                                                                 means "eui64" so                                
                                                                 that the                                        
                                                                 property doesn't                                
                                                                 change on                                       
                                                                 upgrade from                                    
                                                                 older versions.                                 
                                                                 Note that this                                  
                                                                 setting is                                      
                                                                 distinct from                                   
                                                                 the Privacy                                     
                                                                 Extensions as                                   
                                                                 configured by                                   
                                                                 "ip6-privacy"                                   
                                                                 property and it                                 
                                                                 does not affect                                 
                                                                 the temporary                                   
                                                                 addresses                                       
                                                                 configured with                                 
                                                                 this option.                                    
   
   address-data        array of vardict                          Array of IPv6                                   
                                                                 addresses. Each                                 
                                                                 address dictionary                              
                                                                 contains at least                               
                                                                 'address' and                                   
                                                                 'prefix' entries,                               
                                                                 containing the IP                               
                                                                 address as a                                    
                                                                 string, and the                                 
                                                                 prefix length as a                              
                                                                 uint32. Additional                              
                                                                 attributes may                                  
                                                                 also exist on some                              
                                                                 addresses.                                      
   
   addresses           array of legacy            []             Deprecated in                                   
                       IPv6 address                              favor of the                                    
                       struct                                    'address-data' and                              
                       (a(ayuay))                                'gateway'                                       
                                                                 properties, but                                 
                                                                 this can be used                                
                                                                 for                                             
                                                                 backward-compatibility                          
                                                                 with older                                      
                                                                 daemons. Note that                              
                                                                 if you send this                                
                                                                 property the                                    
                                                                 daemon will ignore                              
                                                                 'address-data' and                              
                                                                 'gateway'.  Array                               
                                                                 of IPv6 address                                 
                                                                 structures.  Each                               
                                                                 IPv6 address                                    
                                                                 structure is                                    
                                                                 composed of an                                  
                                                                 IPv6 address, a                                 
                                                                 prefix length (1 -                              
                                                                 128), and an IPv6                               
                                                                 gateway address.                                
                                                                 The gateway may be                              
                                                                 zeroed out if no                                
                                                                 gateway exists for                              
                                                                 that subnet.                                    
   
   dad-timeout         int32                      -1             Timeout in                                      
                                                                 milliseconds used to                            
                                                                 check for the presence                          
                                                                 of duplicate IP                                 
                                                                 addresses on the                                
                                                                 network.  If an                                 
                                                                 address conflict is                             
                                                                 detected, the                                   
                                                                 activation will fail.                           
                                                                 A zero value means                              
                                                                 that no duplicate                               
                                                                 address detection is                            
                                                                 performed, -1 means                             
                                                                 the default value                               
                                                                 (either configuration                           
                                                                 ipvx.dad-timeout                                
                                                                 override or 3                                   
                                                                 seconds).  A value                              
                                                                 greater than zero is a                          
                                                                 timeout in                                      
                                                                 milliseconds.                                   
   
   dhcp-hostname       string                                    If the                                          
                                                                 "dhcp-send-hostname"                            
                                                                 property is TRUE, then                          
                                                                 the specified name                              
                                                                 will be sent to the                             
                                                                 DHCP server when                                
                                                                 acquiring a lease.                              
                                                                 This property and                               
                                                                 "dhcp-fqdn" are                                 
                                                                 mutually exclusive and                          
                                                                 cannot be set at the                            
                                                                 same time.                                      
   
   dhcp-send-hostname  boolean                    TRUE           If TRUE, a hostname is                          
                                                                 sent to the DHCP                                
                                                                 server when acquiring                           
                                                                 a lease. Some DHCP                              
                                                                 servers use this                                
                                                                 hostname to update DNS                          
                                                                 databases, essentially                          
                                                                 providing a static                              
                                                                 hostname for the                                
                                                                 computer.  If the                               
                                                                 "dhcp-hostname"                                 
                                                                 property is NULL and                            
                                                                 this property is TRUE,                          
                                                                 the current persistent                          
                                                                 hostname of the                                 
                                                                 computer is sent.                               
   
   dhcp-timeout        int32                      0              A timeout for a DHCP                            
                                                                 transaction in                                  
                                                                 seconds.                                        
   
   dns                 array of byte              []             Array of IP addresses                           
                       array                                     of DNS servers (in                              
                                                                 network byte order)                             
   
   dns-options         array of string            []             Array of DNS options.                           
                                                                 NULL means that the                             
                                                                 options are unset and                           
                                                                 left at the default.                            
                                                                 In this case                                    
                                                                 NetworkManager will                             
                                                                 use default options.                            
                                                                 This is distinct from                           
                                                                 an empty list of                                
                                                                 properties.                                     
   
   dns-priority        int32                      0              DNS priority. The                               
                                                                 relative priority to                            
                                                                 be used when                                    
                                                                 determining the order                           
                                                                 of DNS servers in                               
                                                                 resolv.conf.  A lower                           
                                                                 value means that                                
                                                                 servers will be on top                          
                                                                 of the file.  Zero                              
                                                                 selects the default                             
                                                                 value, which is 50 for                          
                                                                 VPNs and 100 for other                          
                                                                 connections.  When                              
                                                                 multiple devices have                           
                                                                 configurations with                             
                                                                 the same priority, the                          
                                                                 one with an active                              
                                                                 default route will be                           
                                                                 preferred.  Note that                           
                                                                 when using dns=dnsmasq                          
                                                                 the order is                                    
                                                                 meaningless since                               
                                                                 dnsmasq forwards                                
                                                                 queries to all known                            
                                                                 servers at the same                             
                                                                 time. Negative values                           
                                                                 have the special                                
                                                                 effect of excluding                             
                                                                 other configurations                            
                                                                 with a greater                                  
                                                                 priority value; so in                           
                                                                 presence of at least a                          
                                                                 negative priority,                              
                                                                 only DNS servers from                           
                                                                 configurations with                             
                                                                 the lowest priority                             
                                                                 value will be used.                             
   
   dns-search          array of string            []             Array of DNS search                             
                                                                 domains.                                        
   
   gateway             string                                    The gateway associated                          
                                                                 with this                                       
                                                                 configuration. This is                          
                                                                 only meaningful if                              
                                                                 "addresses" is also                             
                                                                 set.                                            
   
   ignore-auto-dns     boolean                    FALSE          When "method" is set                            
                                                                 to "auto" and this                              
                                                                 property to TRUE,                               
                                                                 automatically                                   
                                                                 configured nameservers                          
                                                                 and search domains are                          
                                                                 ignored and only                                
                                                                 nameservers and search                          
                                                                 domains specified in                            
                                                                 the "dns" and                                   
                                                                 "dns-search"                                    
                                                                 properties, if any,                             
                                                                 are used.                                       
   
   ignore-auto-routes  boolean                    FALSE          When "method" is set                            
                                                                 to "auto" and this                              
                                                                 property to TRUE,                               
                                                                 automatically                                   
                                                                 configured routes are                           
                                                                 ignored and only                                
                                                                 routes specified in                             
                                                                 the "routes" property,                          
                                                                 if any, are used.                               
   
   ip6-privacy         NMSettingIP6ConfigPrivacy                 Configure IPv6 Privacy                          
                       (int32)                                   Extensions for SLAAC,                           
                                                                 described in RFC4941.                           
                                                                 If enabled, it makes                            
                                                                 the kernel generate a                           
                                                                 temporary IPv6 address                          
                                                                 in addition to the                              
                                                                 public one generated                            
                                                                 from MAC address via                            
                                                                 modified EUI-64.  This                          
                                                                 enhances privacy, but                           
                                                                 could cause problems                            
                                                                 in some applications,                           
                                                                 on the other hand.                              
                                                                 The permitted values                            
                                                                 are: -1: unknown, 0:                            
                                                                 disabled, 1: enabled                            
                                                                 (prefer public                                  
                                                                 address), 2: enabled                            
                                                                 (prefer temporary                               
                                                                 addresses). Having a                            
                                                                 per-connection setting                          
                                                                 set to "-1" (unknown)                           
                                                                 means fallback to                               
                                                                 global configuration                            
                                                                 "ipv6.ip6-privacy". If                          
                                                                 also global                                     
                                                                 configuration is                                
                                                                 unspecified or set to                           
                                                                 "-1", fallback to read                          
                                                                 "/proc/sys/net/ipv6/conf/default/use_tempaddr". 
                                                                 Note that this setting                          
                                                                 is distinct from the                            
                                                                 Stable Privacy                                  
                                                                 addresses that can be                           
                                                                 enabled with the                                
                                                                 "addr-gen-mode"                                 
                                                                 property's                                      
                                                                 "stable-privacy"                                
                                                                 setting as another way                          
                                                                 of avoiding host                                
                                                                 tracking with IPv6                              
                                                                 addresses.                                      
   
   may-fail            boolean                    TRUE           If TRUE, allow overall network configuration to 
                                                                 proceed even if the configuration specified by  
                                                                 this property times out.  Note that at least    
                                                                 one IP configuration must succeed or overall    
                                                                 network configuration will still fail.  For     
                                                                 example, in IPv6-only networks, setting this    
                                                                 property to TRUE on the NMSettingIP4Config      
                                                                 allows the overall network configuration to     
                                                                 succeed if IPv4 configuration fails but IPv6    
                                                                 configuration completes successfully.           
   
