cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2adfbd9ea73fc04955d459a3e37101263067ebdb
server/usr/share/doc/netplan/netplan.html
cutemeli 2adfbd9ea7 .gitignore angepasst
2026-01-07 20:52:11 +01:00

2594 lines
166 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<title>&quot;Netplan reference&quot;</title>
<style>
html {
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 12px;
}
h1 {
font-size: 1.8em;
}
}
@media print {
html {
background-color: white;
}
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, Consolas, 'Lucida Console', monospace;
font-size: 85%;
margin: 0;
hyphens: manual;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
div.columns{display: flex; gap: min(4vw, 1.5em);}
div.column{flex: auto; overflow-x: auto;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
/* The extra [class] is a hack that increases specificity enough to
override a similar rule in reveal.js */
ul.task-list[class]{list-style: none;}
ul.task-list li input[type="checkbox"] {
font-size: inherit;
width: 0.8em;
margin: 0 0.8em 0.2em -1.6em;
vertical-align: middle;
}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
/* CSS for syntax highlighting */
pre > code.sourceCode { white-space: pre; position: relative; }
pre > code.sourceCode > span { line-height: 1.25; }
pre > code.sourceCode > span:empty { height: 1.2em; }
.sourceCode { overflow: visible; }
code.sourceCode > span { color: inherit; text-decoration: inherit; }
div.sourceCode { margin: 1em 0; }
pre.sourceCode { margin: 0; }
@media screen {
div.sourceCode { overflow: auto; }
}
@media print {
pre > code.sourceCode { white-space: pre-wrap; }
pre > code.sourceCode > span { text-indent: -5em; padding-left: 5em; }
}
pre.numberSource code
{ counter-reset: source-line 0; }
pre.numberSource code > span
{ position: relative; left: -4em; counter-increment: source-line; }
pre.numberSource code > span > a:first-child::before
{ content: counter(source-line);
position: relative; left: -1em; text-align: right; vertical-align: baseline;
border: none; display: inline-block;
-webkit-touch-callout: none; -webkit-user-select: none;
-khtml-user-select: none; -moz-user-select: none;
-ms-user-select: none; user-select: none;
padding: 0 4px; width: 4em;
color: #aaaaaa;
}
pre.numberSource { margin-left: 3em; border-left: 1px solid #aaaaaa; padding-left: 4px; }
div.sourceCode
{ }
@media screen {
pre > code.sourceCode > span > a:first-child::before { text-decoration: underline; }
}
code span.al { color: #ff0000; font-weight: bold; } /* Alert */
code span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
code span.at { color: #7d9029; } /* Attribute */
code span.bn { color: #40a070; } /* BaseN */
code span.bu { color: #008000; } /* BuiltIn */
code span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
code span.ch { color: #4070a0; } /* Char */
code span.cn { color: #880000; } /* Constant */
code span.co { color: #60a0b0; font-style: italic; } /* Comment */
code span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
code span.do { color: #ba2121; font-style: italic; } /* Documentation */
code span.dt { color: #902000; } /* DataType */
code span.dv { color: #40a070; } /* DecVal */
code span.er { color: #ff0000; font-weight: bold; } /* Error */
code span.ex { } /* Extension */
code span.fl { color: #40a070; } /* Float */
code span.fu { color: #06287e; } /* Function */
code span.im { color: #008000; font-weight: bold; } /* Import */
code span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
code span.kw { color: #007020; font-weight: bold; } /* Keyword */
code span.op { color: #666666; } /* Operator */
code span.ot { color: #007020; } /* Other */
code span.pp { color: #bc7a00; } /* Preprocessor */
code span.sc { color: #4070a0; } /* SpecialChar */
code span.ss { color: #bb6688; } /* SpecialString */
code span.st { color: #4070a0; } /* String */
code span.va { color: #19177c; } /* Variable */
code span.vs { color: #4070a0; } /* VerbatimString */
code span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
</style>
</head>
<body>
<header id="title-block-header">
<h1 class="title">"Netplan reference"</h1>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#yaml-configuration" id="toc-yaml-configuration">YAML
configuration</a>
<ul>
<li><a href="#top-level-configuration-structure"
id="toc-top-level-configuration-structure">Top-level configuration
structure</a></li>
<li><a href="#properties-for-physical-device-types"
id="toc-properties-for-physical-device-types">Properties for physical
device types</a></li>
<li><a href="#properties-for-all-device-types"
id="toc-properties-for-all-device-types">Properties for all device
types</a></li>
<li><a href="#dhcp-overrides" id="toc-dhcp-overrides">DHCP
Overrides</a></li>
<li><a href="#ipv6-router-advertisement-overrides"
id="toc-ipv6-router-advertisement-overrides">IPv6 Router Advertisement
Overrides</a></li>
<li><a href="#routing" id="toc-routing">Routing</a>
<ul>
<li><a href="#default-routes" id="toc-default-routes">Default
routes</a></li>
</ul></li>
<li><a href="#properties-for-device-type-ethernets"
id="toc-properties-for-device-type-ethernets">Properties for device type
<code>ethernets</code></a></li>
<li><a href="#properties-for-device-type-wifis"
id="toc-properties-for-device-type-wifis">Properties for device type
<code>wifis</code></a></li>
<li><a href="#properties-for-device-type-bridges"
id="toc-properties-for-device-type-bridges">Properties for device type
<code>bridges</code></a></li>
<li><a href="#properties-for-device-type-dummy-devices"
id="toc-properties-for-device-type-dummy-devices">Properties for device
type <code>dummy-devices</code></a></li>
<li><a href="#properties-for-device-type-bonds"
id="toc-properties-for-device-type-bonds">Properties for device type
<code>bonds</code></a></li>
<li><a href="#properties-for-device-type-virtual-ethernets"
id="toc-properties-for-device-type-virtual-ethernets">Properties for
device type <code>virtual-ethernets</code></a></li>
<li><a href="#properties-for-device-type-vlans"
id="toc-properties-for-device-type-vlans">Properties for device type
<code>vlans</code></a></li>
<li><a href="#properties-for-device-type-vrfs"
id="toc-properties-for-device-type-vrfs">Properties for device type
<code>vrfs</code></a></li>
<li><a href="#properties-for-device-type-nm-devices"
id="toc-properties-for-device-type-nm-devices">Properties for device
type <code>nm-devices</code></a></li>
<li><a href="#back-end-specific-configuration-parameters"
id="toc-back-end-specific-configuration-parameters">Back end-specific
configuration parameters</a></li>
</ul></li>
</ul>
</nav>
<h1 id="yaml-configuration">YAML configuration</h1>
<h2 id="top-level-configuration-structure">Top-level configuration
structure</h2>
<p>The general structure of a Netplan YAML file is shown below.</p>
<div class="sourceCode" id="cb1"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">version</span><span class="kw">:</span><span class="at"> NUMBER</span></span>
<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">renderer</span><span class="kw">:</span><span class="at"> STRING</span></span>
<span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bonds</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-5"><a href="#cb1-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bridges</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-6"><a href="#cb1-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dummy-devices</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-7"><a href="#cb1-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-8"><a href="#cb1-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">modems</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-9"><a href="#cb1-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tunnels</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-10"><a href="#cb1-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">virtual-ethernets</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-11"><a href="#cb1-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vlans</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-12"><a href="#cb1-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vrfs</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-13"><a href="#cb1-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">wifis</span><span class="kw">:</span><span class="at"> MAPPING</span></span>
<span id="cb1-14"><a href="#cb1-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">nm-devices</span><span class="kw">:</span><span class="at"> MAPPING</span></span></code></pre></div>
<ul>
<li><p><strong><code>version</code></strong> (number)</p>
<blockquote>
<p>Defines what version of the configuration format is used. The only
value supported is <code>2</code>. Defaults to <code>2</code> if not
defined.</p>
</blockquote></li>
<li><p><strong><code>renderer</code></strong> (scalar)</p>
<blockquote>
<p>Defines what network configuration tool will be used to set up your
configuration. Valid values are networkd and
<code>NetworkManager</code>. Defaults to networkd if not defined.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-bonds"><strong><code>bonds</code></strong></a>
(mapping)</p>
<blockquote>
<p>Creates and configures link aggregation (bonding) devices.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-bridges"><strong><code>bridges</code></strong></a>
(mapping)</p>
<blockquote>
<p>Creates and configures bridge devices.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-dummy-devices"><strong><code>dummy-devices</code></strong></a>
(mapping) since 0.107</p>
<blockquote>
<p>Creates and configures virtual devices.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-ethernets"><strong><code>ethernets</code></strong></a>
(mapping)</p>
<blockquote>
<p>Configures physical Ethernet interfaces.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-modems"><strong><code>modems</code></strong></a>
(mapping)</p>
<blockquote>
<p>Configures modems</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-tunnels"><strong><code>tunnels</code></strong></a>
(mapping)</p>
<blockquote>
<p>Creates and configures different types of virtual tunnels.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-virtual-ethernets"><strong><code>virtual-ethernets</code></strong></a>
(mapping) since 0.107</p>
<blockquote>
<p>Creates and configures Virtual Ethernet (<code>veth</code>)
devices.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-vlans"><strong><code>vlans</code></strong></a>
(mapping)</p>
<blockquote>
<p>Creates and configures VLANs.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-vrfs"><strong><code>vrfs</code></strong></a>
(mapping)</p>
<blockquote>
<p>Configures Virtual Routing and Forwarding (VRF) devices.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-wifis"><strong><code>wifis</code></strong></a>
(mapping)</p>
<blockquote>
<p>Configures physical Wi-Fi interfaces as <code>client</code>,
<code>adhoc</code> or <code>access point</code>.</p>
</blockquote></li>
<li><p><a
href="#properties-for-device-type-nm-devices"><strong><code>nm-devices</code></strong></a>
(mapping)</p>
<blockquote>
<p><code>nm-devices</code> are used in situations where Netplan doesnt
support the connection type. The raw configuration expected by
NetworkManager can be defined and will be passed as is
(<code>passthrough</code>) to the <code>.nmconnection</code> file. Users
will not normally use this type of device.</p>
</blockquote></li>
</ul>
<p>All the properties for all the device types will be described in the
next sections.</p>
<h2 id="properties-for-physical-device-types">Properties for physical
device types</h2>
<p>These properties are used with physical devices such as Ethernet and
Wi-Fi network interfaces.</p>
<p><strong>Note:</strong> Some options will not work reliably for
devices matched by name only and rendered by networkd, due to
interactions with device renaming in udev. Match devices by MAC when
setting options like: <code>wakeonlan</code> or
<code>*-offload</code>.</p>
<ul>
<li><p><strong><code>match</code></strong> (mapping)</p>
<blockquote>
<p>This selects a subset of available physical devices by various
hardware properties. The following configuration will then apply to all
matching devices, as soon as they appear. <em>All</em> specified
properties must match.</p>
</blockquote>
<ul>
<li><p><strong><code>name</code></strong> (scalar)</p>
<blockquote>
<p>Current interface name. Globs are supported, and the primary use case
for matching on names, as selecting one fixed name can be more easily
achieved with having no <code>match:</code> at all and just using the ID
(see above). (<code>NetworkManager</code>: as of v1.14.0)</p>
</blockquote></li>
<li><p><strong><code>macaddress</code></strong> (scalar)</p>
<blockquote>
<p>6-byte permanent MAC address of the device in the form
<code>XX:XX:XX:XX:XX:XX</code> or 20 bytes for InfiniBand devices
(IPoIB). Globs are not allowed. This doesnt match virtual MAC addresses
for <code>veth</code>, <code>bridge</code>, <code>bond</code>,
<code>vlan</code>, …</p>
</blockquote></li>
<li><p><strong><code>driver</code></strong> (scalar or sequence of
scalars) sequence since 0.104</p>
<blockquote>
<p>Kernel driver name, corresponding to the <code>DRIVER</code> udev
property. A sequence of globs is supported, any of which must match.
