Lines Matching +full:com +full:- +full:mode
48 # run as non-root users. However, since the control interface can be used to
51 # want to allow non-root users to use the control interface, add a new group
68 # set using Security Descriptor String Format (see http://msdn.microsoft.com/
69 # library/default.asp?url=/library/en-us/secauthz/security/
72 # DACL (which will reject all connections). See README-Windows.txt for more
78 # wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
85 # defined in IEEE Std 802.1X-2010.
95 # the currently enabled networks are found, a new network (IBSS or AP mode
97 # 0: This mode must only be used when using wired Ethernet drivers
101 # enable operation with hidden SSIDs and optimized roaming; in this mode,
110 # When using IBSS or AP mode, ap_scan=2 mode can force the new network to be
111 # created immediately regardless of scan results. ap_scan=1 mode will first try
113 # networks are found, a new IBSS or AP mode network is created.
144 # Maximum number of peer links (0-255; default: 99)
153 # Enable 802.11s layer-2 routing and forwarding (dot11MeshForwarding)
156 # cert_in_cb - Whether to include a peer certificate dump in events
162 # EAP fast re-authentication
163 # By default, fast re-authentication is enabled for all EAP methods that
164 # support it. This variable can be used to disable fast re-authentication.
181 #pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
218 # Wi-Fi Protected Setup (WPS) parameters
223 #uuid=12345678-9abc-def0-1234-56789abcdef0
231 # User-friendly description of device; up to 32 octets encoded in UTF-8
251 # Used format: <categ>-<OUI>-<subcateg>
253 # OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for
255 # subcateg = OUI-specific Sub Category as an integer value
257 # 1-0050F204-1 (Computer / PC)
258 # 1-0050F204-2 (Computer / Server)
259 # 5-0050F204-1 (Storage / NAS)
260 # 6-0050F204-1 (Network Infrastructure / AP)
261 #device_type=1-0050F204-1
264 # 4-octet operating system version number (hex string)
285 # Whether to enable SAE (WPA3-Personal transition mode) automatically for
286 # WPA2-PSK credentials received using WPS.
287 # 0 = only add the explicitly listed WPA2-PSK configuration (default)
288 # 1 = add both the WPA2-PSK and SAE configuration and enable PMF so that the
289 # station gets configured in WPA3-Personal transition mode (supports both
290 # WPA2-Personal (PSK) and WPA3-Personal (SAE) APs).
332 #dpp_mud_url=https://example.com/mud
338 # of APs when using ap_scan=1 mode.
365 # filter_ssids - SSID-based scan result filtering
375 # File-based backend which reads passwords from a file. The parameter
387 # This timeout value is used in P2P GO mode to clean up
407 # with the global okc=1 parameter or with the per-network
409 # can be disabled with per-network proactive_key_caching=0 parameter.
415 # the global pmf=1/2 parameter or with the per-network ieee80211w=1/2 parameter.
417 # per-network ieee80211w parameter. This global default value does not apply
418 # for non-RSN networks (key_mgmt=NONE) since PMF is available only when using
434 # network configured with ieee80211w unset and key_mgmt=SAE WPA-PSK.
435 # In the example WPA-PSK will be used if the device does not support
442 # specification for WPA3-Personal transition mode.
443 # The WPA3 specification section 2.3 "WPA3-Personal transition mode" item 8
446 # to transition mode APs that do not advertise PMF support
452 # defined over a 256-bit prime order field, NIST P-256) is preferred and groups
453 # 20 (NIST P-384) and 21 (NIST P-521) are also enabled. If this parameter is
456 # http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9
459 # group 19 (ECC, NIST P-256) are unlikely to be useful for production use cases
464 # 0 = hunting-and-pecking loop only (default without password identifier)
465 # 1 = hash-to-element only (default with password identifier)
466 # 2 = both hunting-and-pecking loop and hash-to-element enabled
468 # hash-to-element mechanism has received more interoperability testing.
469 # When using SAE password identifier, the hash-to-element mechanism is used
509 # the per-network mac_addr parameter. Global mac_addr=1 can be used to
520 # MAC address policy for pre-association operations (scanning, ANQP)
565 # The available values are defined in IEEE Std 802.11-2016, 9.4.1.35.