   method              string                                    IP configuration method. NMSettingIP4Config and 
                                                                 NMSettingIP6Config both support "auto",         
                                                                 "manual", and "link-local". See the             
                                                                 subclass-specific documentation for other       
                                                                 values. In general, for the "auto" method,      
                                                                 properties such as "dns" and "routes" specify   
                                                                 information that is added on to the information 
                                                                 returned from automatic configuration.  The     
                                                                 "ignore-auto-routes" and "ignore-auto-dns"      
                                                                 properties modify this behavior. For methods    
                                                                 that imply no upstream network, such as         
                                                                 "shared" or "link-local", these properties must 
                                                                 be empty. For IPv4 method "shared", the IP      
                                                                 subnet can be configured by adding one manual   
                                                                 IPv4 address or otherwise 10.42.x.0/24 is       
                                                                 chosen.                                         
   
   name                string                     ipv6           The setting's name, which uniquely identifies   
                                                                 the setting within the connection.  Each        
                                                                 setting type has a name unique to that type,    
                                                                 for example "ppp" or "wireless" or "wired".     
   
   never-default       boolean                    FALSE          If TRUE, this connection will never be the      
                                                                 default connection for this IP type, meaning it 
                                                                 will never be assigned the default route by     
                                                                 NetworkManager.                                 
   
   route-data          array of vardict                          Array of IPv6 routes. Each route dictionary     
                                                                 contains at least 'dest' and 'prefix' entries,  
                                                                 containing the destination IP address as a      
                                                                 string, and the prefix length as a uint32. Most 
                                                                 routes will also have a 'next-hop' entry,       
                                                                 containing the next hop IP address as a string. 
                                                                 If the route has a 'metric' entry (containing a 
                                                                 uint32), that will be used as the metric for    
                                                                 the route (otherwise NM will pick a default     
                                                                 value appropriate to the device). Additional    
                                                                 attributes may also exist on some routes.       
   
   route-metric        int64                      -1             The default metric for routes that don't        
                                                                 explicitly specify a metric. The default value  
                                                                 -1 means that the metric is choosen             
                                                                 automatically based on the device type. The     
                                                                 metric applies to dynamic routes, manual        
                                                                 (static) routes that don't have an explicit     
                                                                 metric setting, address prefix routes, and the  
                                                                 default route. Note that for IPv6, the kernel   
                                                                 accepts zero (0) but coerces it to 1024 (user   
                                                                 default). Hence, setting this property to zero  
                                                                 effectively mean setting it to 1024. For IPv4,  
                                                                 zero is a regular value for the metric.         
   
   routes              array of legacy IPv6       []             Deprecated in favor of the 'route-data'         
                       route struct (a(ayuayu))                  property, but this can be used for              
                                                                 backward-compatibility with older daemons. Note 
                                                                 that if you send this property the daemon will  
                                                                 ignore 'route-data'.  Array of IPv6 route       
                                                                 structures.  Each IPv6 route structure is       
                                                                 composed of an IPv6 address, a prefix length (1 
                                                                 - 128), an IPv6 next hop address (which may be  
                                                                 zeroed out if there is no next hop), and a      
                                                                 metric. If the metric is 0, NM will choose an   
                                                                 appropriate default metric for the device.      
   
   token               string                                    Configure the token for                         
                                                                 draft-chown-6man-tokenised-ipv6-identifiers-02  
                                                                 IPv6 tokenized interface identifiers. Useful    
                                                                 with eui64 addr-gen-mode.                       
   

   Table 15. ip-tunnel setting
   
   Key Name             Value Type  Default Value  Value                  
                                                   Description            
   
   encapsulation-limit  uint32      0              How many               
                                                   additional             
                                                   levels of              
                                                   encapsulation          
                                                   are permitted to       
                                                   be prepended to        
                                                   packets. This          
                                                   property applies       
                                                   only to IPv6           
                                                   tunnels.               
   
   flow-label           uint32      0              The flow label         
                                                   to assign to           
                                                   tunnel packets.        
                                                   This property          
                                                   applies only to        
                                                   IPv6 tunnels.          
   
   input-key            string                     The key used for       
                                                   tunnel input           
                                                   packets; the           
                                                   property is            
                                                   valid only for         
                                                   certain tunnel         
                                                   modes (GRE,            
                                                   IP6GRE). If            
                                                   empty, no key is       
                                                   used.                  
   
   local                string                     The local              
                                                   endpoint of the        
                                                   tunnel; the            
                                                   value can be           
                                                   empty, otherwise       
                                                   it must contain        
                                                   an IPv4 or IPv6        
                                                   address.               
   
   mode                 uint32      0              The tunneling          
                                                   mode, for              
                                                   example                
                                                   NM_IP_TUNNEL_MODE_IPIP 
                                                   (1) or                 
                                                   NM_IP_TUNNEL_MODE_GRE  
                                                   (2).                   
   
   mtu                  uint32      0              None                   
   
   name                 string      ip-tunnel      The setting's name,    
                                                   which uniquely         
                                                   identifies the setting 
                                                   within the connection. 
                                                   Each setting type has  
                                                   a name unique to that  
                                                   type, for example      
                                                   "ppp" or "wireless" or 
                                                   "wired".               
   
   output-key           string                     The key used for       
                                                   tunnel output packets; 
                                                   the property is valid  
                                                   only for certain       
                                                   tunnel modes (GRE,     
                                                   IP6GRE). If empty, no  
                                                   key is used.           
   
   parent               string                     If given, specifies    
                                                   the parent interface   
                                                   name or parent         
                                                   connection UUID the    
                                                   new device will be     
                                                   bound to so that       
                                                   tunneled packets will  
                                                   only be routed via     
                                                   that interface.        
   
   path-mtu-discovery   boolean     TRUE           Whether to enable Path 
                                                   MTU Discovery on this  
                                                   tunnel.                
   
   remote               string                     The remote endpoint of 
                                                   the tunnel; the value  
                                                   must contain an IPv4   
                                                   or IPv6 address.       
   
   tos                  uint32      0              The type of service    
                                                   (IPv4) or traffic      
                                                   class (IPv6) field to  
                                                   be set on tunneled     
                                                   packets.               
   
   ttl                  uint32      0              The TTL to assign to   
                                                   tunneled packets. 0 is 
                                                   a special value        
                                                   meaning that packets   
                                                   inherit the TTL value. 
   

   Table 16. macvlan setting
   
   Key Name     Value Type  Default Value  Value            
                                           Description      
   
   mode         uint32      0              The macvlan      
                                           mode, which      
                                           specifies the    
                                           communication    
                                           mechanism        
                                           between multiple 
                                           macvlans on the  
                                           same lower       
                                           device.          
   
   name         string      macvlan        The setting's    
                                           name, which      
                                           uniquely         
                                           identifies the   
                                           setting within   
                                           the connection.  
                                           Each setting     
                                           type has a name  
                                           unique to that   
                                           type, for        
                                           example "ppp" or 
                                           "wireless" or    
                                           "wired".         
   
   parent       string                     If given,        
                                           specifies the    
                                           parent interface 
                                           name or parent   
                                           connection UUID  
                                           from which this  
                                           MAC-VLAN         
                                           interface should 
                                           be created.  If  
                                           this property is 
                                           not specified,   
                                           the connection   
                                           must contain an  
                                           "802-3-ethernet" 
                                           setting with a   
                                           "mac-address"    
                                           property.        
   
   promiscuous  boolean     TRUE           Whether the      
                                           interface should 
                                           be put in        
                                           promiscuous      
                                           mode.            
   
   tap          boolean     FALSE          Whether the      
                                           interface should 
                                           be a MACVTAP.    
   