Matching on driver is <em>only</em> supported with networkd.</p>
</blockquote></li>
</ul>
<p>Examples:</p>
<ul>
<li><p>All cards on second PCI bus:</p>
<div class="sourceCode" id="cb2"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">myinterface</span><span class="kw">:</span></span>
<span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">match</span><span class="kw">:</span></span>
<span id="cb2-5"><a href="#cb2-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> enp2*</span></span></code></pre></div></li>
<li><p>Fixed MAC address:</p>
<div class="sourceCode" id="cb3"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb3-3"><a href="#cb3-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interface0</span><span class="kw">:</span></span>
<span id="cb3-4"><a href="#cb3-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">match</span><span class="kw">:</span></span>
<span id="cb3-5"><a href="#cb3-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">macaddress</span><span class="kw">:</span><span class="at"> 11:22:33:AA:BB:FF</span></span></code></pre></div></li>
<li><p>First card of driver <code>ixgbe</code>:</p>
<div class="sourceCode" id="cb4"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb4-2"><a href="#cb4-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb4-3"><a href="#cb4-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">nic0</span><span class="kw">:</span></span>
<span id="cb4-4"><a href="#cb4-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">match</span><span class="kw">:</span></span>
<span id="cb4-5"><a href="#cb4-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">driver</span><span class="kw">:</span><span class="at"> ixgbe</span></span>
<span id="cb4-6"><a href="#cb4-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> en*s0</span></span></code></pre></div></li>
<li><p>First card with a driver matching <code>bcmgenet</code> or
<code>smsc*</code>:</p>
<div class="sourceCode" id="cb5"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb5-2"><a href="#cb5-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb5-3"><a href="#cb5-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">nic0</span><span class="kw">:</span></span>
<span id="cb5-4"><a href="#cb5-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">match</span><span class="kw">:</span></span>
<span id="cb5-5"><a href="#cb5-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">driver</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="st">&quot;bcmgenet&quot;</span><span class="kw">,</span><span class="at"> </span><span class="st">&quot;smsc*&quot;</span><span class="kw">]</span></span>
<span id="cb5-6"><a href="#cb5-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> en*</span></span></code></pre></div></li>
</ul></li>
<li><p><strong><code>set-name</code></strong> (scalar)</p>
<blockquote>
<p>When matching on unique properties such as path or MAC, or with
additional assumptions such as “there will only ever be one Wi-Fi
device”, match rules can be written so that they only match one device.
Then this property can be used to give that device a more specific or
desirable name than the default from udev ifnames. Any additional device
that satisfies the match rules will then fail to get renamed and keep
the original kernel name (and <code>dmesg</code> will show an
error).</p>
</blockquote></li>
<li><p><strong><code>wakeonlan</code></strong> (boolean)</p>
<blockquote>
<p>Enable wake on LAN. Off by default.</p>
</blockquote></li>
<li><p><strong><code>emit-lldp</code></strong> (boolean) since
0.99</p>
<blockquote>
<p>(networkd back end only) Whether to emit LLDP packets. Off by
default.</p>
</blockquote></li>
<li><p><strong><code>receive-checksum-offload</code></strong> (boolean)
since 0.104</p>
<blockquote>
<p>(networkd back end only) If set to <code>true</code>
(<code>false</code>), the hardware offload for checksumming of ingress
network packets is enabled (disabled). When unset, the kernels default
will be used.</p>
</blockquote></li>
<li><p><strong><code>transmit-checksum-offload</code></strong> (boolean)
since 0.104</p>
<blockquote>
<p>(networkd back end only) If set to <code>true</code>
(<code>false</code>), the hardware offload for checksumming of egress
network packets is enabled (disabled). When unset, the kernels default
will be used.</p>
</blockquote></li>
<li><p><strong><code>tcp-segmentation-offload</code></strong> (boolean)
since 0.104</p>
<blockquote>
<p>(networkd back end only) If set to <code>true</code>
(<code>false</code>), the TCP Segmentation Offload (TSO) is enabled
(disabled). When unset, the kernels default will be used.</p>
</blockquote></li>
<li><p><strong><code>tcp6-segmentation-offload</code></strong> (boolean)
since 0.104</p>
<blockquote>
<p>(networkd back end only) If set to <code>true</code>
(<code>false</code>), the TCP6 Segmentation Offload
(<code>tx-tcp6-segmentation</code>) is enabled (disabled). When unset,
the kernels default will be used.</p>
</blockquote></li>
<li><p><strong><code>generic-segmentation-offload</code></strong>
(boolean) since 0.104</p>
<blockquote>
<p>(networkd back end only) If set to <code>true</code>
(<code>false</code>), the Generic Segmentation Offload (GSO) is enabled
(disabled). When unset, the kernels default will be used.</p>
</blockquote></li>
<li><p><strong><code>generic-receive-offload</code></strong> (boolean)
since 0.104</p>
<blockquote>
<p>(networkd back end only) If set to <code>true</code>
(<code>false</code>), the Generic Receive Offload (GRO) is enabled
(disabled). When unset, the kernels default will be used.</p>
</blockquote></li>
<li><p><strong><code>large-receive-offload</code></strong> (boolean)
since 0.104</p>
<blockquote>
<p>(networkd back end only) If set to <code>true</code>
(<code>false</code>), the Large Receive Offload (LRO) is enabled
(disabled). When unset, the kernels default will be used.</p>
</blockquote></li>
<li><p><strong><code>openvswitch</code></strong> (mapping) since
0.100</p>
<blockquote>
<p>This provides additional configuration for the
<code>openvswitch</code> network device. If Open vSwitch is not
available on the system, Netplan treats the presence of
<code>openvswitch</code> configuration as an error.</p>
<p>Any supported network device that is declared with the
<code>openvswitch</code> mapping (or any bond/bridge that includes an
interface with an <code>openvswitch</code> configuration) will be
created in <code>openvswitch</code> instead of the defined renderer. In
the case of a <code>vlan</code> definition declared the same way,
Netplan will create a fake VLAN bridge in <code>openvswitch</code> with
the requested <code>vlan</code> properties.</p>
</blockquote>
<ul>
<li><p><strong><code>external-ids</code></strong> (mapping) since
0.100</p>
<blockquote>
<p>Passed-through directly to Open vSwitch</p>
</blockquote></li>
<li><p><strong><code>other-config</code></strong> (mapping) since
0.100</p>
<blockquote>
<p>Passed-through directly to Open vSwitch</p>
</blockquote></li>
<li><p><strong><code>lacp</code></strong> (scalar) since 0.100</p>
<blockquote>
<p>Valid for bond interfaces. Accepts <code>active</code>,
<code>passive</code> or <code>off</code> (the default).</p>
</blockquote></li>
<li><p><strong><code>fail-mode</code></strong> (scalar) since
0.100</p>
<blockquote>
<p>Valid for bridge interfaces. Accepts <code>secure</code> or
<code>standalone</code> (the default).</p>
</blockquote></li>
<li><p><strong><code>mcast-snooping</code></strong> (boolean) since
0.100</p>
<blockquote>
<p>Valid for bridge interfaces. False by default.</p>
</blockquote></li>
<li><p><strong><code>protocols</code></strong> (sequence of scalars)
since 0.100</p>
<blockquote>
<p>Valid for bridge interfaces or the network section. List of protocols
to be used when negotiating a connection with the controller. Accepts
<code>OpenFlow10</code>, <code>OpenFlow11</code>,
<code>OpenFlow12</code>, <code>OpenFlow13</code>,
<code>OpenFlow14</code>, and <code>OpenFlow15</code>.</p>
</blockquote></li>
<li><p><strong><code>rstp</code></strong> (boolean) since 0.100</p>
<blockquote>
<p>Valid for bridge interfaces. False by default.</p>
</blockquote></li>
<li><p><strong><code>controller</code></strong> (mapping) since
0.100</p>
<blockquote>
<p>Valid for bridge interfaces. Specify an external OpenFlow
controller.</p>
</blockquote>
<ul>
<li><p><strong><code>addresses</code></strong> (sequence of scalars)</p>
<blockquote>
<p>Set the list of addresses to use for the controller targets. The
syntax of these addresses is as defined in
<strong><code>ovs-vsctl</code></strong>(8). Example: addresses:
<code>[tcp:127.0.0.1:6653, "ssl:[fe80::1234%eth0]:6653"]</code>.</p>
</blockquote></li>
<li><p><strong><code>connection-mode</code></strong> (scalar)</p>
<blockquote>
<p>Set the connection mode for the controller. Supported options are
<code>in-band</code> and <code>out-of-band</code>. The default is
<code>in-band</code>.</p>
</blockquote></li>
</ul></li>
<li><p><strong><code>ports</code></strong> (sequence of sequence of
scalars) since 0.100</p>
<blockquote>
<p>Open vSwitch patch ports. Each port is declared as a pair of names
which can be referenced as interfaces in dependent virtual devices
(bonds, bridges).</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb6"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a><span class="fu">openvswitch</span><span class="kw">:</span></span>
<span id="cb6-2"><a href="#cb6-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ports</span><span class="kw">:</span></span>
<span id="cb6-3"><a href="#cb6-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="kw">[</span><span class="at">patch0</span><span class="dv">-1</span><span class="kw">,</span><span class="at"> patch1-</span><span class="dv">0</span><span class="kw">]</span></span></code></pre></div></li>
<li><p><strong><code>ssl</code></strong> (mapping) since 0.100</p>
<blockquote>
<p>Valid for global <code>openvswitch</code> settings. Options for
configuring SSL server endpoint for the switch.</p>
</blockquote>
<ul>
<li><p><strong><code>ca-cert</code></strong> (scalar)</p>
<blockquote>
<p>Path to a file containing the CA certificate to be used.</p>
</blockquote></li>
<li><p><strong><code>certificate</code></strong> (scalar)</p>
<blockquote>
<p>Path to a file containing the server certificate.</p>
</blockquote></li>
<li><p><strong><code>private-key</code></strong> (scalar)</p>
<blockquote>
<p>Path to a file containing the private key for the server.</p>
</blockquote></li>
</ul></li>
</ul></li>
</ul>
<h2 id="properties-for-all-device-types">Properties for all device
types</h2>
<ul>
<li><p><strong><code>renderer</code></strong> (scalar)</p>
<blockquote>
<p>Use the given networking back end for this definition. Currently
supported are <code>networkd</code> and <code>NetworkManager</code>.