592 # sent to not-associated AP; if associated, AP BSSID)
642 # (EAP-TLS). Full path to the file should be used since working
680 # imsi: IMSI in <MCC> | <MNC> | '-' | <MSIN> format
696 # need to be pre-configured with the credentials since the NAI Realm
711 # If roaming_consortium_len is non-zero, this field contains the
716 # pre-configured with the credential since the NAI Realm information
721 # If required_roaming_consortium_len is non-zero, this field contains the
734 # eap: Pre-configured EAP method
739 # phase1: Pre-configure Phase 1 (outer authentication) parameters
742 # phase2: Pre-configure Phase 2 (inner authentication) parameters
754 # (non-exact match means any subdomain matches the entry; priority is in
762 # the credential to find the PPS MO (./Wi-Fi/<provisioning_sp>).
788 # Format: <protocol>[:<comma-separated list of ports]
800 # 3 = require valid OCSP stapling response for all not-trusted
803 # sim_num: Identifier for which SIM to use in multi-SIM devices
808 # realm="example.com"
809 # username="user@example.com"
812 # domain="example.com"
816 # imsi="310026-000000000"
821 # realm="example.com"
825 # domain="example.com"
855 # Multi Band Operation (MBO) non-preferred channels
856 # A space delimited list of non-preferred channels where each channel is a colon
871 # Set BIT(0) to Enable OCE in non-AP STA mode (default; disabled if the driver
872 # does not indicate support for OCE in STA mode)
873 # Set BIT(1) to Enable OCE in STA-CFON mode
899 # - an ASCII string with double quotation
900 # - a hex string (two characters per octet of SSID)
901 # - a printf-escaped ASCII string P"<escaped string>"
905 # 1 = scan with SSID-specific Probe Request frames (this can be used to
930 # Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
934 # mode: IEEE 802.11 operation mode
935 # 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
936 # 1 = IBSS (ad-hoc, peer-to-peer)
939 # WPA-PSK (with proto=RSN). In addition, key_mgmt=WPA-NONE (fixed group key
941 # deprecated. WPA-None requires following network block options:
942 # proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
947 # channel for IBSS (adhoc) networks. It is ignored in the infrastructure mode.
955 # 2 = don't care (not allowed in AP mode)
956 # Used together with mode configuration. When mode is AP, it means to start a
957 # PCP instead of a regular AP. When mode is infrastructure it means connect
958 # to a PCP instead of AP. In this mode you can also specify 2 (don't care)
961 # For more details, see IEEE Std 802.11ad-2012.
964 # Space-separated list of frequencies in MHz to scan when searching for this
970 # Space-separated list of frequencies in MHz to allow for selecting the BSS. If
984 # simple - Periodic background scans based on signal strength
988 # bgscan="simple:30:-45:300"
989 # bgscan="simple:30:-45:300:3"
990 # learn - Learn channels used by the network and try to avoid bgscans on other
994 # bgscan="learn:30:-45:300:/etc/wpa_supplicant/network1.bgscan"
1009 # WPA-PSK = WPA pre-shared key (this requires 'psk' field)
1010 # WPA-EAP = WPA using EAP authentication
1014 # WPA-NONE = WPA-None for IBSS (deprecated; use proto=RSN key_mgmt=WPA-PSK
1016 # FT-PSK = Fast BSS Transition (IEEE 802.11r) with pre-shared key
1017 # FT-EAP = Fast BSS Transition (IEEE 802.11r) with EAP authentication
1018 # FT-EAP-SHA384 = Fast BSS Transition (IEEE 802.11r) with EAP authentication
1020 # WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms
1021 # WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms
1022 # SAE = Simultaneous authentication of equals; pre-shared key/password -based
1023 # authentication with stronger security than WPA-PSK especially when using
1024 # not that strong password; a.k.a. WPA3-Personal
1025 # FT-SAE = SAE with FT
1026 # WPA-EAP-SUITE-B = Suite B 128-bit level
1027 # WPA-EAP-SUITE-B-192 = Suite B 192-bit level
1029 # FILS-SHA256 = Fast Initial Link Setup with SHA256
1030 # FILS-SHA384 = Fast Initial Link Setup with SHA384
1031 # FT-FILS-SHA256 = FT and Fast Initial Link Setup with SHA256
1032 # FT-FILS-SHA384 = FT and Fast Initial Link Setup with SHA384
1035 # If not set, this defaults to: WPA-PSK WPA-EAP
1043 # PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256
1044 # PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256
1045 # (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used)
1046 # WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE
1049 # This is a countermeasure against multi-channel on-path attacks.
1064 # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
1071 # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
1073 # WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
1074 # WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
1078 # AES-128-CMAC = BIP-CMAC-128
1079 # BIP-GMAC-128
1080 # BIP-GMAC-256
1081 # BIP-CMAC-256
1085 # psk: WPA preshared key; 256-bit pre-shared key
1086 # The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
1091 # This field is not needed, if WPA-EAP is used.