   Table 17. 802-11-olpc-mesh setting
   
   Key Name              Value Type  Default Value     Value            
                                                       Description      
   
   channel               uint32      0                 Channel on which 
                                                       the mesh network 
                                                       to join is       
                                                       located.         
   
   dhcp-anycast-address  byte array                    Anycast DHCP MAC 
                                                       address used     
                                                       when requesting  
                                                       an IP address    
                                                       via DHCP. The    
                                                       specific anycast 
                                                       address used     
                                                       determines which 
                                                       DHCP server      
                                                       class answers    
                                                       the request.     
   
   name                  string      802-11-olpc-mesh  The setting's    
                                                       name, which      
                                                       uniquely         
                                                       identifies the   
                                                       setting within   
                                                       the connection.  
                                                       Each setting     
                                                       type has a name  
                                                       unique to that   
                                                       type, for        
                                                       example "ppp" or 
                                                       "wireless" or    
                                                       "wired".         
   
   ssid                  byte array                    SSID of the mesh 
                                                       network to join. 
   

   Table 18. ppp setting
   
   Key Name           Value Type  Default Value  Value               
                                                 Description         
   
   baud               uint32      0              If non-zero,        
                                                 instruct pppd to    
                                                 set the serial      
                                                 port to the         
                                                 specified           
                                                 baudrate.  This     
                                                 value should        
                                                 normally be left    
                                                 as 0 to             
                                                 automatically       
                                                 choose the          
                                                 speed.              
   
   crtscts            boolean     FALSE          If TRUE, specify    
                                                 that pppd should    
                                                 set the serial      
                                                 port to use         
                                                 hardware flow       
                                                 control with RTS    
                                                 and CTS signals.    
                                                 This value          
                                                 should normally     
                                                 be set to FALSE.    
   
   lcp-echo-failure   uint32      0              If non-zero,        
                                                 instruct pppd to    
                                                 presume the         
                                                 connection to       
                                                 the peer has        
                                                 failed if the       
                                                 specified number    
                                                 of LCP              
                                                 echo-requests go    
                                                 unanswered by       
                                                 the peer.  The      
                                                 "lcp-echo-interval" 
                                                 property must       
                                                 also be set to a    
                                                 non-zero value      
                                                 if this property    
                                                 is used.            
   
   lcp-echo-interval  uint32      0              If non-zero,        
                                                 instruct pppd to    
                                                 send an LCP         
                                                 echo-request frame  
                                                 to the peer every n 
                                                 seconds (where n is 
                                                 the specified       
                                                 value).  Note that  
                                                 some PPP peers will 
                                                 respond to echo     
                                                 requests and some   
                                                 will not, and it is 
                                                 not possible to     
                                                 autodetect this.    
   
   mppe-stateful      boolean     FALSE          If TRUE, stateful   
                                                 MPPE is used.  See  
                                                 pppd documentation  
                                                 for more            
                                                 information on      
                                                 stateful MPPE.      
   
   mru                uint32      0              If non-zero,        
                                                 instruct pppd to    
                                                 request that the    
                                                 peer send packets   
                                                 no larger than the  
                                                 specified size.  If 
                                                 non-zero, the MRU   
                                                 should be between   
                                                 128 and 16384.      
   
   mtu                uint32      0              If non-zero,        
                                                 instruct pppd to    
                                                 send packets no     
                                                 larger than the     
                                                 specified size.     
   
   name               string      ppp            The setting's name, 
                                                 which uniquely      
                                                 identifies the      
                                                 setting within the  
                                                 connection.  Each   
                                                 setting type has a  
                                                 name unique to that 
                                                 type, for example   
                                                 "ppp" or "wireless" 
                                                 or "wired".         
   
   no-vj-comp         boolean     FALSE          If TRUE, Van        
                                                 Jacobsen TCP header 
                                                 compression will    
                                                 not be requested.   
   
   noauth             boolean     TRUE           If TRUE, do not     
                                                 require the other   
                                                 side (usually the   
                                                 PPP server) to      
                                                 authenticate itself 
                                                 to the client.  If  
                                                 FALSE, require      
                                                 authentication from 
                                                 the remote side.    
                                                 In almost all       
                                                 cases, this should  
                                                 be TRUE.            
   
   nobsdcomp          boolean     FALSE          If TRUE, BSD        
                                                 compression will    
                                                 not be requested.   
   
   nodeflate          boolean     FALSE          If TRUE, "deflate"  
                                                 compression will    
                                                 not be requested.   
   
   refuse-chap        boolean     FALSE          If TRUE, the CHAP   
                                                 authentication      
                                                 method will not be  
                                                 used.               
   
   refuse-eap         boolean     FALSE          If TRUE, the EAP    
                                                 authentication      
                                                 method will not be  
                                                 used.               
   
   refuse-mschap      boolean     FALSE          If TRUE, the MSCHAP 
                                                 authentication      
                                                 method will not be  
                                                 used.               
   
   refuse-mschapv2    boolean     FALSE          If TRUE, the        
                                                 MSCHAPv2            
                                                 authentication      
                                                 method will not be  
                                                 used.               
   
   refuse-pap         boolean     FALSE          If TRUE, the PAP    
                                                 authentication      
                                                 method will not be  
                                                 used.               
   
   require-mppe       boolean     FALSE          If TRUE, MPPE       
                                                 (Microsoft          
                                                 Point-to-Point      
                                                 Encrpytion) will be 
                                                 required for the    
                                                 PPP session.  If    
                                                 either 64-bit or    
                                                 128-bit MPPE is not 
                                                 available the       
                                                 session will fail.  
                                                 Note that MPPE is   
                                                 not used on mobile  
                                                 broadband           
                                                 connections.        
   
   require-mppe-128   boolean     FALSE          If TRUE, 128-bit    
                                                 MPPE (Microsoft     
                                                 Point-to-Point      
                                                 Encrpytion) will be 
                                                 required for the    
                                                 PPP session, and    
                                                 the "require-mppe"  
                                                 property must also  
                                                 be set to TRUE.  If 
                                                 128-bit MPPE is not 
                                                 available the       
                                                 session will fail.  
   

   Table 19. pppoe setting
   
   Key Name        Value Type            Default Value  Value            
                                                        Description      
   
   name            string                pppoe          The setting's    
                                                        name, which      
                                                        uniquely         
                                                        identifies the   
                                                        setting within   
                                                        the connection.  
                                                        Each setting     
                                                        type has a name  
                                                        unique to that   
                                                        type, for        
                                                        example "ppp" or 
                                                        "wireless" or    
                                                        "wired".         
   
   password        string                               Password used to 
                                                        authenticate     
                                                        with the PPPoE   
                                                        service.         
   
   password-flags  NMSettingSecretFlags                 Flags indicating 
                   (uint32)                             how to handle    
                                                        the "password"   
                                                        property. (see   
                                                        the section      
                                                        called "Secret   
                                                        flag types:" for 
                                                        flag values)     
   
   service         string                               If specified,    
                                                        instruct PPPoE   
                                                        to only initiate 
                                                        sessions with    
                                                        access           
                                                        concentrators    
                                                        that provide the 
                                                        specified        
                                                        service.  For    
                                                        most providers,  
                                                        this should be   
                                                        left blank.  It  
                                                        is only required 
                                                        if there are     
                                                        multiple access  
                                                        concentrators or 
                                                        a specific       
                                                        service is known 
                                                        to be required.  
   
   username        string                               Username used to 
                                                        authenticate     
                                                        with the PPPoE   
                                                        service.         
   

   Table 20. serial setting
   
   Key Name    Value Type  Default Value  Value            
                                          Description      
   
   baud        uint32      57600          Speed to use for 
                                          communication    
                                          over the serial  
                                          port.  Note that 
                                          this value       
                                          usually has no   
                                          effect for       
                                          mobile broadband 
                                          modems as they   
                                          generally ignore 
                                          speed settings   
                                          and use the      
                                          highest          
                                          available speed. 
   
   bits        uint32      8              Byte-width of    
                                          the serial       
                                          communication.   
                                          The 8 in "8n1"   
                                          for example.     
   
   name        string      serial         The setting's    
                                          name, which      
                                          uniquely         
                                          identifies the   
                                          setting within   
                                          the connection.  
                                          Each setting     
                                          type has a name  
                                          unique to that   
                                          type, for        
                                          example "ppp" or 
                                          "wireless" or    
                                          "wired".         
   
   parity      byte                       The connection   
                                          parity: 69       
                                          (ASCII 'E') for  
                                          even parity, 111 
                                          (ASCII 'o') for  
                                          odd, 110 (ASCII  
                                          'n') for none.   
   
   send-delay  uint64      0              Time to delay    
                                          between each     
                                          byte sent to the 
                                          modem, in        
                                          microseconds.    
   
   stopbits    uint32      1              Number of stop   
                                          bits for         
                                          communication on 
                                          the serial port. 
                                          Either 1 or 2.   
                                          The 1 in "8n1"   
                                          for example.     
   