This property can be specified globally in <code>network:</code>, for a
device type (in e.g. <code>ethernets:</code>) or for a particular device
definition. Default is <code>networkd</code>.</p>
<p>(Since 0.99) The <code>renderer</code> property has one additional
acceptable value for VLAN objects (i.e. defined in <code>vlans:</code>):
<code>sriov</code>. If a VLAN is defined with the <code>sriov</code>
renderer for an SR-IOV Virtual Function interface, this causes Netplan
to set up a hardware VLAN filter for it. There can be only one defined
per VF.</p>
</blockquote></li>
<li><p><strong><code>dhcp4</code></strong> (boolean)</p>
<blockquote>
<p>Enable DHCP for IPv4. Off by default.</p>
</blockquote></li>
<li><p><strong><code>dhcp6</code></strong> (boolean)</p>
<blockquote>
<p>Enable DHCP for IPv6. Off by default. This covers both stateless DHCP
- where the DHCP server supplies information like DNS name servers but
not the IP address - and stateful DHCP, where the server provides both
the address and the other information.</p>
<p>If you are in an IPv6-only environment with completely stateless
auto-configuration (SLAAC with RDNSS), this option can be set to cause
the interface to be brought up. (Setting <code>accept-ra</code> alone is
not sufficient.) Auto-configuration will still honour the contents of
the router advertisement and only use DHCP if requested in the RA.</p>
<p>Note that <strong><code>rdnssd</code></strong>(8) is required to use
RDNSS with networkd. No extra software is required for
NetworkManager.</p>
</blockquote></li>
<li><p><strong><code>ipv6-mtu</code></strong> (scalar) since 0.98 &gt;
Set the IPv6 MTU (only supported with networkd back end). Note &gt; that
needing to set this is an unusual requirement. &gt; &gt;
<strong>Requires feature: <code>ipv6-mtu</code></strong></p></li>
<li><p><strong><code>ipv6-privacy</code></strong> (boolean)</p>
<blockquote>
<p>Enable IPv6 Privacy Extensions (RFC 4941) for the specified
interface, and prefer temporary addresses. Defaults to false - no
privacy extensions. There is currently no way to have a private address
but prefer the public address.</p>
</blockquote></li>
<li><p><strong><code>link-local</code></strong> (sequence of
scalars)</p>
<blockquote>
<p>Configure the link-local addresses to bring up. Valid options are
<code>ipv4</code> and <code>ipv6</code>, which respectively allow
enabling IPv4 and IPv6 link local addressing. If this field is not
defined, the default is to enable only IPv6 link-local addresses. If the
field is defined but configured as an empty set, IPv6 link-local
addresses are disabled as well as IPv4 link- local addresses.</p>
<p>This feature enables or disables link-local addresses for a protocol,
but the actual implementation differs per back end. On networkd, this
directly changes the behaviour and may add an extra address on an
interface. When using the NetworkManager back end, enabling link-local
has no effect if the interface also has DHCP enabled.</p>
</blockquote>
<p>Examples:</p>
<ul>
<li>Enable only IPv4 link-local: <code>link-local: [ ipv4 ]</code></li>
<li>Enable all link-local addresses:
<code>link-local: [ ipv4, ipv6 ]</code></li>
<li>Disable all link-local addresses: <code>link-local: [ ]</code></li>
</ul></li>
<li><p><strong><code>ignore-carrier</code></strong> (boolean) since
0.104</p>
<blockquote>
<p>(networkd back end only) Allow the specified interface to be
configured even if it has no carrier.</p>
</blockquote></li>
<li><p><strong><code>critical</code></strong> (boolean)</p>
<blockquote>
<p>Designate the connection as “critical to the system”, meaning that
special care will be taken by to not release the assigned IP when the
daemon is restarted. (not recognised by NetworkManager)</p>
</blockquote></li>
<li><p><strong><code>dhcp-identifier</code></strong> (scalar)</p>
<blockquote>
<p>(networkd back end only) Sets the source of DHCP (v4) client
identifier. If <code>mac</code> is specified, the MAC address of the
link is used. If this option is omitted, or if <code>duid</code> is
specified, networkd will generate an RFC4361-compliant client identifier
for the interface by combining the links IAID and DUID.</p>
</blockquote></li>
<li><p><strong><code>dhcp4-overrides</code></strong> (mapping)</p>
<blockquote>
<p>(networkd back end only) Overrides default DHCP behaviour; see the
<code>DHCP Overrides</code> section below.</p>
</blockquote></li>
<li><p><strong><code>dhcp6-overrides</code></strong> (mapping)</p>
<blockquote>
<p>(networkd back end only) Overrides default DHCP behaviour; see the
<code>DHCP Overrides</code> section below.</p>
</blockquote></li>
<li><p><strong><code>accept-ra</code></strong> (boolean)</p>
<blockquote>
<p>Accept Router Advertisement that would have the kernel configure IPv6
by itself. When enabled, accept Router Advertisements. When disabled, do
not respond to Router Advertisements. If unset use the host kernel
default setting.</p>
</blockquote></li>
<li><p><strong><code>ra-overrides</code></strong> (mapping) since
1.1</p>
<blockquote>
<p>(networkd back end only) Overrides default IPv6 Router Advertisement
(RA) behaviour; see the <code>IPv6 Router Advertisement Overrides</code>
section below.</p>
</blockquote></li>
<li><p><strong><code>addresses</code></strong> (sequence of scalars and
mappings)</p>
<blockquote>
<p>Add static addresses to the interface in addition to the ones
received through DHCP or RA. Each sequence entry is in CIDR notation,
i.e. of the form <code>addr/prefixlen</code>. <code>addr</code> is an
IPv4 or IPv6 address as recognised by
<strong><code>inet_pton</code></strong>(3) and <code>prefixlen</code>
the number of bits of the subnet.</p>
<p>For virtual devices (bridges, bonds, VLAN) if there is no address
configured and DHCP is disabled, the interface may still be brought
online, but will not be addressable from the network.</p>
<p>In addition to the addresses themselves one can specify configuration
parameters as mappings. Current supported options are:</p>
</blockquote>
<ul>
<li><p><strong><code>lifetime</code></strong> (scalar) since 0.100</p>
<blockquote>
<p>Default: <code>forever</code>. This can be <code>forever</code> or
<code>0</code> and corresponds to the <code>PreferredLifetime</code>
option in the <code>Address</code> section of
<code>systemd-networkd</code>. Currently supported on the networkd back
end only.</p>
</blockquote></li>
<li><p><strong><code>label</code></strong> (scalar) since 0.100</p>
<blockquote>
<p>An IP address label, equivalent to the <code>ip address label</code>
command. Currently supported on the networkd back end only.</p>
</blockquote></li>
</ul>
<p>Examples:</p>
<ul>
<li><p>Simple:
<code>addresses: [192.168.14.2/24, "2001:1::1/64"]</code></p></li>
<li><p>Advanced:</p>
<div class="sourceCode" id="cb7"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb7-2"><a href="#cb7-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb7-3"><a href="#cb7-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth0</span><span class="kw">:</span></span>
<span id="cb7-4"><a href="#cb7-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">addresses</span><span class="kw">:</span></span>
<span id="cb7-5"><a href="#cb7-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="st">&quot;10.0.0.15/24&quot;</span><span class="kw">:</span></span>
<span id="cb7-6"><a href="#cb7-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">lifetime</span><span class="kw">:</span><span class="at"> </span><span class="dv">0</span></span>
<span id="cb7-7"><a href="#cb7-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">label</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;maas&quot;</span></span>
<span id="cb7-8"><a href="#cb7-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="st">&quot;2001:1::1/64&quot;</span></span></code></pre></div></li>
</ul></li>
<li><p><strong><code>ipv6-address-generation</code></strong> (scalar)
since 0.99</p>
<blockquote>
<p>Configure method for creating the address for use with RFC4862 IPv6
Stateless Address Auto-configuration. Possible values are
<code>eui64</code> or <code>stable-privacy</code>.</p>
</blockquote></li>
<li><p><strong><code>ipv6-address-token</code></strong> (scalar) since
0.100</p>
<blockquote>
<p>Define an IPv6 address token for creating a static interface
identifier for IPv6 Stateless Address Auto-configuration. This is
mutually exclusive with <code>ipv6-address-generation</code>.</p>
</blockquote></li>
<li><p><strong><code>gateway4</code></strong>,
<strong><code>gateway6</code></strong> (scalar)</p>
<blockquote>
<p>Deprecated, see <a href="#default-routes">Default routes</a>. Set
default gateway for IPv4/6, for manual address configuration. This
requires setting <code>addresses</code> too. Gateway IP addresses must
be in a form recognised by <strong><code>inet_pton</code></strong>(3).
There should only be a single gateway per IP address family set in your
global configuration, to make it unambiguous. If you need multiple
default routes, please define them via <code>routing-policy</code>.</p>
</blockquote>
<p>Examples</p>
<ul>
<li>IPv4: <code>gateway4: 172.16.0.1</code></li>
<li>IPv6: <code>gateway6: "2001:4::1"</code></li>
</ul></li>
<li><p><strong><code>nameservers</code></strong> (mapping)</p>
<blockquote>
<p>Set DNS servers and search domains, for manual address configuration.
There are two supported fields: <code>addresses:</code> is a list of
IPv4 or IPv6 addresses similar to <code>gateway*</code>, and
<code>search:</code> is a list of search domains.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb8"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb8-2"><a href="#cb8-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb8-3"><a href="#cb8-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">id0</span><span class="kw">:</span></span>
<span id="cb8-4"><a href="#cb8-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span>
<span id="cb8-5"><a href="#cb8-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">nameservers</span><span class="kw">:</span></span>
<span id="cb8-6"><a href="#cb8-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">search</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">lab</span><span class="kw">,</span><span class="at"> home</span><span class="kw">]</span></span>
<span id="cb8-7"><a href="#cb8-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">addresses</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="fl">8.8.8.8</span><span class="kw">,</span><span class="at"> </span><span class="st">&quot;FEDC::1&quot;</span><span class="kw">]</span></span></code></pre></div></li>
<li><p><strong><code>macaddress</code></strong> (scalar)</p>
<blockquote>
<p>Set the devices MAC address. The MAC address must be in the form
“XX:XX:XX:XX:XX:XX”. The following special options are also accepted:
<code>permanent</code> and <code>random</code>. In addition to these
options, the NetworkManager renderer also accepts <code>stable</code>,
<code>stable-ssid</code> (Wi-Fi only) and <code>preserve</code>.</p>
<p><strong>Note:</strong> This will not work reliably for devices
matched by name only and rendered by networkd, due to interactions with
device renaming in udev. Match devices by MAC when setting MAC
addresses.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb9"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb9-1"><a href="#cb9-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb9-2"><a href="#cb9-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb9-3"><a href="#cb9-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">id0</span><span class="kw">:</span></span>
<span id="cb9-4"><a href="#cb9-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">match</span><span class="kw">:</span></span>
<span id="cb9-5"><a href="#cb9-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">macaddress</span><span class="kw">:</span><span class="at"> 52:54:00:6b:3c:58</span></span>
<span id="cb9-6"><a href="#cb9-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span>
<span id="cb9-7"><a href="#cb9-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">macaddress</span><span class="kw">:</span><span class="at"> 52:54:00:6b:3c:59</span></span></code></pre></div></li>
<li><p><strong><code>mtu</code></strong> (scalar)</p>
<blockquote>
<p>Set the Maximum Transmission Unit for the interface. The default is
1500. Valid values depend on your network interface.</p>
<p><strong>Note:</strong> This will not work reliably for devices
matched by name only and rendered by networkd, due to interactions with
device renaming in udev. Match devices by MAC when setting MTU.</p>
</blockquote></li>
<li><p><strong><code>optional</code></strong> (boolean)</p>
<blockquote>
<p>An optional device is not required for booting. Normally, networkd
will wait some time for device to become configured before proceeding
with booting. However, if a device is marked as optional, networkd will
not wait for it. This is <em>only</em> supported by networkd, and the
default is false.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb10"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb10-1"><a href="#cb10-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb10-2"><a href="#cb10-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb10-3"><a href="#cb10-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth7</span><span class="kw">:</span></span>
<span id="cb10-4"><a href="#cb10-4" aria-hidden="true" tabindex="-1"></a><span class="co"> # this is plugged into a test network that is often</span></span>
<span id="cb10-5"><a href="#cb10-5" aria-hidden="true" tabindex="-1"></a><span class="co"> # down - don&#39;t wait for it to come up during boot.</span></span>
<span id="cb10-6"><a href="#cb10-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb10-7"><a href="#cb10-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">optional</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span></code></pre></div></li>
<li><p><strong><code>optional-addresses</code></strong> (sequence of
scalars)</p>
<blockquote>
<p>Specify types of addresses that are not required for a device to be
considered online. This changes the behaviour of back ends at boot time
to avoid waiting for addresses that are marked optional, and thus
consider the interface as “usable” sooner. This does not disable these
addresses, which will be brought up anyway.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb11"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb11-1"><a href="#cb11-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb11-2"><a href="#cb11-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb11-3"><a href="#cb11-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth7</span><span class="kw">:</span></span>
<span id="cb11-4"><a href="#cb11-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb11-5"><a href="#cb11-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp6</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb11-6"><a href="#cb11-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">optional-addresses</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at"> ipv4-ll</span><span class="kw">,</span><span class="at"> dhcp6 </span><span class="kw">]</span></span></code></pre></div></li>
<li><p><strong><code>activation-mode</code></strong> (scalar) since
0.103</p>
<blockquote>
<p>Allows specifying the management policy of the selected interface. By
default, Netplan brings up any configured interface if possible. Using
the <code>activation-mode</code> setting users can override that
behaviour by either specifying <code>manual</code>, to hand over control
over the interface state to the administrator or (for networkd back end
<em>only</em>) <code>off</code> to force the link in a down state at all
times. Any interface with <code>activation-mode</code> defined is
implicitly considered <code>optional</code>. Supported officially as of
networkd v248+.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb12"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb12-1"><a href="#cb12-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb12-2"><a href="#cb12-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb12-3"><a href="#cb12-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth1</span><span class="kw">:</span></span>
<span id="cb12-4"><a href="#cb12-4" aria-hidden="true" tabindex="-1"></a><span class="co"> # this interface will not be put into an UP state automatically</span></span>
<span id="cb12-5"><a href="#cb12-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb12-6"><a href="#cb12-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">activation-mode</span><span class="kw">:</span><span class="at"> manual</span></span></code></pre></div></li>
<li><p><strong><code>routes</code></strong> (sequence of mappings)</p>
<blockquote>
<p>Configure static routing for the device; see the <code>Routing</code>
section below.</p>
</blockquote></li>
<li><p><strong><code>routing-policy</code></strong> (sequence of
mappings)</p>
<blockquote>
<p>Configure policy routing for the device; see the <code>Routing</code>
section below.</p>
</blockquote></li>
<li><p><strong><code>neigh-suppress</code></strong> (scalar) since
0.105</p>
<blockquote>
<p>Takes a boolean. Configures whether ARP and ND neighbour suppression
is enabled for this bridge port. When unset, the kernels default will
be used.</p>
</blockquote></li>
<li><p><strong><code>hairpin</code></strong> (scalar) since
<strong>1.0</strong></p>
<blockquote>
<p>Takes a boolean. Configures whether traffic may be sent back out of
the bridge port on which it was received. When this flag is false, then
the bridge does not forward traffic back out of the receiving port. When
unset, the back end <code>default</code> is used.</p>
</blockquote></li>
<li><p><strong><code>port-mac-learning</code></strong> (scalar) since
<strong>1.0</strong></p>
<blockquote>
<p>Takes a boolean. Configures whether MAC address learning is enabled
for this bridge port. When unset, the kernel default is used. Currently
supported on the <code>networkd</code> back end only.</p>
</blockquote></li>
</ul>
<h2 id="dhcp-overrides">DHCP Overrides</h2>
<p>Several DHCP behaviour overrides are available. Most currently only
have any effect when using the <code>networkd</code> back end, with the
exception of <code>use-routes</code> and <code>route-metric</code>.</p>
<p>Overrides only have an effect if the corresponding <code>dhcp4</code>
or <code>dhcp6</code> is set to <code>true</code>.</p>
<p>If both <code>dhcp4</code> and <code>dhcp6</code> are
<code>true</code>, the networkd back end requires that
<code>dhcp4-overrides</code> and <code>dhcp6-overrides</code> contain
the same keys and values. If the values do not match, an error will be
shown and the network configuration will not be applied.</p>
<p>When using the NetworkManager back end, different values may be
specified for <code>dhcp4-overrides</code> and
<code>dhcp6-overrides</code>, and will be applied to the DHCP client
processes as specified in the Netplan YAML.</p>
<ul>
<li><p><strong><code>dhcp4-overrides</code></strong>,
<strong><code>dhcp6-overrides</code></strong> (mapping)</p>
<blockquote>
<p>The <code>dhcp4-overrides</code> and <code>dhcp6-override</code>
mappings override the default DHCP behaviour.</p>
</blockquote>
<ul>
<li><p><strong><code>use-dns</code></strong> (boolean)</p>
<blockquote>
<p>Default: <code>true</code>. When <code>true</code>, the DNS servers
received from the DHCP server will be used and take precedence over any
statically configured ones. Currently only has an effect on the networkd
back end.</p>
</blockquote></li>
<li><p><strong><code>use-ntp</code></strong> (boolean)</p>
<blockquote>
<p>Default: <code>true</code>. When <code>true</code>, the NTP servers
received from the DHCP server will be used by
<code>systemd-timesyncd</code> and take precedence over any statically
configured ones. Currently only has an effect on the networkd back
end.</p>
</blockquote></li>
<li><p><strong><code>send-hostname</code></strong> (boolean)</p>
<blockquote>
<p>Default: <code>true</code>. When <code>true</code>, the machine
hostname will be sent to the DHCP server. Currently only has an effect
on the networkd back end.</p>
</blockquote></li>
<li><p><strong><code>use-hostname</code></strong> (boolean)</p>
<blockquote>
<p>Default: <code>true</code>. When <code>true</code>, the hostname
received from the DHCP server will be set as the transient hostname of
the system. Currently only has an effect on the networkd back end.</p>
</blockquote></li>
<li><p><strong><code>use-mtu</code></strong> (boolean)</p>
<blockquote>
<p>Default: <code>true</code>. When <code>true</code>, the MTU received
from the DHCP server will be set as the MTU of the network interface.