1092 # Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
1105 # used, but psk follows the WPA-PSK constraints (8..63 characters) even though
1114 # Dynamic WEP key required for non-WPA mode
1126 # 1: MACsec enabled - Should secure, accept key server's advice to
1129 # macsec_integ_only: IEEE 802.1X/MACsec transmit mode
1131 # - macsec_policy is enabled
1132 # - the key server has decided to enable MACsec
1138 # - macsec_policy is enabled
1139 # - the key server has decided to enable MACsec
1147 # - macsec_replay_protect is enabled
1148 # - the key server has decided to enable MACsec
1150 # 1..2^32-1: number of packets that could be misordered
1152 # macsec_offload - Enable MACsec hardware offload
1155 # - the key server has decided to enable MACsec
1163 # Range: 1-65534 (default: 1)
1165 # mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
1166 # This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
1167 # In this mode, instances of wpa_supplicant can act as MACsec peers. The peer
1169 # mka_cak (CAK = Secure Connectivity Association Key) takes a 16-byte (128-bit)
1170 # hex-string (32 hex-digits) or a 32-byte (256-bit) hex-string (64 hex-digits)
1171 # mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string
1172 # (2..64 hex-digits)
1188 # Whether FT-EAP PMKSA caching is allowed
1189 # 0 = do not try to use PMKSA caching with FT-EAP (default)
1190 # 1 = try to use PMKSA caching with FT-EAP
1191 # This controls whether to try to use PMKSA caching with FT-EAP for the
1214 # group_rekey: Group rekeying time in seconds. This value, if non-zero, is used
1219 # eap: space-separated list of accepted EAP methods
1220 # MD5 = EAP-MD5 (insecure and does not generate keying material ->
1222 # with EAP-PEAP or EAP-TTLS)
1223 # MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
1224 # as a Phase 2 method with EAP-PEAP or EAP-TTLS)
1225 # OTP = EAP-OTP (cannot be used separately with WPA; to be used
1226 # as a Phase 2 method with EAP-PEAP or EAP-TTLS)
1227 # GTC = EAP-GTC (cannot be used separately with WPA; to be used
1228 # as a Phase 2 method with EAP-PEAP or EAP-TTLS)
1229 # TLS = EAP-TLS (client and server certificate)
1230 # PEAP = EAP-PEAP (with tunnelled EAP authentication)
1231 # TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
1237 # EAP-PSK/PAX/SAKE/GPSK.
1240 # identity, e.g., EAP-TTLS). This field can also be used with
1241 # EAP-SIM/AKA/AKA' to store the pseudonym identity.
1244 # (16-byte MD4 hash of password) in hash:<32 hex digits> format.
1246 # MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).
1247 # EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE (256-bit
1248 # PSK) is also configured using this field. For EAP-GPSK, this is a
1255 # EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
1259 # certificate (SHA-256 hash of the DER encoded X.509 certificate). In
1305 # /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
1315 # Example: EMAIL:server@example.com
1316 # Example: DNS:server.example.com;DNS:server2.example.com
1325 # at a time starting from the top-level domain and all the labels in
1327 # certificate may include additional sub-level labels in addition to the
1331 # separate the strings (e.g., example.org;example.com). When multiple
1336 # For example, domain_suffix_match=example.com would match
1337 # test.example.com but would not match test-example.com.
1345 # no subdomains or wildcard matches are allowed. Case-insensitive
1346 # comparison is used, so "Example.com" matches "example.com", but would
1347 # not match "test.Example.com".