   Table 21. team setting
   
   Key Name        Value Type  Default Value  Value                      
                                              Description                
   
   config          string                     The JSON                   
                                              configuration              
                                              for the team               
                                              network                    
                                              interface.  The            
                                              property should            
                                              contain raw JSON           
                                              configuration              
                                              data suitable              
                                              for teamd,                 
                                              because the                
                                              value is passed            
                                              directly to                
                                              teamd. If not              
                                              specified, the             
                                              default                    
                                              configuration is           
                                              used.  See man             
                                              teamd.conf for             
                                              the format                 
                                              details.                   
   
   interface-name  string                     Deprecated in              
                                              favor of                   
                                              connection.interface-name, 
                                              but can be used            
                                              for                        
                                              backward-compatibility     
                                              with older                 
                                              daemons, to set            
                                              the team's                 
                                              interface name.            
   
   name            string      team           The setting's name, which  
                                              uniquely identifies the    
                                              setting within the         
                                              connection.  Each setting  
                                              type has a name unique to  
                                              that type, for example     
                                              "ppp" or "wireless" or     
                                              "wired".                   
   

   Table 22. team-port setting
   
   Key Name  Value Type  Default Value  Value            
                                        Description      
   
   config    string                     The JSON         
                                        configuration    
                                        for the team     
                                        port. The        
                                        property should  
                                        contain raw JSON 
                                        configuration    
                                        data suitable    
                                        for teamd,       
                                        because the      
                                        value is passed  
                                        directly to      
                                        teamd. If not    
                                        specified, the   
                                        default          
                                        configuration is 
                                        used. See man    
                                        teamd.conf for   
                                        the format       
                                        details.         
   
   name      string      team-port      The setting's    
                                        name, which      
                                        uniquely         
                                        identifies the   
                                        setting within   
                                        the connection.  
                                        Each setting     
                                        type has a name  
                                        unique to that   
                                        type, for        
                                        example "ppp" or 
                                        "wireless" or    
                                        "wired".         
   

   Table 23. tun setting
   
   Key Name     Value Type  Default Value  Value                   
                                           Description             
   
   group        string                     The group ID            
                                           which will own          
                                           the device. If          
                                           set to NULL             
                                           everyone will be        
                                           able to use the         
                                           device.                 
   
   mode         uint32      1              The operating           
                                           mode of the             
                                           virtual device.         
                                           Allowed values          
                                           are                     
                                           NM_SETTING_TUN_MODE_TUN 
                                           (1) to create a         
                                           layer 3 device          
                                           and                     
                                           NM_SETTING_TUN_MODE_TAP 
                                           (2) to create an        
                                           Ethernet-like           
                                           layer 2 one.            
   
   multi-queue  boolean     FALSE          If the property is set  
                                           to TRUE, the interface  
                                           will support multiple   
                                           file descriptors        
                                           (queues) to parallelize 
                                           packet sending or       
                                           receiving. Otherwise,   
                                           the interface will only 
                                           support a single queue. 
   
   name         string      tun            The setting's name,     
                                           which uniquely          
                                           identifies the setting  
                                           within the connection.  
                                           Each setting type has a 
                                           name unique to that     
                                           type, for example "ppp" 
                                           or "wireless" or        
                                           "wired".                
   
   owner        string                     The user ID which will  
                                           own the device. If set  
                                           to NULL everyone will   
                                           be able to use the      
                                           device.                 
   
   pi           boolean     FALSE          If TRUE the interface   
                                           will prepend a 4 byte   
                                           header describing the   
                                           physical interface to   
                                           the packets.            
   
   vnet-hdr     boolean     FALSE          If TRUE the             
                                           IFF_VNET_HDR the tunnel 
                                           packets will include a  
                                           virtio network header.  
   

   Table 24. vlan setting
   
   Key Name              Value Type       Default Value  Value                         
                                                         Description                   
   
   egress-priority-map   array of string  []             For outgoing                  
                                                         packets, a list               
                                                         of mappings from              
                                                         Linux SKB                     
                                                         priorities to                 
                                                         802.1p                        
                                                         priorities.  The              
                                                         mapping is given              
                                                         in the format                 
                                                         "from:to" where               
                                                         both "from" and               
                                                         "to" are                      
                                                         unsigned                      
                                                         integers, ie                  
                                                         "7:3".                        
   
   flags                 NMVlanFlags                     One or more                   
                         (uint32)                        flags which                   
                                                         control the                   
                                                         behavior and                  
                                                         features of the               
                                                         VLAN interface.               
                                                         Flags include                 
                                                         NM_VLAN_FLAG_REORDER_HEADERS  
                                                         (0x1)                         
                                                         (reordering of                
                                                         output packet                 
                                                         headers),                     
                                                         NM_VLAN_FLAG_GVRP             
                                                         (0x2) (use of                 
                                                         the GVRP                      
                                                         protocol), and                
                                                         NM_VLAN_FLAG_LOOSE_BINDING    
                                                         (0x4) (loose                  
                                                         binding of the                
                                                         interface to its              
                                                         master device's               
                                                         operating                     
                                                         state).                       
                                                         NM_VLAN_FLAG_MVRP             
                                                         (0x8) (use of                 
                                                         the MVRP                      
                                                         protocol). The                
                                                         default value of              
                                                         this property is              
                                                         NM_VLAN_FLAG_REORDER_HEADERS, 
                                                         but it used to                
                                                         be 0. To                      
                                                         preserve                      
                                                         backward                      
                                                         compatibility,                
                                                         the                           
                                                         default-value in              
                                                         the D-Bus API                 
                                                         continues to be               
                                                         0 and a missing               
                                                         property on                   
                                                         D-Bus is still                
                                                         considered as 0.              
   
   id                    uint32           0              The VLAN identifier that the  
                                                         interface created by this     
                                                         connection should be          
                                                         assigned. The valid range is  
                                                         from 0 to 4094, without the   
                                                         reserved id 4095.             
   
   ingress-priority-map  array of string  []             For incoming packets, a list  
                                                         of mappings from 802.1p       
                                                         priorities to Linux SKB       
                                                         priorities.  The mapping is   
                                                         given in the format "from:to" 
                                                         where both "from" and "to"    
                                                         are unsigned integers, ie     
                                                         "7:3".                        
   
   interface-name        string                          Deprecated in favor of        
                                                         connection.interface-name,    
                                                         but can be used for           
                                                         backward-compatibility with   
                                                         older daemons, to set the     
                                                         vlan's interface name.        
   
   name                  string           vlan           The setting's name, which     
                                                         uniquely identifies the       
                                                         setting within the            
                                                         connection.  Each setting     
                                                         type has a name unique to     
                                                         that type, for example "ppp"  
                                                         or "wireless" or "wired".     
   
   parent                string                          If given, specifies the       
                                                         parent interface name or      
                                                         parent connection UUID from   
                                                         which this VLAN interface     
                                                         should be created.  If this   
                                                         property is not specified,    
                                                         the connection must contain   
                                                         an "802-3-ethernet" setting   
                                                         with a "mac-address"          
                                                         property.                     
   

   Table 25. vpn setting
   
   Key Name      Value Type      Default Value  Value                               
                                                Description                         
   
   data          dict of string  {}             Dictionary of                       
                 to string                      key/value pairs                     
                                                of VPN plugin                       
                                                specific data.                      
                                                Both keys and                       
                                                values must be                      
                                                strings.                            
   
   name          string          vpn            The setting's                       
                                                name, which                         
                                                uniquely                            
                                                identifies the                      
                                                setting within                      
                                                the connection.                     
                                                Each setting                        
                                                type has a name                     
                                                unique to that                      
                                                type, for                           
                                                example "ppp" or                    
                                                "wireless" or                       
                                                "wired".                            
   
   persistent    boolean         FALSE          If the VPN                          
                                                service supports                    
                                                persistence, and                    
                                                this property is                    
                                                TRUE, the VPN                       
                                                will attempt to                     
                                                stay connected                      
                                                across link                         
                                                changes and                         
                                                outages, until                      
                                                explicitly                          
                                                disconnected.                       
   
   secrets       dict of string  {}             Dictionary of                       
                 to string                      key/value pairs                     
                                                of VPN plugin                       
                                                specific secrets                    
                                                like passwords                      
                                                or private keys.                    
                                                Both keys and                       
                                                values must be                      
                                                strings.                            
   
   service-type  string                         D-Bus service                       
                                                name of the VPN                     
                                                plugin that this                    
                                                setting uses to                     
                                                connect to its                      
                                                network.  i.e.                      
                                                org.freedesktop.NetworkManager.vpnc 
                                                for the vpnc                        
                                                plugin.                             
   
   timeout       uint32          0              Timeout for the VPN service to      
                                                establish the connection. Some      
                                                services may take quite a long time 
                                                to connect. Value of 0 means a      
                                                default timeout, which is 60        
                                                seconds (unless overriden by        
                                                vpn.timeout in configuration file). 
                                                Values greater than zero mean       
                                                timeout in seconds.                 
   
   user-name     string                         If the VPN connection requires a    
                                                user name for authentication, that  
                                                name should be provided here.  If   
                                                the connection is available to more 
                                                than one user, and the VPN requires 
                                                each user to supply a different     
                                                name, then leave this property      
                                                empty.  If this property is empty,  
                                                NetworkManager will automatically   
                                                supply the username of the user     
                                                which requested the VPN connection. 
   