When <code>false</code>, the MTU advertised by the DHCP server will be
ignored. Currently only has an effect on the networkd back end.</p>
</blockquote></li>
<li><p><strong><code>hostname</code></strong> (scalar)</p>
<blockquote>
<p>Use this value for the hostname which is sent to the DHCP server,
instead of machines hostname. Currently only has an effect on the
networkd back end.</p>
</blockquote></li>
<li><p><strong><code>use-routes</code></strong> (boolean)</p>
<blockquote>
<p>Default: <code>true</code>. When <code>true</code>, the routes
received from the DHCP server will be installed in the routing table
normally. When set to <code>false</code>, routes from the DHCP server
will be ignored: in this case, the user is responsible for adding static
routes if necessary for correct network operation. This allows users to
avoid installing a default gateway for interfaces configured via DHCP.
Available for both the networkd and <code>NetworkManager</code> back
ends.</p>
</blockquote></li>
<li><p><strong><code>route-metric</code></strong> (scalar)</p>
<blockquote>
<p>Use this value for default metric for automatically-added routes. Use
this to prioritise routes for devices by setting a lower metric on a
preferred interface. Available for both the networkd and NetworkManager
back ends.</p>
</blockquote></li>
<li><p><strong><code>use-domains</code></strong> (scalar) since
0.98</p>
<blockquote>
<p>Takes a boolean, or the special value <code>route</code>. When true,
the domain name received from the DHCP server will be used as DNS search
domain over this link, similar to the effect of the
<code>Domains=</code> setting. If set to <code>route</code>, the domain
name received from the DHCP server will be used for routing DNS queries
only, but not for searching, similar to the effect of the
<code>Domains=</code> setting when the argument is prefixed with
<code>~</code> (tilde).</p>
<p><strong>Requires feature: <code>dhcp-use-domains</code></strong></p>
</blockquote></li>
</ul></li>
</ul>
<h2 id="ipv6-router-advertisement-overrides">IPv6 Router Advertisement
Overrides</h2>
<p>Overrides for IPv6 Router Advertisement (RA) behaviour (only
supported with networkd back end).</p>
<ul>
<li><p><strong><code>ra-overrides</code></strong> (mapping) since
1.1</p>
<blockquote>
<p>The <code>ra-overrides</code> mappings override the default IPv6
Router Advertisement behaviour.</p>
</blockquote>
<ul>
<li><p><strong><code>use-dns</code></strong> (boolean)</p>
<blockquote>
<p>Default: <code>true</code>. When <code>true</code>, the DNS servers
received from the Router Advertisement will be used. Currently only has
an effect on the networkd back end.</p>
</blockquote></li>
<li><p><strong><code>use-domains</code></strong> (scalar)</p>
<blockquote>
<p>Takes a boolean, or the special value <code>route</code>. When true,
the domain name received from the Router Advertisement will be used as
DNS search domain over this link. If set to <code>route</code>, the
domain name received from the IPv6 RA will be used for routing DNS
queries only, but not for searching. Defaults to <code>false</code>.</p>
</blockquote></li>
<li><p><strong><code>table</code></strong> (scalar)</p>
<blockquote>
<p>The routing table number for routes received in the IPv6 RA. Allowed
values are positive integers starting from 1. Some values are already in
use to refer to specific routing tables: see
<code>{/etc,/usr/share}/iproute2/rt_tables</code>.</p>
</blockquote></li>
</ul></li>
</ul>
<h2 id="routing">Routing</h2>
<p>Complex routing is possible with Netplan. Standard static routes as
well as policy routing using routing tables are supported via the
networkd back end.</p>
<p>These options are available for all types of interfaces.</p>
<h3 id="default-routes">Default routes</h3>
<p>The most common need for routing concerns the definition of default
routes to reach the wider internet. Those default routes can only
defined once per IP family and routing table. A typical example would
look like the following:</p>
<div class="sourceCode" id="cb13"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb13-1"><a href="#cb13-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb13-2"><a href="#cb13-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb13-3"><a href="#cb13-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth0</span><span class="kw">:</span></span>
<span id="cb13-4"><a href="#cb13-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span>
<span id="cb13-5"><a href="#cb13-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">routes</span><span class="kw">:</span></span>
<span id="cb13-6"><a href="#cb13-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">to</span><span class="kw">:</span><span class="at"> default</span><span class="co"> # could be 0.0.0.0/0 optionally</span></span>
<span id="cb13-7"><a href="#cb13-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">via</span><span class="kw">:</span><span class="at"> </span><span class="fl">10.0.0.1</span></span>
<span id="cb13-8"><a href="#cb13-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">metric</span><span class="kw">:</span><span class="at"> </span><span class="dv">100</span></span>
<span id="cb13-9"><a href="#cb13-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">on-link</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb13-10"><a href="#cb13-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">advertised-mss</span><span class="kw">:</span><span class="at"> </span><span class="dv">1400</span></span>
<span id="cb13-11"><a href="#cb13-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">to</span><span class="kw">:</span><span class="at"> default</span><span class="co"> # could be ::/0 optionally</span></span>
<span id="cb13-12"><a href="#cb13-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">via</span><span class="kw">:</span><span class="at"> cf02:de:ad:be:ef::2</span></span>
<span id="cb13-13"><a href="#cb13-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth1</span><span class="kw">:</span></span>
<span id="cb13-14"><a href="#cb13-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span>
<span id="cb13-15"><a href="#cb13-15" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">routes</span><span class="kw">:</span></span>
<span id="cb13-16"><a href="#cb13-16" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">to</span><span class="kw">:</span><span class="at"> default</span></span>
<span id="cb13-17"><a href="#cb13-17" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">via</span><span class="kw">:</span><span class="at"> </span><span class="fl">172.134.67.1</span></span>
<span id="cb13-18"><a href="#cb13-18" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">metric</span><span class="kw">:</span><span class="at"> </span><span class="dv">100</span></span>
<span id="cb13-19"><a href="#cb13-19" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">on-link</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb13-20"><a href="#cb13-20" aria-hidden="true" tabindex="-1"></a><span class="co"> # Not on the main routing table,</span></span>
<span id="cb13-21"><a href="#cb13-21" aria-hidden="true" tabindex="-1"></a><span class="co"> # does not conflict with the eth0 default route</span></span>
<span id="cb13-22"><a href="#cb13-22" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">table</span><span class="kw">:</span><span class="at"> </span><span class="dv">76</span></span></code></pre></div>
<ul>
<li><p><strong><code>routes</code></strong> (mapping)</p>
<blockquote>
<p>The <code>routes</code> block defines standard static routes for an
interface. At least <code>to</code> must be specified. If type is
<code>local</code> or <code>nat</code> a default scope of
<code>host</code> is assumed. If type is <code>unicast</code> and no
gateway (<code>via</code>) is given or type is <code>broadcast</code>,
<code>multicast</code> or <code>anycast</code> a default scope of
<code>link</code> is assumed. Otherwise, a <code>global</code> scope is
the default setting.</p>
<p>For <code>from</code>, <code>to</code> and <code>via</code>, both
IPv4 and IPv6 addresses are recognised, and must be in the form
<code>addr/prefixlen</code> or <code>addr</code>.</p>
</blockquote>
<ul>
<li><p><strong><code>from</code></strong> (scalar)</p>
<blockquote>
<p>Set a source IP address for traffic going through the route.
(NetworkManager: as of v1.8.0)</p>
</blockquote></li>
<li><p><strong><code>to</code></strong> (scalar)</p>
<blockquote>
<p>Destination address for the route.</p>
</blockquote></li>
<li><p><strong><code>via</code></strong> (scalar)</p>
<blockquote>
<p>Address to the gateway to use for this route.</p>
</blockquote></li>
<li><p><strong><code>on-link</code></strong> (boolean)</p>
<blockquote>
<p>When set to <code>true</code>, specifies that the route is directly
connected to the interface. (<code>NetworkManager</code>: as of v1.12.0
for IPv4 and v1.18.0 for IPv6)</p>
</blockquote></li>
<li><p><strong><code>metric</code></strong> (scalar)</p>
<blockquote>
<p>The relative priority of the route. Must be a positive integer
value.</p>
</blockquote></li>
<li><p><strong><code>type</code></strong> (scalar)</p>
<blockquote>
<p>The type of route. Valid options are <code>unicast</code> (default),
<code>anycast</code>, <code>blackhole</code>, <code>broadcast</code>,
<code>local</code>, <code>multicast</code>, <code>nat</code>,
<code>prohibit</code>, <code>throw</code>, <code>unreachable</code> or
<code>xresolve</code>.</p>
</blockquote></li>
<li><p><strong><code>scope</code></strong> (scalar)</p>
<blockquote>
<p>The route scope, how wide-ranging it is to the network. Possible
values are <code>global</code>, <code>link</code>, or <code>host</code>.
Applies to IPv4 only.</p>
</blockquote></li>
<li><p><strong><code>table</code></strong> (scalar)</p>
<blockquote>
<p>The table number to use for the route. In some scenarios, it may be
useful to set routes in a separate routing table. It may also be used to
refer to routing policy rules which also accept a <code>table</code>
parameter. Allowed values are positive integers starting from 1. Some
values are already in use to refer to specific routing tables: see
<code>/etc/iproute2/rt_tables</code>. (<code>NetworkManager</code>: as
of v1.10.0)</p>
</blockquote></li>
<li><p><strong><code>mtu</code></strong> (scalar) since 0.101</p>
<blockquote>
<p>The MTU to be used for the route, in bytes. Must be a positive
integer value.</p>
</blockquote></li>
<li><p><strong><code>congestion-window</code></strong> (scalar) since
0.102</p>
<blockquote>
<p>The congestion window to be used for the route, represented by number
of segments. Must be a positive integer value.</p>
</blockquote></li>
<li><p><strong><code>advertised-receive-window</code></strong> (scalar)
since 0.102</p>
<blockquote>
<p>The receive window to be advertised for the route, represented by
number of segments. Must be a positive integer value.</p>
</blockquote></li>
<li><p><strong><code>advertised-mss</code></strong> (scalar) since
1.1</p>
<blockquote>
<p>The Maximum MSS (Maximal Segment Size) to advertise to these
destinations when establishing TCP connections. If it is not given,
Linux uses a default value calculated from the first hop device MTU.