1350 # separate the strings (e.g., example.org;example.com). When multiple
1355 # (string with field-value pairs, e.g., "peapver=0" or
1365 # tunneled EAP-Success. This is required with some RADIUS servers that
1366 # implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
1367 # Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
1371 # sim_min_num_chal=3 can be used to configure EAP-SIM to require three
1373 # result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use
1387 # EAP-WSC (WPS) uses following options: pin=<Device Password> or
1391 # used to configure a mode that allows EAP-Success (and EAP-Failure)
1400 # (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
1401 # "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS). "mschapv2_retry=0" can be
1404 # TLS-based methods can use the following parameters to control TLS behavior
1406 # phase2 parameter when EAP-TLS is used within the inner tunnel):
1407 # tls_allow_md5=1 - allow MD5-based certificate signatures (depending on the
1410 # tls_disable_time_checks=1 - ignore certificate validity time (this requests
1414 # tls_disable_session_ticket=1 - disable TLS Session Ticket extension
1415 # tls_disable_session_ticket=0 - allow TLS Session Ticket extension to be used
1416 # Note: If not set, this is automatically set to 1 for EAP-TLS/PEAP/TTLS
1419 # For EAP-FAST, this must be set to 0 (or left unconfigured for the
1421 # tls_disable_tlsv1_0=1 - disable use of TLSv1.0
1422 # tls_disable_tlsv1_0=0 - explicitly enable use of TLSv1.0 (this allows
1424 # tls_disable_tlsv1_1=1 - disable use of TLSv1.1 (a workaround for AAA servers
1426 # tls_disable_tlsv1_1=0 - explicitly enable use of TLSv1.1 (this allows
1428 # tls_disable_tlsv1_2=1 - disable use of TLSv1.2 (a workaround for AAA servers
1430 # tls_disable_tlsv1_2=0 - explicitly enable use of TLSv1.2 (this allows
1432 # tls_disable_tlsv1_3=1 - disable use of TLSv1.3 (a workaround for AAA servers
1434 # tls_disable_tlsv1_3=0 - enable TLSv1.3 (experimental - disabled by default)
1435 # tls_ext_cert_check=0 - No external server certificate validation (default)
1436 # tls_ext_cert_check=1 - External server certificate validation enabled; this
1438 # chain when receiving CTRL-RSP-EXT_CERT_CHECK event from the control
1440 # CTRL-RSP_EXT_CERT_CHECK.
1441 # tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
1442 # tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
1444 # allow_unsafe_renegotiation=1 - allow connection with a TLS server that does
1451 # authentication when using EAP-TTLS or EAP-PEAP.
1470 # Separate machine credentials can be configured for EAP-TEAP Phase 2 with
1477 # fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
1486 # 3 = require valid OCSP stapling response for all not-trusted
1493 # erp: Whether EAP Re-authentication Protocol (ERP) is enabled
1495 # EAP-FAST variables:
1502 # phase1: fast_provisioning option can be used to enable in-line provisioning
1503 # of EAP-FAST credentials (PAC):
1518 # number of authentication servers. Strict EAP conformance mode can be
1545 # DTIM period in Beacon intervals for AP mode (default: 2)
1551 # WPS in AP mode
1558 # 1-65535 = DH Group to use for FILS PFS
1583 # 1-65535: DH Group to use for OWE
1584 # Groups 19 (NIST P-256), 20 (NIST P-384), and 21 (NIST P-521) are
1588 # OWE-only mode (disable transition mode)
1589 # 0: enable transition mode (allow connection to either OWE or open BSS)
1590 # 1 = disable transition mode (allow connection only with OWE)
1599 # SHA256-based PTK derivation which will not work with the updated
1604 # The AP can notify authenticated stations to disable transition mode
1609 # disable transition mode and less secure security options. This
1613 # bit 0 (0x01): WPA3-Personal (i.e., disable WPA2-Personal = WPA-PSK
1615 # bit 1 (0x02): SAE-PK (disable SAE without use of SAE-PK)
1616 # bit 2 (0x04): WPA3-Enterprise (move to requiring PMF)
1620 # SAE-PK mode
1621 # 0: automatic SAE/SAE-PK selection based on password; enable
1622 # transition mode (allow SAE authentication without SAE-PK)
1623 # 1: SAE-PK only (disable transition mode; allow SAE authentication
1624 # only with SAE-PK)
1625 # 2: disable SAE-PK (allow SAE authentication only without SAE-PK)
1638 # disable_ht40: Whether HT-40 (802.11n) should be disabled.
1639 # 0 = HT-40 enabled (if AP supports it)
1640 # 1 = HT-40 disabled
1655 # Parsed as an array of bytes, in base-16 (ascii-hex)
1657 # ht_mcs="0xff 00 00 00 00 00 00 00 00 00 " // Use MCS 0-7 only
1658 # ht_mcs="0xff ff 00 00 00 00 00 00 00 00 " // Use MCS 0-15 only
1661 # -1 = Do not make any changes.
1662 # 0 = Enable MAX-AMSDU if hardware supports it.
1665 # ampdu_factor: Maximum A-MPDU Length Exponent
1666 # Value: 0-3, see 7.3.2.56.3 in IEEE Std 802.11n-2009.
1670 # -1 = Do not make any changes.
1671 # 0-3 = Set AMPDU density (aka factor) to specified value.
1674 # Value: 0-1, see IEEE Std 802.11-2016, 9.4.2.56.2.
1675 # -1 = Do not make any changes (default)
1680 # Value: 0-3, see IEEE Std 802.11-2016, 9.4.2.56.2.