   Table 26. vxlan setting
   
   Key Name          Value Type  Default Value  Value            
                                                Description      
   
   ageing            uint32      300            Specifies the    
                                                lifetime in      
                                                seconds of FDB   
                                                entries learnt   
                                                by the kernel.   
   
   destination-port  uint32      8472           Specifies the    
                                                UDP destination  
                                                port to          
                                                communicate to   
                                                the remote VXLAN 
                                                tunnel endpoint. 
   
   id                uint32      0              Specifies the    
                                                VXLAN Network    
                                                Identifer (or    
                                                VXLAN Segment    
                                                Identifier) to   
                                                use.             
   
   l2-miss           boolean     FALSE          Specifies        
                                                whether netlink  
                                                LL ADDR miss     
                                                notifications    
                                                are generated.   
   
   l3-miss           boolean     FALSE          Specifies        
                                                whether netlink  
                                                IP ADDR miss     
                                                notifications    
                                                are generated.   
   
   learning          boolean     TRUE           Specifies        
                                                whether unknown  
                                                source link      
                                                layer addresses  
                                                and IP addresses 
                                                are entered into 
                                                the VXLAN device 
                                                forwarding       
                                                database.        
   
   limit             uint32      0              Specifies the    
                                                maximum number   
                                                of FDB entries.  
                                                A value of zero  
                                                means that the   
                                                kernel will      
                                                store unlimited  
                                                entries.         
   
   local             string                     If given,        
                                                specifies the    
                                                source IP        
                                                address to use   
                                                in outgoing      
                                                packets.         
   
   name              string      vxlan          The setting's    
                                                name, which      
                                                uniquely         
                                                identifies the   
                                                setting within   
                                                the connection.  
                                                Each setting     
                                                type has a name  
                                                unique to that   
                                                type, for        
                                                example "ppp" or 
                                                "wireless" or    
                                                "wired".         
   
   parent            string                     If given,        
                                                specifies the    
                                                parent interface 
                                                name or parent   
                                                connection UUID. 
   
   proxy             boolean     FALSE          Specifies        
                                                whether ARP      
                                                proxy is turned  
                                                on.              
   
   remote            string                     Specifies the    
                                                unicast          
                                                destination IP   
                                                address to use   
                                                in outgoing      
                                                packets when the 
                                                destination link 
                                                layer address is 
                                                not known in the 
                                                VXLAN device     
                                                forwarding       
                                                database, or the 
                                                multicast IP     
                                                address to join. 
   
   rsc               boolean     FALSE          Specifies        
                                                whether route    
                                                short circuit is 
                                                turned on.       
   
   source-port-max   uint32      0              Specifies the    
                                                maximum UDP      
                                                source port to   
                                                communicate to   
                                                the remote VXLAN 
                                                tunnel endpoint. 
   
   source-port-min   uint32      0              Specifies the    
                                                minimum UDP      
                                                source port to   
                                                communicate to   
                                                the remote VXLAN 
                                                tunnel endpoint. 
   
   tos               uint32      0              Specifies the    
                                                TOS value to use 
                                                in outgoing      
                                                packets.         
   
   ttl               uint32      0              Specifies the    
                                                time-to-live     
                                                value to use in  
                                                outgoing         
                                                packets.         
   

   Table 27. wimax setting
   
   Key Name      Value Type  Default Value  Value            
                                            Description      
   
   mac-address   byte array                 If specified,    
                                            this connection  
                                            will only apply  
                                            to the WiMAX     
                                            device whose MAC 
                                            address matches. 
                                            This property    
                                            does not change  
                                            the MAC address  
                                            of the device    
                                            (known as MAC    
                                            spoofing).       
                                            Deprecated: 1    
   
   name          string      wimax          The setting's    
                                            name, which      
                                            uniquely         
                                            identifies the   
                                            setting within   
                                            the connection.  
                                            Each setting     
                                            type has a name  
                                            unique to that   
                                            type, for        
                                            example "ppp" or 
                                            "wireless" or    
                                            "wired".         
   
   network-name  string                     Network Service  
                                            Provider (NSP)   
                                            name of the      
                                            WiMAX network    
                                            this connection  
                                            should use.      
                                            Deprecated: 1    
   

   Table 28. 802-3-ethernet setting
   
   Key Name                   Value Type       Default Value   Value                                  
                                                               Description                            
   
   assigned-mac-address       string                           The new field                          
                                                               for the cloned                         
                                                               MAC address. It                        
                                                               can be either a                        
                                                               hardware address                       
                                                               in ASCII                               
                                                               representation,                        
                                                               or one of the                          
                                                               special values                         
                                                               "preserve",                            
                                                               "permanent",                           
                                                               "random" or                            
                                                               "stable". This                         
                                                               field replaces                         
                                                               the deprecated                         
                                                               "cloned-mac-address"                   
                                                               on D-Bus, which                        
                                                               can only contain                       
                                                               explict hardware                       
                                                               addresses.                             
   
   auto-negotiate             boolean          TRUE            If TRUE, allow                         
                                                               auto-negotiation of                    
                                                               port speed and                         
                                                               duplex mode.  If                       
                                                               FALSE, do not allow                    
                                                               auto-negotiation, in                   
                                                               which case the                         
                                                               "speed" and "duplex"                   
                                                               properties should be                   
                                                               set.                                   
   
   cloned-mac-address         byte array                       This D-Bus field is                    
                                                               deprecated in favor                    
                                                               of                                     
                                                               "assigned-mac-address"                 
                                                               which is more                          
                                                               flexible and allows                    
                                                               specifying special                     
                                                               variants like                          
                                                               "random".                              
   
   duplex                     string                           If specified, request                  
                                                               that the device only                   
                                                               use the specified                      
                                                               duplex mode. Either                    
                                                               "half" or "full".                      
   
   generate-mac-address-mask  string                           With                                   
                                                               "cloned-mac-address"                   
                                                               setting "random" or                    
                                                               "stable", by default                   
                                                               all bits of the MAC                    
                                                               address are scrambled                  
                                                               and a                                  
                                                               locally-administered,                  
                                                               unicast MAC address is                 
                                                               created. This property                 
                                                               allows to specify that                 
                                                               certain bits are                       
                                                               fixed. Note that the                   
                                                               least significant bit                  
                                                               of the first MAC                       
                                                               address will always be                 
                                                               unset to create a                      
                                                               unicast MAC address.                   
                                                               If the property is                     
                                                               NULL, it is eligible                   
                                                               to be overwritten by a                 
                                                               default connection                     
                                                               setting. If the value                  
                                                               is still NULL or an                    
                                                               empty string, the                      
                                                               default is to create a                 
                                                               locally-administered,                  
                                                               unicast MAC address.                   
                                                               If the value contains                  
                                                               one MAC address, this                  
                                                               address is used as                     
                                                               mask. The set bits of                  
                                                               the mask are to be                     
                                                               filled with the                        
                                                               current MAC address of                 
                                                               the device, while the                  
                                                               unset bits are subject                 
                                                               to randomization.                      
                                                               Setting                                
                                                               "FE:FF:FF:00:00:00"                    
                                                               means to preserve the                  
                                                               OUI of the current MAC                 
                                                               address and only                       
                                                               randomize the lower 3                  
                                                               bytes using the                        
                                                               "random" or "stable"                   
                                                               algorithm. If the                      
                                                               value contains one                     
                                                               additional MAC address                 
                                                               after the mask, this                   
                                                               address is used                        
                                                               instead of the current                 
                                                               MAC address to fill                    
                                                               the bits that shall                    
                                                               not be randomized. For                 
                                                               example, a value of                    
                                                               "FE:FF:FF:00:00:00                     
                                                               68:F7:28:00:00:00"                     
                                                               will set the OUI of                    
                                                               the MAC address to                     
                                                               68:F7:28, while the                    
                                                               lower bits are                         
                                                               randomized. A value of                 
                                                               "02:00:00:00:00:00                     
                                                               00:00:00:00:00:00"                     
                                                               will create a fully                    
                                                               scrambled                              
                                                               globally-administered,                 
                                                               burned-in MAC address.                 
                                                               If the value contains                  
                                                               more then one                          
                                                               additional MAC                         
                                                               addresses, one of them                 
                                                               is chosen randomly.                    
                                                               For example,                           
                                                               "02:00:00:00:00:00                     
                                                               00:00:00:00:00:00                      
                                                               02:00:00:00:00:00"                     
                                                               will create a fully                    
                                                               scrambled MAC address,                 
                                                               randomly locally or                    
                                                               globally administered.                 
   