Must be a positive integer.</p>
</blockquote></li>
</ul></li>
<li><p><strong><code>routing-policy</code></strong> (mapping)</p>
<blockquote>
<p>The <code>routing-policy</code> block defines extra routing policy
for a network, where traffic may be handled specially based on the
source IP, firewall marking, etc.</p>
<p>For <code>from</code>, <code>to</code>, both IPv4 and IPv6 addresses
are recognised, and must be in the form <code>addr/prefixlen</code> or
<code>addr</code>.</p>
</blockquote>
<ul>
<li><p><strong><code>from</code></strong> (scalar)</p>
<blockquote>
<p>Set a source IP address to match traffic for this policy rule.</p>
</blockquote></li>
<li><p><strong><code>to</code></strong> (scalar)</p>
<blockquote>
<p>Match on traffic going to the specified destination.</p>
</blockquote></li>
<li><p><strong><code>table</code></strong> (scalar)</p>
<blockquote>
<p>The table number to match for the route. In some scenarios, it may be
useful to set routes in a separate routing table. It may also be used to
refer to routes which also accept a <code>table</code> parameter.
Allowed values are positive integers starting from <code>1</code>. Some
values are already in use to refer to specific routing tables: see
<code>/etc/iproute2/rt_tables</code>.</p>
</blockquote></li>
<li><p><strong><code>priority</code></strong> (scalar)</p>
<blockquote>
<p>Specify a priority for the routing policy rule, to influence the
order in which routing rules are processed. A higher number means lower
priority: rules are processed in order by increasing priority number.
Specifying an explicit, unique, priority for each routing policy rule is
strongly recommended and is mandatory on the <code>NetworkManager</code>
back-end.</p>
</blockquote></li>
<li><p><strong><code>mark</code></strong> (scalar)</p>
<blockquote>
<p>Have this routing policy rule match on traffic that has been marked
by the iptables firewall with this value. Allowed values are positive
integers starting from <code>1</code>.</p>
</blockquote></li>
<li><p><strong><code>type-of-service</code></strong> (scalar)</p>
<blockquote>
<p>Match this policy rule based on the type of service number applied to
the traffic.</p>
</blockquote></li>
</ul></li>
</ul>
<p>(yaml-auth)= ## Authentication</p>
<p>Netplan supports advanced authentication settings for Ethernet and
Wi-Fi interfaces, as well as individual Wi-Fi networks, by means of the
<code>auth</code> block.</p>
<ul>
<li><p><strong><code>auth</code></strong> (mapping)</p>
<blockquote>
<p>Specifies authentication settings for a device of type
<code>ethernets:</code>, or an <code>access-points:</code> entry on a
<code>wifis:</code> device.</p>
<p>The <code>auth</code> block supports the following properties:</p>
</blockquote>
<ul>
<li><p><strong><code>key-management</code></strong> (scalar)</p>
<blockquote>
<p>The supported key management modes are <code>none</code> (no key
management); <code>psk</code> (WPA with pre-shared key, common for home
Wi-Fi); <code>psk-sha256</code> (WPA2 with pre-shared key, common for
home Wi-Fi); <code>eap</code> (WPA with EAP, common for enterprise
Wi-Fi); <code>eap-sha256</code> (used with WPA3-Enterprise);
<code>eap-suite-b-192</code> (used with WPA3-Enterprise);
<code>sae</code> (used by WPA3); and <code>802.1x</code> (used primarily
for wired Ethernet connections).</p>
</blockquote></li>
<li><p><strong><code>password</code></strong> (scalar)</p>
<blockquote>
<p>The password string for EAP, or the pre-shared key for WPA-PSK.</p>
</blockquote>
<p>The following properties can be used if <code>key-management</code>
is <code>eap</code> or <code>802.1x</code>:</p></li>
<li><p><strong><code>method</code></strong> (scalar)</p>
<blockquote>
<p>The EAP method to use. The supported EAP methods are <code>tls</code>
(TLS), <code>peap</code> (Protected EAP), <code>leap</code> (Lightweight
EAP), <code>pwd</code> (EAP Password) and <code>ttls</code> (Tunnelled
TLS).</p>
</blockquote></li>
<li><p><strong><code>identity</code></strong> (scalar)</p>
<blockquote>
<p>The identity to use for EAP.</p>
</blockquote></li>
<li><p><strong><code>anonymous-identity</code></strong> (scalar)</p>
<blockquote>
<p>The identity to pass over the unencrypted channel if the chosen EAP
method supports passing a different tunnelled identity.</p>
</blockquote></li>
<li><p><strong><code>ca-certificate</code></strong> (scalar)</p>
<blockquote>
<p>Path to a file with one or more trusted certificate authority (CA)
certificates.</p>
</blockquote></li>
<li><p><strong><code>client-certificate</code></strong> (scalar)</p>
<blockquote>
<p>Path to a file containing the certificate to be used by the client
during authentication.</p>
</blockquote></li>
<li><p><strong><code>client-key</code></strong> (scalar)</p>
<blockquote>
<p>Path to a file containing the private key corresponding to
<code>client-certificate</code>.</p>
</blockquote></li>
<li><p><strong><code>client-key-password</code></strong> (scalar)</p>
<blockquote>
<p>Password to use to decrypt the private key specified in
<code>client-key</code> if it is encrypted.</p>
</blockquote></li>
<li><p><strong><code>phase2-auth</code></strong> (scalar) since
0.99</p>
<blockquote>
<p>Phase 2 authentication mechanism.</p>
</blockquote></li>
</ul></li>
</ul>
<h2 id="properties-for-device-type-ethernets">Properties for device type
<code>ethernets</code></h2>
<p><strong><code>Status</code></strong>: Optional.</p>
<p><strong><code>Purpose</code></strong>: Use the <code>ethernets</code>
key to configure Ethernet interfaces.</p>
<p><strong><code>Structure</code></strong>: The key consists of a
mapping of Ethernet interface IDs. Each <code>ethernet</code> has a
number of configuration options. You dont need to define each interface
by their name inside the <code>ethernets</code> mapping. You can use any
ID that describes the interface and match the actual network card using
the <code>match</code> key. The general configuration structure for
Ethernet is shown below.</p>
<div class="sourceCode" id="cb14"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb14-1"><a href="#cb14-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb14-2"><a href="#cb14-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb14-3"><a href="#cb14-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">device-id</span><span class="kw">:</span></span>
<span id="cb14-4"><a href="#cb14-4" aria-hidden="true" tabindex="-1"></a><span class="at"> ...</span></span></code></pre></div>
<p><code>device-id</code> is the interface identifier. If you use the
interface name as the ID, Netplan will match that interface.</p>
<p>Consider the example below. In this case, an interface called
<code>eth0</code> will be configured with DHCP.</p>
<div class="sourceCode" id="cb15"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb15-1"><a href="#cb15-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb15-2"><a href="#cb15-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb15-3"><a href="#cb15-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth0</span><span class="kw">:</span></span>
<span id="cb15-4"><a href="#cb15-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span></code></pre></div>
<p>The <code>device-id</code> can be any descriptive name your find
meaningful. Although, if it doesnt match a real interface name, you
must use the property <code>match</code> to identify the device you want
to configure.</p>
<p>The example below defines an Ethernet connection called
<code>isp-interface</code> (supposedly an external interface connected
to the Internet Service Provider) and uses <code>match</code> to apply
the configuration to the physical device with MAC address
<code>aa:bb:cc:00:11:22</code>.</p>
<div class="sourceCode" id="cb16"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb16-1"><a href="#cb16-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb16-2"><a href="#cb16-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb16-3"><a href="#cb16-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">isp-interface</span><span class="kw">:</span></span>
<span id="cb16-4"><a href="#cb16-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">match</span><span class="kw">:</span></span>
<span id="cb16-5"><a href="#cb16-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">macaddress</span><span class="kw">:</span><span class="at"> aa:bb:cc:00:11:22</span></span>
<span id="cb16-6"><a href="#cb16-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span></code></pre></div>
<p>Ethernet device definitions, beyond common ones described above, also
support some additional properties that can be used for SR-IOV
devices.</p>
<ul>
<li><p><strong><code>link</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>(SR-IOV devices only) The <code>link</code> property declares the
device as a Virtual Function of the selected Physical Function device,
as identified by the given Netplan ID.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb17"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb17-1"><a href="#cb17-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb17-2"><a href="#cb17-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb17-3"><a href="#cb17-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">enp1</span><span class="kw">:</span><span class="at"> </span><span class="kw">{</span><span class="at">...</span><span class="kw">}</span></span>
<span id="cb17-4"><a href="#cb17-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">enp1s16f1</span><span class="kw">:</span></span>
<span id="cb17-5"><a href="#cb17-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">link</span><span class="kw">:</span><span class="at"> enp1</span></span></code></pre></div></li>
<li><p><strong><code>virtual-function-count</code></strong> (scalar)
since 0.99</p>
<blockquote>
<p>(SR-IOV devices only) In certain special cases VFs might need to be
configured outside of Netplan. For such configurations
<code>virtual-function-count</code> can be optionally used to set an
explicit number of Virtual Functions for the given Physical Function. If
unset, the default is to create only as many VFs as are defined in the
Netplan configuration. This should be used for special cases only.</p>
<p><strong>Requires feature: <code>sriov</code></strong></p>
</blockquote></li>
<li><p><strong><code>embedded-switch-mode</code></strong> (scalar)
since 0.104</p>
<blockquote>
<p>(SR-IOV devices only) Change the operational mode of the embedded
switch of a supported SmartNIC PCI device (e.g. Mellanox ConnectX-5).
Possible values are <code>switchdev</code> or <code>legacy</code>, if
unspecified the vendors default configuration is used.</p>
<p><strong>Requires feature: <code>eswitch-mode</code></strong></p>
</blockquote></li>
<li><p><strong><code>delay-virtual-functions-rebind</code></strong>
(boolean) since 0.104</p>
<blockquote>
<p>(SR-IOV devices only) Delay rebinding of SR-IOV virtual functions to
its driver after changing the embedded-switch-mode setting to a later
stage. Can be enabled when bonding/VF LAG is in use. Defaults to
<code>false</code>.</p>
<p><strong>Requires feature: <code>eswitch-mode</code></strong></p>
</blockquote></li>
<li><p><strong><code>infiniband-mode</code></strong> (scalar) since
0.105</p>
<blockquote>
<p>(InfiniBand devices only) Change the operational mode of a IPoIB
device. Possible values are <code>datagram</code> or
<code>connected</code>. If unspecified the kernels default
configuration is used.</p>
<p><strong>Requires feature: <code>infiniband</code></strong></p>
</blockquote></li>
</ul>
<p>(yaml-modems)= ## Properties for device type <code>modems</code></p>
<p><strong>Status</strong>: Optional.</p>
<p><strong>Purpose</strong>: Use the <code>modems</code> key to
configure modem interfaces. GSM/CDMA modem configuration is only
supported for the <code>NetworkManager</code> back end.