1681 # -1 = Do not make any changes (default)
1694 # vht_rx_mcs_nss_1/2/3/4/5/6/7/8: override the MCS set for RX NSS 1-8
1695 # vht_tx_mcs_nss_1/2/3/4/5/6/7/8: override the MCS set for TX NSS 1-8
1696 # 0: MCS 0-7
1697 # 1: MCS 0-8
1698 # 2: MCS 0-9
1705 # multi_ap_backhaul_sta: Multi-AP backhaul STA functionality
1708 # A backhaul STA sends the Multi-AP IE, fails to associate if the AP does not
1709 # support Multi-AP, and sets 4-address mode if it does. Thus, the netdev can be
1712 # Multi-AP Profile
1713 # Indicate the supported Multi-AP profile
1714 # 1 = Supports Multi-AP profile 1 as defined in Wi-Fi EasyMesh specification
1715 # 2 = Supports Multi-AP profile 2 as defined in Wi-Fi EasyMesh specification
1727 # For details, see IEEE Std 802.11ad-2012.
1745 # disable_btm - Disable BSS transition management in STA
1750 # Enable EDMG capability in STA/AP mode, default value is false
1756 # In AP mode it defines the EDMG channel to use for AP operation.
1757 # In STA mode it defines the EDMG channel for connection (if supported by AP).
1767 # Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
1774 # Same as previous, but request SSID-specific scanning (for APs that reject
1783 # Only WPA-PSK is used. Any valid cipher combination is accepted.
1787 key_mgmt=WPA-PSK
1794 # WPA-Personal(PSK) with TKIP and enforcement for frequent PTK rekeying
1798 key_mgmt=WPA-PSK
1805 # Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
1810 key_mgmt=WPA-EAP
1814 identity="user@example.com"
1822 # EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
1826 key_mgmt=WPA-EAP
1828 identity="user@example.com"
1836 # EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
1840 key_mgmt=WPA-EAP
1842 identity="user@example.com"
1843 anonymous_identity="anonymous@example.com"
1849 # EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
1853 key_mgmt=WPA-EAP
1855 identity="user@example.com"
1856 anonymous_identity="anonymous@example.com"
1862 # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
1866 key_mgmt=WPA-EAP
1869 anonymous_identity="anonymous@example.com"
1880 # Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
1886 key_mgmt=WPA-PSK WPA-EAP
1892 # Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
1900 # EAP-SIM with a GSM SIM or USIM
1902 ssid="eap-sim-test"
1903 key_mgmt=WPA-EAP
1910 # EAP-PSK
1912 ssid="eap-psk-test"
1913 key_mgmt=WPA-EAP
1917 identity="eap_psk_user@example.com"
1922 # EAP-TLS for authentication and key generation; require both unicast and
1925 ssid="1x-test"
1928 identity="user@example.com"
1939 ssid="leap-example"
1946 # EAP-IKEv2 using shared secrets for both server and peer authentication
1948 ssid="ikev2-example"
1949 key_mgmt=WPA-EAP
1955 # EAP-FAST with WPA (WPA or WPA2)
1957 ssid="eap-fast-test"
1958 key_mgmt=WPA-EAP
1960 anonymous_identity="FAST-000102030405"
1964 pac_file="/etc/wpa_supplicant.eap-fast-pac"
1968 ssid="eap-fast-test"
1969 key_mgmt=WPA-EAP
1971 anonymous_identity="FAST-000102030405"
1975 pac_file="blob://eap-fast-pac"
1980 ssid="plaintext-test"
1987 ssid="static-wep-test"
2000 ssid="static-wep-test2"
2011 # IBSS/ad-hoc network with RSN
2013 ssid="ibss-rsn"
2014 key_mgmt=WPA-PSK
2017 mode=1
2023 # IBSS/ad-hoc network with WPA-None/TKIP (deprecated)
2026 mode=1
2029 key_mgmt=WPA-NONE
2038 mode=5
2046 mode=5
2057 key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
2062 identity="user@example.com"
2071 # Example of EAP-TLS with smartcard (openssl engine)
2074 key_mgmt=WPA-EAP
2079 identity="user@example.com"
2095 key_mgmt=WPA-EAP
2097 identity="user@example.com"
2098 anonymous_identity="anonymous@example.com"
2104 blob-base64-exampleblob={
2115 # Example configuration ignoring two APs - these will be ignored
2138 # Example configuration using EAP-TTLS for authentication and key
2144 anonymous_identity="anonymous@example.com"
2145 identity="user@example.com"