   mac-address                byte array                       If specified, this                     
                                                               connection will only                   
                                                               apply to the Ethernet                  
                                                               device whose permanent                 
                                                               MAC address matches.                   
                                                               This property does not                 
                                                               change the MAC address                 
                                                               of the device (i.e.                    
                                                               MAC spoofing).                         
   
   mac-address-blacklist      array of string  []              If specified, this                     
                                                               connection will never                  
                                                               apply to the Ethernet                  
                                                               device whose permanent                 
                                                               MAC address matches an                 
                                                               address in the list.                   
                                                               Each MAC address is in                 
                                                               the standard                           
                                                               hex-digits-and-colons                  
                                                               notation                               
                                                               (00:11:22:33:44:55).                   
   
   mtu                        uint32           0               If non-zero, only                      
                                                               transmit packets of                    
                                                               the specified size or                  
                                                               smaller, breaking                      
                                                               larger packets up into                 
                                                               multiple Ethernet                      
                                                               frames.                                
   
   name                       string           802-3-ethernet  The setting's name,                    
                                                               which uniquely                         
                                                               identifies the setting                 
                                                               within the connection.                 
                                                               Each setting type has                  
                                                               a name unique to that                  
                                                               type, for example                      
                                                               "ppp" or "wireless" or                 
                                                               "wired".                               
   
   port                       string                           Specific port type to                  
                                                               use if multiple the                    
                                                               device supports                        
                                                               multiple attachment                    
                                                               methods.  One of "tp"                  
                                                               (Twisted Pair), "aui"                  
                                                               (Attachment Unit                       
                                                               Interface), "bnc"                      
                                                               (Thin Ethernet) or                     
                                                               "mii" (Media                           
                                                               Independent Interface.                 
                                                               If the device supports                 
                                                               only one port type,                    
                                                               this setting is                        
                                                               ignored.                               
   
   s390-nettype               string                           s390 network device                    
                                                               type; one of "qeth",                   
                                                               "lcs", or "ctc",                       
                                                               representing the                       
                                                               different types of                     
                                                               virtual network                        
                                                               devices available on                   
                                                               s390 systems.                          
   
   s390-options               dict of string   {}              Dictionary of                          
                              to string                        key/value pairs of                     
                                                               s390-specific device                   
                                                               options.  Both keys                    
                                                               and values must be                     
                                                               strings.  Allowed keys                 
                                                               include "portno",                      
                                                               "layer2", "portname",                  
                                                               "protocol", among                      
                                                               others.  Key names                     
                                                               must contain only                      
                                                               alphanumeric                           
                                                               characters (ie,                        
                                                               [a-zA-Z0-9]).                          
   
   s390-subchannels           array of string  []              Identifies specific                    
                                                               subchannels that this                  
                                                               network device uses                    
                                                               for communication with                 
                                                               z/VM or s390 host.                     
                                                               Like the "mac-address"                 
                                                               property for non-z/VM                  
                                                               devices, this property                 
                                                               can be used to ensure                  
                                                               this connection only                   
                                                               applies to the network                 
                                                               device that uses these                 
                                                               subchannels.  The list                 
                                                               should contain exactly                 
                                                               3 strings, and each                    
                                                               string may only be                     
                                                               composed of                            
                                                               hexadecimal characters                 
                                                               and the period (.)                     
                                                               character.                             
   
   speed                      uint32           0               If non-zero, request                   
                                                               that the device use                    
                                                               only the specified                     
                                                               speed.  In Mbit/s, ie                  
                                                               100 == 100Mbit/s.                      
   
   wake-on-lan                uint32           1               The                                    
                                                               NMSettingWiredWakeOnLan                
                                                               options to enable. Not                 
                                                               all devices support                    
                                                               all options. May be                    
                                                               any combination of                     
                                                               NM_SETTING_WIRED_WAKE_ON_LAN_PHY       
                                                               (0x2),                                 
                                                               NM_SETTING_WIRED_WAKE_ON_LAN_UNICAST   
                                                               (0x4),                                 
                                                               NM_SETTING_WIRED_WAKE_ON_LAN_MULTICAST 
                                                               (0x8),                                 
                                                               NM_SETTING_WIRED_WAKE_ON_LAN_BROADCAST 
                                                               (0x10),                                
                                                               NM_SETTING_WIRED_WAKE_ON_LAN_ARP       
                                                               (0x20),                                
                                                               NM_SETTING_WIRED_WAKE_ON_LAN_MAGIC     
                                                               (0x40) or the special                  
                                                               values                                 
                                                               NM_SETTING_WIRED_WAKE_ON_LAN_DEFAULT   
                                                               (0x1) (to use global                   
                                                               settings) and                          
                                                               NM_SETTING_WIRED_WAKE_ON_LAN_IGNORE    
                                                               (0x8000) (to disable                   
                                                               management of                          
                                                               Wake-on-LAN in                         
                                                               NetworkManager).                       
   
   wake-on-lan-password       string                           If specified, the password used with   
                                                               magic-packet-based Wake-on-LAN,        
                                                               represented as an Ethernet MAC         
                                                               address.  If NULL, no password will be 
                                                               required.                              
   

   Table 29. 802-11-wireless setting
   
   Key Name                   Value Type       Default Value    Value                                 
                                                                Description                           
   
   assigned-mac-address       string                            The new field                         
                                                                for the cloned                        
                                                                MAC address. It                       
                                                                can be either a                       
                                                                hardware address                      
                                                                in ASCII                              
                                                                representation,                       
                                                                or one of the                         
                                                                special values                        
                                                                "preserve",                           
                                                                "permanent",                          
                                                                "random" or                           
                                                                "stable". This                        
                                                                field replaces                        
                                                                the deprecated                        
                                                                "cloned-mac-address"                  
                                                                on D-Bus, which                       
                                                                can only contain                      
                                                                explict hardware                      
                                                                addresses.                            
   
   band                       string                            802.11 frequency                      
                                                                band of the network.                  
                                                                One of "a" for 5GHz                   
                                                                802.11a or "bg" for                   
                                                                2.4GHz 802.11.  This                  
                                                                will lock                             
                                                                associations to the                   
                                                                Wi-Fi network to the                  
                                                                specific band, i.e.                   
                                                                if "a" is specified,                  
                                                                the device will not                   
                                                                associate with the                    
                                                                same network in the                   
                                                                2.4GHz band even if                   
                                                                the network's                         
                                                                settings are                          
                                                                compatible.  This                     
                                                                setting depends on                    
                                                                specific driver                       
                                                                capability and may                    
                                                                not work with all                     
                                                                drivers.                              
   
   bssid                      byte array                        If specified,                         
                                                                directs the device                    
                                                                to only associate                     
                                                                with the given                        
                                                                access point.  This                   
                                                                capability is highly                  
                                                                driver dependent and                  
                                                                not supported by all                  
                                                                devices.  Note: this                  
                                                                property does not                     
                                                                control the BSSID                     
                                                                used when creating                    
                                                                an Ad-Hoc network                     
                                                                and is unlikely to                    
                                                                in the future.                        
   
   channel                    uint32           0                Wireless channel to                   
                                                                use for the Wi-Fi                     
                                                                connection.  The                      
                                                                device will only                      
                                                                join (or create for                   
                                                                Ad-Hoc networks) a                    
                                                                Wi-Fi network on the                  
                                                                specified channel.                    
                                                                Because channel                       
                                                                numbers overlap                       
                                                                between bands, this                   
                                                                property also                         
                                                                requires the "band"                   
                                                                property to be set.                   
   