<code>systemd-networkd</code> does not support modems.</p>
<p><strong>Structure</strong>: The key consists of a mapping of modem
IDs. Each <code>modem</code> has a number of configuration options. The
general configuration structure for Modems is shown below.</p>
<div class="sourceCode" id="cb18"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb18-1"><a href="#cb18-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb18-2"><a href="#cb18-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">version</span><span class="kw">:</span><span class="at"> </span><span class="dv">2</span></span>
<span id="cb18-3"><a href="#cb18-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">renderer</span><span class="kw">:</span><span class="at"> NetworkManager</span></span>
<span id="cb18-4"><a href="#cb18-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">modems</span><span class="kw">:</span></span>
<span id="cb18-5"><a href="#cb18-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">cdc-wdm1</span><span class="kw">:</span></span>
<span id="cb18-6"><a href="#cb18-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mtu</span><span class="kw">:</span><span class="at"> </span><span class="dv">1600</span></span>
<span id="cb18-7"><a href="#cb18-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">apn</span><span class="kw">:</span><span class="at"> ISP.CINGULAR</span></span>
<span id="cb18-8"><a href="#cb18-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">username</span><span class="kw">:</span><span class="at"> ISP@CINGULARGPRS.COM</span></span>
<span id="cb18-9"><a href="#cb18-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">password</span><span class="kw">:</span><span class="at"> CINGULAR1</span></span>
<span id="cb18-10"><a href="#cb18-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">number</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;*99#&quot;</span></span>
<span id="cb18-11"><a href="#cb18-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">network-id</span><span class="kw">:</span><span class="at"> </span><span class="dv">24005</span></span>
<span id="cb18-12"><a href="#cb18-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">device-id</span><span class="kw">:</span><span class="at"> da812de91eec16620b06cd0ca5cbc7ea25245222</span></span>
<span id="cb18-13"><a href="#cb18-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">pin</span><span class="kw">:</span><span class="at"> </span><span class="dv">2345</span></span>
<span id="cb18-14"><a href="#cb18-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sim-id</span><span class="kw">:</span><span class="at"> </span><span class="dv">89148000000060671234</span></span>
<span id="cb18-15"><a href="#cb18-15" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sim-operator-id</span><span class="kw">:</span><span class="at"> </span><span class="dv">310260</span></span></code></pre></div>
<p><strong>Requires feature: <code>modems</code></strong></p>
<ul>
<li><p><strong><code>apn</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Set the carrier APN (Access Point Name). This can be omitted if
<code>auto-config</code> is enabled.</p>
</blockquote></li>
<li><p><strong><code>auto-config</code></strong> (boolean) since
0.99</p>
<blockquote>
<p>Specify whether to try and auto-configure the modem by doing a lookup
of the carrier against the Mobile Broadband Provider database. This may
not work for all carriers.</p>
</blockquote></li>
<li><p><strong><code>device-id</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Specify the device ID (as given by the WWAN management service) of
the modem to match. This can be found using <code>mmcli</code>.</p>
</blockquote></li>
<li><p><strong><code>network-id</code></strong> (scalar) since
0.99</p>
<blockquote>
<p>Specify the Network ID (GSM LAI format). If this is specified, the
device will not roam networks.</p>
</blockquote></li>
<li><p><strong><code>number</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>The number to dial to establish the connection to the mobile
broadband network. (Deprecated for GSM)</p>
</blockquote></li>
<li><p><strong><code>password</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Specify the password used to authenticate with the carrier network.
This can be omitted if <code>auto-config</code> is enabled.</p>
</blockquote></li>
<li><p><strong><code>pin</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Specify the SIM PIN to allow it to operate if a PIN is set.</p>
</blockquote></li>
<li><p><strong><code>sim-id</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Specify the SIM unique identifier (as given by the WWAN management
service) which this connection applies to. If given, the connection will
apply to any device also allowed by <code>device-id</code> which
contains a SIM card matching the given identifier.</p>
</blockquote></li>
<li><p><strong><code>sim-operator-id</code></strong> (scalar) since
0.99</p>
<blockquote>
<p>Specify the MCC/MNC string (such as <code>310260</code> or
<code>21601</code>) which identifies the carrier that this connection
should apply to. If given, the connection will apply to any device also
allowed by <code>device-id</code> and <code>sim-id</code> which contains
a SIM card provisioned by the given operator.</p>
</blockquote></li>
<li><p><strong><code>username</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Specify the username used to authenticate with the carrier network.
This can be omitted if <code>auto-config</code> is enabled.</p>
</blockquote></li>
</ul>
<h2 id="properties-for-device-type-wifis">Properties for device type
<code>wifis</code></h2>
<p><strong>Status</strong>: Optional.</p>
<p><strong>Purpose</strong>: Use the <code>wifis</code> key to configure
Wi-Fi access points.</p>
<p><strong>Structure</strong>: The key consists of a mapping of Wi-Fi
IDs. Each <code>wifi</code> has a number of configuration options. The
general configuration structure for Wi-Fi is shown below.</p>
<div class="sourceCode" id="cb19"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb19-1"><a href="#cb19-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb19-2"><a href="#cb19-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">version</span><span class="kw">:</span><span class="at"> </span><span class="dv">2</span></span>
<span id="cb19-3"><a href="#cb19-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">wifis</span><span class="kw">:</span></span>
<span id="cb19-4"><a href="#cb19-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">wlp0s1</span><span class="kw">:</span></span>
<span id="cb19-5"><a href="#cb19-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">access-points</span><span class="kw">:</span></span>
<span id="cb19-6"><a href="#cb19-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">&quot;network_ssid_name&quot;</span><span class="kw">:</span></span>
<span id="cb19-7"><a href="#cb19-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">password</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;**********&quot;</span></span></code></pre></div>
<p>Note that <code>systemd-networkd</code> does not have native support
Wi-Fi, so you need wpasupplicant installed if you let the networkd
renderer handle Wi-Fi.</p>
<ul>
<li><p><strong><code>access-points</code></strong> (mapping)</p>
<blockquote>
<p>This provides pre-configured connections to NetworkManager. Note that
users can of course select other access points/SSIDs. The keys of the
mapping are the SSIDs, and the values are mappings with the following
supported properties:</p>
</blockquote>
<ul>
<li><p><strong><code>password</code></strong> (scalar)</p>
<blockquote>
<p>Enable WPA/WPA2 authentication and set the passphrase for it. If
neither this nor an <code>auth</code> block are given, the network is
assumed to be open. The setting</p>
<div class="sourceCode" id="cb20"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb20-1"><a href="#cb20-1" aria-hidden="true" tabindex="-1"></a><span class="fu">password</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;S3kr1t&quot;</span></span></code></pre></div>
<p>is equivalent to</p>
<div class="sourceCode" id="cb21"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb21-1"><a href="#cb21-1" aria-hidden="true" tabindex="-1"></a><span class="fu">auth</span><span class="kw">:</span></span>
<span id="cb21-2"><a href="#cb21-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">key-management</span><span class="kw">:</span><span class="at"> psk</span></span>
<span id="cb21-3"><a href="#cb21-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">password</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;S3kr1t&quot;</span></span></code></pre></div>
</blockquote></li>
<li><p><strong><code>mode</code></strong> (scalar)</p>
<blockquote>
<p>Possible access point modes are <code>infrastructure</code> (the
default), <code>ap</code> (create an access point to which other devices
can connect), and <code>adhoc</code> (peer to peer networks without a
central access point). <code>ap</code> is only supported with
NetworkManager.</p>
</blockquote></li>
<li><p><strong><code>bssid</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>If specified, directs the device to only associate with the given
access point.</p>
</blockquote></li>
<li><p><strong><code>band</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Possible bands are <code>5GHz</code> (for 5GHz 802.11a) and
<code>2.4GHz</code> (for 2.4GHz 802.11), do not restrict the 802.11
frequency band of the network if unset (the default).</p>
</blockquote></li>
<li><p><strong><code>channel</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Wireless channel to use for the Wi-Fi connection. Because channel
numbers overlap between bands, this property takes effect only if the
<code>band</code> property is also set.</p>
</blockquote></li>
<li><p><strong><code>hidden</code></strong> (boolean) since 0.100</p>
<blockquote>
<p>Set to <code>true</code> to change the SSID scan technique for
connecting to hidden Wi-Fi networks. Note this may have slower
performance compared to <code>false</code> (the default) when connecting
to publicly broadcast SSIDs.</p>
</blockquote></li>
</ul></li>
<li><p><strong><code>wakeonwlan</code></strong> (sequence of scalars)
since 0.99</p>
<blockquote>
<p>This enables WakeOnWLan on supported devices. Not all drivers support
all options. May be any combination of <code>any</code>,
<code>disconnect</code>, <code>magic_pkt</code>,
<code>gtk_rekey_failure</code>, <code>eap_identity_req</code>,
<code>four_way_handshake</code>, <code>rfkill_release</code> or
<code>tcp</code> (NetworkManager only). Or the exclusive
<code>default</code> flag (the default).</p>
</blockquote></li>
<li><p><strong><code>regulatory-domain</code></strong> (scalar) since
0.105</p>
<blockquote>
<p>This can be used to define the radios regulatory domain, to make use
of additional Wi-Fi channels outside the “world domain”. Takes an ISO/
IEC 3166 country code (like <code>GB</code>) or <code>00</code> to reset
to the “world domain”. See <a
href="https://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git/tree/db.txt">wireless-regdb</a>
for available values.</p>
<p><strong>Requires dependency: <code>iw</code></strong>, if it is to be
used outside the networkd (wpasupplicant) back end.</p>
</blockquote></li>
</ul>
<h2 id="properties-for-device-type-bridges">Properties for device type
<code>bridges</code></h2>
<p><strong>Status</strong>: Optional.</p>
<p><strong>Purpose</strong>: Use the <code>bridges</code> key to create
Bridge interfaces.</p>
<p><strong>Structure</strong>: The key consists of a mapping of Bridge
interface names. Each <code>bridge</code> has an optional list of
interfaces that will be bridged together. The interfaces listed in the
<code>interfaces</code> key (<code>enp5s0</code> and <code>enp5s1</code>
below) must also be defined in your Netplan configuration. The general
configuration structure for Bridges is shown below.</p>
<div class="sourceCode" id="cb22"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb22-1"><a href="#cb22-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb22-2"><a href="#cb22-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bridges</span><span class="kw">:</span></span>
<span id="cb22-3"><a href="#cb22-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">br0</span><span class="kw">:</span></span>
<span id="cb22-4"><a href="#cb22-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span></span>
<span id="cb22-5"><a href="#cb22-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> enp5s0</span></span>
<span id="cb22-6"><a href="#cb22-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> enp5s1</span></span>
<span id="cb22-7"><a href="#cb22-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb22-8"><a href="#cb22-8" aria-hidden="true" tabindex="-1"></a><span class="at"> ...</span></span></code></pre></div>
<p>When applied, a virtual interface of type bridge called
<code>br0</code> will be created in the system.</p>
<p>The specific settings for bridges are defined below.</p>
<ul>
<li><p><strong><code>interfaces</code></strong> (sequence of
scalars)</p>
<blockquote>
<p>All devices matching this ID list will be added to the bridge. This
may be an empty list, in which case the bridge will be brought online
with no member interfaces.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb23"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb23-1"><a href="#cb23-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb23-2"><a href="#cb23-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb23-3"><a href="#cb23-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">switchports</span><span class="kw">:</span></span>
<span id="cb23-4"><a href="#cb23-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">match</span><span class="kw">:</span><span class="at"> </span><span class="kw">{</span><span class="fu">name</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;enp2*&quot;</span><span class="kw">}</span></span>
<span id="cb23-5"><a href="#cb23-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span>
<span id="cb23-6"><a href="#cb23-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bridges</span><span class="kw">:</span></span>
<span id="cb23-7"><a href="#cb23-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">br0</span><span class="kw">:</span></span>
<span id="cb23-8"><a href="#cb23-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">switchports</span><span class="kw">]</span></span></code></pre></div></li>
<li><p><strong><code>parameters</code></strong> (mapping)</p>
<blockquote>
<p>Customisation parameters for special bridging options. Time intervals
may need to be expressed as a number of seconds or milliseconds: the
default value type is specified below. If necessary, time intervals can
be qualified using a time suffix (such as <code>s</code> for seconds,
<code>ms</code> for milliseconds) to allow for more control over its
behaviour.</p>
</blockquote>
<ul>
<li><p><strong><code>ageing-time</code></strong>,
<strong><code>aging-time</code></strong> (scalar)</p>
<blockquote>
<p>Set the period of time to keep a MAC address in the forwarding
database after a packet is received. This maps to the
<code>AgeingTimeSec=</code> property when the networkd renderer is used.
If no time suffix is specified, the value will be interpreted as
seconds.</p>
</blockquote></li>
<li><p><strong><code>priority</code></strong> (scalar)</p>
<blockquote>
<p>Set the priority value for the bridge. This value should be a number
between <code>0</code> and <code>65535</code>. Lower values mean higher
priority. The bridge with the higher priority will be elected as the
root bridge.</p>
</blockquote></li>
<li><p><strong><code>port-priority</code></strong> (mapping)</p>
<blockquote>
<p>Set the port priority per interface. The priority value is a number
between <code>0</code> and <code>63</code>. This metric is used in the
designated port and root port selection algorithms.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb24"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb24-1"><a href="#cb24-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb24-2"><a href="#cb24-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb24-3"><a href="#cb24-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth0</span><span class="kw">:</span></span>
<span id="cb24-4"><a href="#cb24-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">false</span></span>
<span id="cb24-5"><a href="#cb24-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth1</span><span class="kw">:</span></span>
<span id="cb24-6"><a href="#cb24-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">false</span></span>
<span id="cb24-7"><a href="#cb24-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bridges</span><span class="kw">:</span></span>
<span id="cb24-8"><a href="#cb24-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">br0</span><span class="kw">:</span></span>
<span id="cb24-9"><a href="#cb24-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">eth0</span><span class="kw">,</span><span class="at"> eth1</span><span class="kw">]</span></span>
<span id="cb24-10"><a href="#cb24-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">parameters</span><span class="kw">:</span></span>
<span id="cb24-11"><a href="#cb24-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">port-priority</span><span class="kw">:</span></span>
<span id="cb24-12"><a href="#cb24-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth0</span><span class="kw">:</span><span class="at"> </span><span class="dv">10</span></span>
<span id="cb24-13"><a href="#cb24-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth1</span><span class="kw">:</span><span class="at"> </span><span class="dv">20</span></span></code></pre></div></li>
<li><p><strong><code>forward-delay</code></strong> (scalar)</p>
<blockquote>
<p>Specify the period of time the bridge will remain in Listening and
Learning states before getting to the Forwarding state. This field maps
to the <code>ForwardDelaySec=</code> property for the networkd renderer.