   cloned-mac-address         byte array                        This D-Bus field is                   
                                                                deprecated in favor                   
                                                                of                                    
                                                                "assigned-mac-address"                
                                                                which is more                         
                                                                flexible and allows                   
                                                                specifying special                    
                                                                variants like                         
                                                                "random".                             
   
   generate-mac-address-mask  string                            With                                  
                                                                "cloned-mac-address"                  
                                                                setting "random" or                   
                                                                "stable", by default                  
                                                                all bits of the MAC                   
                                                                address are scrambled                 
                                                                and a                                 
                                                                locally-administered,                 
                                                                unicast MAC address is                
                                                                created. This property                
                                                                allows to specify that                
                                                                certain bits are                      
                                                                fixed. Note that the                  
                                                                least significant bit                 
                                                                of the first MAC                      
                                                                address will always be                
                                                                unset to create a                     
                                                                unicast MAC address.                  
                                                                If the property is                    
                                                                NULL, it is eligible                  
                                                                to be overwritten by a                
                                                                default connection                    
                                                                setting. If the value                 
                                                                is still NULL or an                   
                                                                empty string, the                     
                                                                default is to create a                
                                                                locally-administered,                 
                                                                unicast MAC address.                  
                                                                If the value contains                 
                                                                one MAC address, this                 
                                                                address is used as                    
                                                                mask. The set bits of                 
                                                                the mask are to be                    
                                                                filled with the                       
                                                                current MAC address of                
                                                                the device, while the                 
                                                                unset bits are subject                
                                                                to randomization.                     
                                                                Setting                               
                                                                "FE:FF:FF:00:00:00"                   
                                                                means to preserve the                 
                                                                OUI of the current MAC                
                                                                address and only                      
                                                                randomize the lower 3                 
                                                                bytes using the                       
                                                                "random" or "stable"                  
                                                                algorithm. If the                     
                                                                value contains one                    
                                                                additional MAC address                
                                                                after the mask, this                  
                                                                address is used                       
                                                                instead of the current                
                                                                MAC address to fill                   
                                                                the bits that shall                   
                                                                not be randomized. For                
                                                                example, a value of                   
                                                                "FE:FF:FF:00:00:00                    
                                                                68:F7:28:00:00:00"                    
                                                                will set the OUI of                   
                                                                the MAC address to                    
                                                                68:F7:28, while the                   
                                                                lower bits are                        
                                                                randomized. A value of                
                                                                "02:00:00:00:00:00                    
                                                                00:00:00:00:00:00"                    
                                                                will create a fully                   
                                                                scrambled                             
                                                                globally-administered,                
                                                                burned-in MAC address.                
                                                                If the value contains                 
                                                                more then one                         
                                                                additional MAC                        
                                                                addresses, one of them                
                                                                is chosen randomly.                   
                                                                For example,                          
                                                                "02:00:00:00:00:00                    
                                                                00:00:00:00:00:00                     
                                                                02:00:00:00:00:00"                    
                                                                will create a fully                   
                                                                scrambled MAC address,                
                                                                randomly locally or                   
                                                                globally administered.                
   
   hidden                     boolean          FALSE            If TRUE, indicates                    
                                                                this network is a                     
                                                                non-broadcasting                      
                                                                network that hides its                
                                                                SSID.  In this case                   
                                                                various workarounds                   
                                                                may take place, such                  
                                                                as probe-scanning the                 
                                                                SSID for more reliable                
                                                                network discovery.                    
                                                                However, these                        
                                                                workarounds expose                    
                                                                inherent insecurities                 
                                                                with hidden SSID                      
                                                                networks, and thus                    
                                                                hidden SSID networks                  
                                                                should be used with                   
                                                                caution.                              
   
   mac-address                byte array                        If specified, this                    
                                                                connection will only                  
                                                                apply to the Wi-Fi                    
                                                                device whose permanent                
                                                                MAC address matches.                  
                                                                This property does not                
                                                                change the MAC address                
                                                                of the device (i.e.                   
                                                                MAC spoofing).                        
   
   mac-address-blacklist      array of string  []               A list of permanent                   
                                                                MAC addresses of Wi-Fi                
                                                                devices to which this                 
                                                                connection should                     
                                                                never apply.  Each MAC                
                                                                address should be                     
                                                                given in the standard                 
                                                                hex-digits-and-colons                 
                                                                notation (eg                          
                                                                "00:11:22:33:44:55").                 
   
   mac-address-randomization  uint32           0                One of                                
                                                                NM_SETTING_MAC_RANDOMIZATION_DEFAULT  
                                                                (0) (never randomize                  
                                                                unless the user has                   
                                                                set a global default                  
                                                                to randomize and the                  
                                                                supplicant supports                   
                                                                randomization),                       
                                                                NM_SETTING_MAC_RANDOMIZATION_NEVER    
                                                                (1) (never randomize                  
                                                                the MAC address), or                  
                                                                NM_SETTING_MAC_RANDOMIZATION_ALWAYS   
                                                                (2) (always randomize                 
                                                                the MAC address).                     
                                                                Deprecated: 1                         
   
   mode                       string                            Wi-Fi network mode; one of            
                                                                "infrastructure", "adhoc" or "ap".    
                                                                If blank, infrastructure is assumed.  
   
   mtu                        uint32           0                If non-zero, only transmit packets    
                                                                of the specified size or smaller,     
                                                                breaking larger packets up into       
                                                                multiple Ethernet frames.             
   
   name                       string           802-11-wireless  The setting's name, which uniquely    
                                                                identifies the setting within the     
                                                                connection.  Each setting type has a  
                                                                name unique to that type, for         
                                                                example "ppp" or "wireless" or        
                                                                "wired".                              
   
   powersave                  uint32           0                One of                                
                                                                NM_SETTING_WIRELESS_POWERSAVE_DISABLE 
                                                                (2) (disable Wi-Fi power saving),     
                                                                NM_SETTING_WIRELESS_POWERSAVE_ENABLE  
                                                                (3) (enable Wi-Fi power saving),      
                                                                NM_SETTING_WIRELESS_POWERSAVE_IGNORE  
                                                                (1) (don't touch currently configure  
                                                                setting) or                           
                                                                NM_SETTING_WIRELESS_POWERSAVE_DEFAULT 
                                                                (0) (use the globally configured      
                                                                value). All other values are          
                                                                reserved.                             
   
   rate                       uint32           0                If non-zero, directs the device to    
                                                                only use the specified bitrate for    
                                                                communication with the access point.  
                                                                Units are in Kb/s, ie 5500 = 5.5      
                                                                Mbit/s.  This property is highly      
                                                                driver dependent and not all devices  
                                                                support setting a static bitrate.     
   
   security                   None                              This property is deprecated, but can  
                                                                be set to the value                   
                                                                '802-11-wireless-security' when a     
                                                                wireless security setting is also     
                                                                present in the connection dictionary, 
                                                                for compatibility with very old       
                                                                NetworkManager daemons.               
   
   seen-bssids                array of string  []               A list of BSSIDs (each BSSID          
                                                                formatted as a MAC address like       
                                                                "00:11:22:33:44:55") that have been   
                                                                detected as part of the Wi-Fi         
                                                                network.  NetworkManager internally   
                                                                tracks previously seen BSSIDs. The    
                                                                property is only meant for reading    
                                                                and reflects the BSSID list of        
                                                                NetworkManager. The changes you make  
                                                                to this property will not be          
                                                                preserved.                            
   
   ssid                       byte array                        SSID of the Wi-Fi network. Must be    
                                                                specified.                            
   
   tx-power                   uint32           0                If non-zero, directs the device to    
                                                                use the specified transmit power.     
                                                                Units are dBm.  This property is      
                                                                highly driver dependent and not all   
                                                                devices support setting a static      
                                                                transmit power.                       
   