If no time suffix is specified, the value will be interpreted as
seconds.</p>
</blockquote></li>
<li><p><strong><code>hello-time</code></strong> (scalar)</p>
<blockquote>
<p>Specify the interval between two hello packets being sent out from
the root and designated bridges. Hello packets communicate information
about the network topology. When the networkd renderer is used, this
maps to the <code>HelloTimeSec=</code> property. If no time suffix is
specified, the value will be interpreted as seconds.</p>
</blockquote></li>
<li><p><strong><code>max-age</code></strong> (scalar)</p>
<blockquote>
<p>Set the maximum age of a hello packet. If the last hello packet is
older than that value, the bridge will attempt to become the root
bridge. This maps to the <code>MaxAgeSec=</code> property when the
networkd renderer is used. If no time suffix is specified, the value
will be interpreted as seconds.</p>
</blockquote></li>
<li><p><strong><code>path-cost</code></strong> (mapping)</p>
<blockquote>
<p>Set the per-interface cost of a path on the bridge. Faster interfaces
should have a lower cost. This allows a finer control on the network
topology so that the fastest paths are available whenever possible.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb25"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb25-1"><a href="#cb25-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb25-2"><a href="#cb25-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb25-3"><a href="#cb25-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth0</span><span class="kw">:</span></span>
<span id="cb25-4"><a href="#cb25-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">false</span></span>
<span id="cb25-5"><a href="#cb25-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth1</span><span class="kw">:</span></span>
<span id="cb25-6"><a href="#cb25-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">false</span></span>
<span id="cb25-7"><a href="#cb25-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bridges</span><span class="kw">:</span></span>
<span id="cb25-8"><a href="#cb25-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">br0</span><span class="kw">:</span></span>
<span id="cb25-9"><a href="#cb25-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">eth0</span><span class="kw">,</span><span class="at"> eth1</span><span class="kw">]</span></span>
<span id="cb25-10"><a href="#cb25-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">parameters</span><span class="kw">:</span></span>
<span id="cb25-11"><a href="#cb25-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">path-cost</span><span class="kw">:</span></span>
<span id="cb25-12"><a href="#cb25-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth0</span><span class="kw">:</span><span class="at"> </span><span class="dv">100</span></span>
<span id="cb25-13"><a href="#cb25-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eth1</span><span class="kw">:</span><span class="at"> </span><span class="dv">200</span></span></code></pre></div></li>
<li><p><strong><code>stp</code></strong> (boolean)</p>
<blockquote>
<p>Define whether the bridge should use Spanning Tree Protocol. The
default value is <code>true</code>, which means that Spanning Tree
should be used.</p>
</blockquote></li>
</ul></li>
</ul>
<h2 id="properties-for-device-type-dummy-devices">Properties for device
type <code>dummy-devices</code></h2>
<p><strong>Status</strong>: Optional.</p>
<p><strong>Purpose</strong>: Use the <code>dummy-devices</code> key to
create virtual interfaces.</p>
<p><strong>Structure</strong>: The key consists of a mapping of
interface names. Dummy devices are virtual devices that can be used to
route packets to without actually transmitting them.</p>
<div class="sourceCode" id="cb26"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb26-1"><a href="#cb26-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb26-2"><a href="#cb26-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dummy-devices</span><span class="kw">:</span></span>
<span id="cb26-3"><a href="#cb26-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dm0</span><span class="kw">:</span></span>
<span id="cb26-4"><a href="#cb26-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">addresses</span><span class="kw">:</span></span>
<span id="cb26-5"><a href="#cb26-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> 192.168.0.123/24</span></span>
<span id="cb26-6"><a href="#cb26-6" aria-hidden="true" tabindex="-1"></a><span class="at"> ...</span></span></code></pre></div>
<p>When applied, a virtual interface called <code>dm0</code> will be
created in the system.</p>
<p>See the <a href="#properties-for-all-device-types">“Properties for
all device types”</a> section for the list of properties that can be
used with this type of interface.</p>
<h2 id="properties-for-device-type-bonds">Properties for device type
<code>bonds</code></h2>
<p><strong>Status</strong>: Optional.</p>
<p><strong>Purpose</strong>: Use the <code>bonds</code> key to create
Bond (Link Aggregation) interfaces.</p>
<p><strong>Structure</strong>: The key consists of a mapping of Bond
interface names. Each <code>bond</code> has an optional list of
interfaces that will be part of the aggregation. The interfaces listed
in the <code>interfaces</code> key must also be defined in your Netplan
configuration. The general configuration structure for Bonds is shown
below.</p>
<div class="sourceCode" id="cb27"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb27-1"><a href="#cb27-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb27-2"><a href="#cb27-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bonds</span><span class="kw">:</span></span>
<span id="cb27-3"><a href="#cb27-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bond0</span><span class="kw">:</span></span>
<span id="cb27-4"><a href="#cb27-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span></span>
<span id="cb27-5"><a href="#cb27-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> enp5s0</span></span>
<span id="cb27-6"><a href="#cb27-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> enp5s1</span></span>
<span id="cb27-7"><a href="#cb27-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> enp5s2</span></span>
<span id="cb27-8"><a href="#cb27-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">parameters</span><span class="kw">:</span></span>
<span id="cb27-9"><a href="#cb27-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mode</span><span class="kw">:</span><span class="at"> active-backup</span></span>
<span id="cb27-10"><a href="#cb27-10" aria-hidden="true" tabindex="-1"></a><span class="at"> ...</span></span></code></pre></div>
<p>When applied, a virtual interface of type bond called
<code>bond0</code> will be created in the system.</p>
<p>The specific settings for bonds are defined below.</p>
<ul>
<li><p><strong><code>interfaces</code></strong> (sequence of
scalars)</p>
<blockquote>
<p>All devices matching this ID list will be added to the bond.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb28"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb28-1"><a href="#cb28-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb28-2"><a href="#cb28-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb28-3"><a href="#cb28-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">switchports</span><span class="kw">:</span></span>
<span id="cb28-4"><a href="#cb28-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">match</span><span class="kw">:</span><span class="at"> </span><span class="kw">{</span><span class="fu">name</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;enp2*&quot;</span><span class="kw">}</span></span>
<span id="cb28-5"><a href="#cb28-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span>
<span id="cb28-6"><a href="#cb28-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bonds</span><span class="kw">:</span></span>
<span id="cb28-7"><a href="#cb28-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bond0</span><span class="kw">:</span></span>
<span id="cb28-8"><a href="#cb28-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">switchports</span><span class="kw">]</span></span></code></pre></div></li>
<li><p><strong><code>parameters</code></strong> (mapping)</p>
<blockquote>
<p>Customisation parameters for special bonding options. Time intervals
may need to be expressed as a number of seconds or milliseconds: the
default value type is specified below. If necessary, time intervals can
be qualified using a time suffix (such as <code>s</code> for seconds,
<code>ms</code> for milliseconds) to allow for more control over its
behaviour.</p>
</blockquote>
<ul>
<li><p><strong><code>mode</code></strong> (scalar)</p>
<blockquote>
<p>Set the bonding mode used for the interfaces. The default is
<code>balance-rr</code> (round robin). Possible values are
<code>balance-rr</code>, <code>active-backup</code>,
<code>balance-xor</code>, <code>broadcast</code>, <code>802.3ad</code>,
<code>balance-tlb</code> and <code>balance-alb</code>. For Open vSwitch
<code>active-backup</code> and the additional modes
<code>balance-tcp</code> and <code>balance-slb</code> are supported.</p>
</blockquote></li>
<li><p><strong><code>lacp-rate</code></strong> (scalar)</p>
<blockquote>
<p>Set the rate at which LACPDUs are transmitted. This is only useful in
802.3ad mode. Possible values are <code>slow</code> (30 seconds,
default), and <code>fast</code> (every second).</p>
</blockquote></li>
<li><p><strong><code>mii-monitor-interval</code></strong> (scalar)</p>
<blockquote>
<p>Specifies the interval for MII monitoring (verifying if an interface
of the bond has carrier). The default is <code>0</code>; which disables
MII monitoring. This is equivalent to the <code>MIIMonitorSec=</code>
field for the networkd back end. If no time suffix is specified, the
value will be interpreted as milliseconds.</p>
</blockquote></li>
<li><p><strong><code>min-links</code></strong> (scalar)</p>
<blockquote>
<p>The minimum number of links up in a bond to consider the bond
interface to be up.</p>
</blockquote></li>
<li><p><strong><code>transmit-hash-policy</code></strong> (scalar)</p>
<blockquote>
<p>Specifies the transmit hash policy for the selection of ports. This
is only useful in <code>balance-xor</code>, <code>802.3ad</code> and
<code>balance-tlb</code> modes. Possible values are <code>layer2</code>,
<code>layer3+4</code>, <code>layer2+3</code>, <code>encap2+3</code> and
<code>encap3+4</code>.</p>
</blockquote></li>
<li><p><strong><code>ad-select</code></strong> (scalar)</p>
<blockquote>
<p>Set the aggregation selection mode. Possible values are
<code>stable</code>, <code>bandwidth</code> and <code>count</code>. This
option is only used in 802.3ad mode.</p>
</blockquote></li>
<li><p><strong><code>all-members-active</code></strong> (boolean)
since 0.106</p>
<blockquote>
<p>If the bond should drop duplicate frames received on inactive ports,
set this option to <code>false</code>. If they should be delivered, set
this option to <code>true</code>. The default value is false and is the
desirable behaviour in most situations.</p>
<p>Alias: <strong><code>all-slaves-active</code></strong>
<!--- wokeignore:rule=slave --></p>
</blockquote></li>
<li><p><strong><code>arp-interval</code></strong> (scalar)</p>
<blockquote>
<p>Set the interval value for how frequently ARP link monitoring should
happen. The default value is <code>0</code>, which disables ARP
monitoring. For the networkd back end, this maps to the
<code>ARPIntervalSec=</code> property. If no time suffix is specified,
the value will be interpreted as milliseconds.</p>
</blockquote></li>
<li><p><strong><code>arp-ip-targets</code></strong> (sequence of
scalars)</p>
<blockquote>
<p>IP addresses of other hosts on the link which should be sent ARP
requests in order to validate that a port is up. This option is only
used when <code>arp-interval</code> is set to a value other than
<code>0</code>. At least one IP address must be given for ARP link
monitoring to function. Only IPv4 addresses are supported. You can
specify up to 16 IP addresses. The default value is an empty list.</p>
</blockquote></li>
<li><p><strong><code>arp-validate</code></strong> (scalar)</p>
<blockquote>
<p>Configure how ARP replies are to be validated when using ARP link
monitoring. Possible values are <code>none</code>, <code>active</code>,
<code>backup</code>, and <code>all</code>.</p>
</blockquote></li>
<li><p><strong><code>arp-all-targets</code></strong> (scalar)</p>
<blockquote>
<p>Specify whether to use any ARP IP target being up as sufficient for a
port to be considered up; or if all the targets must be up. This is only
used for <code>active-backup</code> mode when <code>arp-validate</code>
is enabled. Possible values are <code>any</code> and
<code>all</code>.</p>
</blockquote></li>
<li><p><strong><code>up-delay</code></strong> (scalar)</p>
<blockquote>
<p>Specify the delay before enabling a link once the link is physically
up. The default value is <code>0</code>. This maps to the
<code>UpDelaySec=</code> property for the networkd renderer. This option
is only valid for the miimon link monitor. If no time suffix is
specified, the value will be interpreted as milliseconds.</p>
</blockquote></li>
<li><p><strong><code>down-delay</code></strong> (scalar)</p>
<blockquote>
<p>Specify the delay before disabling a link once the link has been
lost. The default value is <code>0</code>. This maps to the
<code>DownDelaySec=</code> property for the networkd renderer. This
option is only valid for the miimon link monitor. If no time suffix is
specified, the value will be interpreted as milliseconds.</p>
</blockquote></li>
<li><p><strong><code>fail-over-mac-policy</code></strong> (scalar)</p>
<blockquote>
<p>Set whether to set all ports to the same MAC address when adding them
to the bond, or how else the system should handle MAC addresses. The
possible values are <code>none</code>, <code>active</code> and
<code>follow</code>.</p>
</blockquote></li>
<li><p><strong><code>gratuitous-arp</code></strong> (scalar)</p>
<blockquote>
<p>Specify how many ARP packets to send after failover. Once a link is
up on a new port, a notification is sent and possibly repeated if this
value is set to a number greater than <code>1</code>. The default value
is <code>1</code> and valid values are between <code>1</code> and
<code>255</code>. This only affects <code>active-backup</code> mode.</p>
<p>For historical reasons, the misspelling <code>gratuitious-arp</code>
is also accepted and has the same function.</p>
</blockquote></li>
<li><p><strong><code>packets-per-member</code></strong> (scalar) since
0.106</p>
<blockquote>
<p>In <code>balance-rr</code> mode, specifies the number of packets to
transmit on a port before switching to the next. When this value is set
to <code>0</code>, ports are chosen at random. Allowable values are
between <code>0</code> and <code>65535</code>. The default value is
<code>1</code>. This setting is only used in <code>balance-rr</code>
mode.</p>
<p>Alias: <strong><code>packets-per-slave</code></strong>
<!--- wokeignore:rule=slave --></p>
</blockquote></li>
<li><p><strong><code>primary-reselect-policy</code></strong>
(scalar)</p>
<blockquote>
<p>Set the reselection policy for the primary port. On failure of the
active port, the system will use this policy to decide how the new
active port will be chosen and how recovery will be handled. The
possible values are <code>always</code>, <code>better</code> and
<code>failure</code>.</p>
</blockquote></li>
<li><p><strong><code>resend-igmp</code></strong> (scalar)</p>
<blockquote>
<p>In modes <code>balance-rr</code>, <code>active-backup</code>,
<code>balance-tlb</code> and <code>balance-alb</code>, a failover can
switch IGMP traffic from one port to another.</p>
<p>This parameter specifies how many IGMP membership reports are issued
on a failover event. Values range from 0 to 255. 0 disables sending
membership reports. Otherwise, the first membership report is sent on
failover and subsequent reports are sent at 200ms intervals.</p>
</blockquote></li>
<li><p><strong><code>learn-packet-interval</code></strong> (scalar)</p>
<blockquote>
<p>Specify the interval between sending learning packets to each port.