   Table 30. 802-11-wireless-security setting
   
   Key Name             Value Type            Default Value             Value                      
                                                                        Description                
   
   auth-alg             string                                          When WEP is used           
                                                                        (ie, key-mgmt =            
                                                                        "none" or                  
                                                                        "ieee8021x")               
                                                                        indicate the               
                                                                        802.11                     
                                                                        authentication             
                                                                        algorithm                  
                                                                        required by the            
                                                                        AP here.  One of           
                                                                        "open" for Open            
                                                                        System, "shared"           
                                                                        for Shared Key,            
                                                                        or "leap" for              
                                                                        Cisco LEAP.                
                                                                        When using Cisco           
                                                                        LEAP (ie,                  
                                                                        key-mgmt =                 
                                                                        "ieee8021x" and            
                                                                        auth-alg =                 
                                                                        "leap") the                
                                                                        "leap-username"            
                                                                        and                        
                                                                        "leap-password"            
                                                                        properties must            
                                                                        be specified.              
   
   group                array of string       []                        A list of                  
                                                                        group/broadcast            
                                                                        encryption                 
                                                                        algorithms which           
                                                                        prevents                   
                                                                        connections to             
                                                                        Wi-Fi networks             
                                                                        that do not                
                                                                        utilize one of             
                                                                        the algorithms             
                                                                        in the list.               
                                                                        For maximum                
                                                                        compatibility              
                                                                        leave this                 
                                                                        property empty.            
                                                                        Each list                  
                                                                        element may be             
                                                                        one of "wep40",            
                                                                        "wep104",                  
                                                                        "tkip", or                 
                                                                        "ccmp".                    
   
   key-mgmt             string                                          Key management             
                                                                        used for the               
                                                                        connection.  One           
                                                                        of "none" (WEP),           
                                                                        "ieee8021x"                
                                                                        (Dynamic WEP),             
                                                                        "wpa-none"                 
                                                                        (Ad-Hoc                    
                                                                        WPA-PSK),                  
                                                                        "wpa-psk"                  
                                                                        (infrastructure            
                                                                        WPA-PSK), or               
                                                                        "wpa-eap"                  
                                                                        (WPA-Enterprise).          
                                                                        This property              
                                                                        must be set for            
                                                                        any Wi-Fi                  
                                                                        connection that            
                                                                        uses security.             
   
   leap-password        string                                          The login                  
                                                                        password for               
                                                                        legacy LEAP                
                                                                        connections (ie,           
                                                                        key-mgmt =                 
                                                                        "ieee8021x" and            
                                                                        auth-alg =                 
                                                                        "leap").                   
   
   leap-password-flags  NMSettingSecretFlags                            Flags indicating           
                        (uint32)                                        how to handle the          
                                                                        "leap-password"            
                                                                        property. (see             
                                                                        the section                
                                                                        called "Secret             
                                                                        flag types:" for           
                                                                        flag values)               
   
   leap-username        string                                          The login                  
                                                                        username for               
                                                                        legacy LEAP                
                                                                        connections (ie,           
                                                                        key-mgmt =                 
                                                                        "ieee8021x" and            
                                                                        auth-alg =                 
                                                                        "leap").                   
   
   name                 string                802-11-wireless-security  The setting's              
                                                                        name, which                
                                                                        uniquely                   
                                                                        identifies the             
                                                                        setting within             
                                                                        the connection.            
                                                                        Each setting type          
                                                                        has a name unique          
                                                                        to that type, for          
                                                                        example "ppp" or           
                                                                        "wireless" or              
                                                                        "wired".                   
   
   pairwise             array of string       []                        A list of                  
                                                                        pairwise                   
                                                                        encryption                 
                                                                        algorithms which           
                                                                        prevents                   
                                                                        connections to             
                                                                        Wi-Fi networks             
                                                                        that do not                
                                                                        utilize one of             
                                                                        the algorithms in          
                                                                        the list. For              
                                                                        maximum                    
                                                                        compatibility              
                                                                        leave this                 
                                                                        property empty.            
                                                                        Each list element          
                                                                        may be one of              
                                                                        "tkip" or "ccmp".          
   
   proto                array of string       []                        List of strings            
                                                                        specifying the             
                                                                        allowed WPA                
                                                                        protocol versions          
                                                                        to use. Each               
                                                                        element may be             
                                                                        one "wpa" (allow           
                                                                        WPA) or "rsn"              
                                                                        (allow WPA2/RSN).          
                                                                        If not specified,          
                                                                        both WPA and RSN           
                                                                        connections are            
                                                                        allowed.                   
   
   psk                  string                                          Pre-Shared-Key             
                                                                        for WPA networks.          
                                                                        If the key is              
                                                                        64-characters              
                                                                        long, it must              
                                                                        contain only               
                                                                        hexadecimal                
                                                                        characters and is          
                                                                        interpreted as a           
                                                                        hexadecimal WPA            
                                                                        key.  Otherwise,           
                                                                        the key must be            
                                                                        between 8 and 63           
                                                                        ASCII characters           
                                                                        (as specified in           
                                                                        the 802.11i                
                                                                        standard) and is           
                                                                        interpreted as a           
                                                                        WPA passphrase,            
                                                                        and is hashed to           
                                                                        derive the actual          
                                                                        WPA-PSK used when          
                                                                        connecting to the          
                                                                        Wi-Fi network.             
   
   psk-flags            NMSettingSecretFlags                            Flags indicating           
                        (uint32)                                        how to handle the          
                                                                        "psk" property.            
                                                                        (see the section           
                                                                        called "Secret             
                                                                        flag types:" for           
                                                                        flag values)               
   
   wep-key-flags        NMSettingSecretFlags                            Flags indicating           
                        (uint32)                                        how to handle the          
                                                                        "wep-key0",                
                                                                        "wep-key1",                
                                                                        "wep-key2", and            
                                                                        "wep-key3"                 
                                                                        properties. (see           
                                                                        the section                
                                                                        called "Secret             
                                                                        flag types:" for           
                                                                        flag values)               
   
   wep-key-type         NMWepKeyType                                    Controls the               
                        (uint32)                                        interpretation of          
                                                                        WEP keys.                  
                                                                        Allowed values             
                                                                        are                        
                                                                        NM_WEP_KEY_TYPE_KEY        
                                                                        (1), in which              
                                                                        case the key is            
                                                                        either a 10- or            
                                                                        26-character               
                                                                        hexadecimal                
                                                                        string, or a 5-            
                                                                        or 13-character            
                                                                        ASCII password;            
                                                                        or                         
                                                                        NM_WEP_KEY_TYPE_PASSPHRASE 
                                                                        (2), in which              
                                                                        case the                   
                                                                        passphrase is              
                                                                        provided as a              
                                                                        string and will            
                                                                        be hashed using            
                                                                        the de-facto MD5           
                                                                        method to derive           
                                                                        the actual WEP             
                                                                        key.                       
   
   wep-key0             string                                          Index 0 WEP key.  This is  
                                                                        the WEP key used in most   
                                                                        networks.  See the         
                                                                        "wep-key-type" property    
                                                                        for a description of how   
                                                                        this key is interpreted.   
   
   wep-key1             string                                          Index 1 WEP key.  This WEP 
                                                                        index is not used by most  
                                                                        networks.  See the         
                                                                        "wep-key-type" property    
                                                                        for a description of how   
                                                                        this key is interpreted.   
   
   wep-key2             string                                          Index 2 WEP key.  This WEP 
                                                                        index is not used by most  
                                                                        networks.  See the         
                                                                        "wep-key-type" property    
                                                                        for a description of how   
                                                                        this key is interpreted.   
   
   wep-key3             string                                          Index 3 WEP key.  This WEP 
                                                                        index is not used by most  
                                                                        networks.  See the         
                                                                        "wep-key-type" property    
                                                                        for a description of how   
                                                                        this key is interpreted.   
   
   wep-tx-keyidx        uint32                0                         When static WEP is used    
                                                                        (ie, key-mgmt = "none")    
                                                                        and a non-default WEP key  
                                                                        index is used by the AP,   
                                                                        put that WEP key index     
                                                                        here.  Valid values are 0  
                                                                        (default key) through 3.   
                                                                        Note that some consumer    
                                                                        access points (like the    
                                                                        Linksys WRT54G) number the 
                                                                        keys 1 - 4.                
   

   Secret flag types:
   Each secret property in a setting has an associated flags property that
   describes how to handle that secret. The flags property is a bitfield
   that contains zero or more of the following values logically OR-ed
   together.

   *   0x0 (none) - the system is responsible for providing and storing
       this secret.

   *   0x1 (agent-owned) - a user-session secret agent is responsible for
       providing and storing this secret; when it is required, agents will
       be asked to provide it.

   *   0x2 (not-saved) - this secret should not be saved but should be
       requested from the user each time it is required. This flag should
       be used for One-Time-Pad secrets, PIN codes from hardware tokens,
       or if the user simply does not want to save the secret.

   *   0x4 (not-required) - in some situations it cannot be automatically
       determined that a secret is required or not. This flag hints that
       the secret is not required and should not be requested from the
       user.

FILES

   /etc/NetworkManager/system-connections or distro plugin-specific
   location

SEE ALSO

   NetworkManager(8), nmcli(1), nmcli-examples(7), NetworkManager.conf(5)





Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.





Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.


Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.





Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.


Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.





Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.


Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.