The value range is between <code>1</code> and <code>0x7fffffff</code>.
The default value is <code>1</code>. This option only affects
<code>balance-tlb</code> and <code>balance-alb</code> modes. Using the
networkd renderer, this field maps to the
<code>LearnPacketIntervalSec=</code> property. If no time suffix is
specified, the value will be interpreted as seconds.</p>
</blockquote></li>
<li><p><strong><code>primary</code></strong> (scalar)</p>
<blockquote>
<p>Specify a device to be used as a primary port, or preferred device to
use as a port for the bond (i.e. the preferred device to send data
through), whenever it is available. This only affects
<code>active-backup</code>, <code>balance-alb</code> and
<code>balance-tlb</code> modes.</p>
</blockquote></li>
</ul></li>
</ul>
<p>(yaml-tunnels)= ## Properties for device type
<code>tunnels</code></p>
<p><strong>Status</strong>: Optional.</p>
<p><strong>Purpose</strong>: Use the <code>tunnels</code> key to create
virtual tunnel interfaces.</p>
<p><strong>Structure</strong>: The key consists of a mapping of tunnel
interface names. Each <code>tunnel</code> requires the identification of
the tunnel mode (see the section <code>mode</code> below for the list of
supported modes). The general configuration structure for Tunnels is
shown below.</p>
<div class="sourceCode" id="cb29"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb29-1"><a href="#cb29-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb29-2"><a href="#cb29-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tunnels</span><span class="kw">:</span></span>
<span id="cb29-3"><a href="#cb29-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tunnel0</span><span class="kw">:</span></span>
<span id="cb29-4"><a href="#cb29-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mode</span><span class="kw">:</span><span class="at"> SCALAR</span></span>
<span id="cb29-5"><a href="#cb29-5" aria-hidden="true" tabindex="-1"></a><span class="at"> ...</span></span></code></pre></div>
<p>When applied, a virtual interface called <code>tunnel0</code> will be
created in the system. Its operation mode is defined by the property
<code>mode</code>.</p>
<p>Tunnels allow traffic to pass as if it was between systems on the
same local network, although systems may be far from each other but
reachable via the Internet. They may be used to support IPv6 traffic on
a network where the ISP does not provide the service, or to extend and
“connect” separate local networks. See <a
href="https://en.wikipedia.org/wiki/Tunneling_protocol">Tunneling_protocol</a>
for more general information about tunnels.</p>
<p>The specific settings for tunnels are defined below.</p>
<ul>
<li><p><strong><code>mode</code></strong> (scalar)</p>
<blockquote>
<p>Defines the tunnel mode. Valid options are <code>sit</code>,
<code>gre</code>, <code>ip6gre</code>, <code>ipip</code>,
<code>ipip6</code>, <code>ip6ip6</code>, <code>vti</code>,
<code>vti6</code>, <code>wireguard</code>, <code>vxlan</code>,
<code>gretap</code> and <code>ip6gretap</code> modes. In addition, the
<code>NetworkManager</code> back end supports <code>isatap</code>
tunnels.</p>
</blockquote></li>
<li><p><strong><code>local</code></strong> (scalar)</p>
<blockquote>
<p>Defines the address of the local endpoint of the tunnel. (For VXLAN)
This should match one of the parents IP addresses or make use of the
networkd special values.</p>
</blockquote></li>
<li><p><strong><code>remote</code></strong> (scalar)</p>
<blockquote>
<p>Defines the address of the remote endpoint of the tunnel or multicast
group IP address for VXLAN.</p>
</blockquote></li>
<li><p><strong><code>ttl</code></strong> (scalar) since 0.103</p>
<blockquote>
<p>Defines the Time To Live (TTL) of the tunnel. Takes a number in the
range <code>1..255</code>.</p>
</blockquote></li>
<li><p><strong><code>key</code></strong> (scalar or mapping)</p>
<blockquote>
<p>Define keys to use for the tunnel. The key can be a number or a
dotted quad (an IPv4 address). For <code>wireguard</code> it can be a
base64-encoded private key or (as of networkd v242+) an absolute path to
a file, containing the private key (since 0.100). It is used for
identification of IP transforms. This is only required for
<code>vti</code> and <code>vti6</code> when using the networkd back
end.</p>
<p>This field may be used as a scalar (meaning that a single key is
specified and to be used for input, output and private key), or as a
mapping, where you can further specify
<code>input</code>/<code>output</code>/<code>private</code>.</p>
</blockquote>
<ul>
<li><p><strong><code>input</code></strong> (scalar)</p>
<blockquote>
<p>The input key for the tunnel</p>
</blockquote></li>
<li><p><strong><code>output</code></strong> (scalar)</p>
<blockquote>
<p>The output key for the tunnel</p>
</blockquote></li>
<li><p><strong><code>private</code></strong> (scalar) since 0.100</p>
<blockquote>
<p>A base64-encoded private key required for WireGuard tunnels. When the
<code>systemd-networkd</code> back end (v242+) is used, this can also be
an absolute path to a file containing the private key.</p>
</blockquote></li>
<li><p><strong><code>private-key-flags</code></strong> (sequence of
scalars) since 0.107</p>
<blockquote>
<p>Private key flags used by NetworkManager. Possible values are:
<code>agent-owned</code>, <code>not-saved</code> and
<code>not-required</code>.</p>
<p><code>agent-owned</code>: a user-session secret agent is responsible
for providing and storing this secret.</p>
<p><code>not-saved</code>: this secret should not be saved but should be
requested from the user each time it is required.</p>
<p><code>not-required</code>: this flag hints that the secret is not
required and should not be requested from the user.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb30"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb30-1"><a href="#cb30-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb30-2"><a href="#cb30-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">renderer</span><span class="kw">:</span><span class="at"> NetworkManager</span></span>
<span id="cb30-3"><a href="#cb30-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tunnels</span><span class="kw">:</span></span>
<span id="cb30-4"><a href="#cb30-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">wg0</span><span class="kw">:</span></span>
<span id="cb30-5"><a href="#cb30-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mode</span><span class="kw">:</span><span class="at"> wireguard</span></span>
<span id="cb30-6"><a href="#cb30-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">port</span><span class="kw">:</span><span class="at"> </span><span class="dv">5182</span></span>
<span id="cb30-7"><a href="#cb30-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">key</span><span class="kw">:</span></span>
<span id="cb30-8"><a href="#cb30-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">private-key-flags</span><span class="kw">:</span></span>
<span id="cb30-9"><a href="#cb30-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> agent-owned</span></span>
<span id="cb30-10"><a href="#cb30-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">peers</span><span class="kw">:</span></span>
<span id="cb30-11"><a href="#cb30-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">keys</span><span class="kw">:</span></span>
<span id="cb30-12"><a href="#cb30-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">public</span><span class="kw">:</span><span class="at"> rlbInAj0qV69CysWPQY7KEBnKxpYCpaWqOs/dLevdWc=</span></span>
<span id="cb30-13"><a href="#cb30-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">allowed-ips</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">0.0.0.0/</span><span class="dv">0</span><span class="kw">,</span><span class="at"> </span><span class="st">&quot;2001:fe:ad:de:ad:be:ef:1/24&quot;</span><span class="kw">]</span></span>
<span id="cb30-14"><a href="#cb30-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">keepalive</span><span class="kw">:</span><span class="at"> </span><span class="dv">23</span></span>
<span id="cb30-15"><a href="#cb30-15" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">endpoint</span><span class="kw">:</span><span class="at"> 1.2.3.4:5</span></span></code></pre></div></li>
</ul></li>
<li><p><strong><code>keys</code></strong> (scalar or mapping)</p>
<blockquote>
<p>Alternate name for the <code>key</code> field. See above.</p>
</blockquote>
<p>Examples:</p>
<div class="sourceCode" id="cb31"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb31-1"><a href="#cb31-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb31-2"><a href="#cb31-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tunnels</span><span class="kw">:</span></span>
<span id="cb31-3"><a href="#cb31-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tun0</span><span class="kw">:</span></span>
<span id="cb31-4"><a href="#cb31-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mode</span><span class="kw">:</span><span class="at"> gre</span></span>
<span id="cb31-5"><a href="#cb31-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">local</span><span class="kw">:</span><span class="at"> ...</span></span>
<span id="cb31-6"><a href="#cb31-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">remote</span><span class="kw">:</span><span class="at"> ...</span></span>
<span id="cb31-7"><a href="#cb31-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">keys</span><span class="kw">:</span></span>
<span id="cb31-8"><a href="#cb31-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">input</span><span class="kw">:</span><span class="at"> </span><span class="dv">1234</span></span>
<span id="cb31-9"><a href="#cb31-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">output</span><span class="kw">:</span><span class="at"> </span><span class="dv">5678</span></span></code></pre></div>
<div class="sourceCode" id="cb32"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb32-1"><a href="#cb32-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb32-2"><a href="#cb32-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tunnels</span><span class="kw">:</span></span>
<span id="cb32-3"><a href="#cb32-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tun0</span><span class="kw">:</span></span>
<span id="cb32-4"><a href="#cb32-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mode</span><span class="kw">:</span><span class="at"> vti6</span></span>
<span id="cb32-5"><a href="#cb32-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">local</span><span class="kw">:</span><span class="at"> ...</span></span>
<span id="cb32-6"><a href="#cb32-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">remote</span><span class="kw">:</span><span class="at"> ...</span></span>
<span id="cb32-7"><a href="#cb32-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">key</span><span class="kw">:</span><span class="at"> </span><span class="dv">59568549</span></span></code></pre></div>
<div class="sourceCode" id="cb33"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb33-1"><a href="#cb33-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb33-2"><a href="#cb33-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tunnels</span><span class="kw">:</span></span>
<span id="cb33-3"><a href="#cb33-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">wg0</span><span class="kw">:</span></span>
<span id="cb33-4"><a href="#cb33-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mode</span><span class="kw">:</span><span class="at"> wireguard</span></span>
<span id="cb33-5"><a href="#cb33-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">addresses</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span>
<span id="cb33-6"><a href="#cb33-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">peers</span><span class="kw">:</span></span>
<span id="cb33-7"><a href="#cb33-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">keys</span><span class="kw">:</span></span>
<span id="cb33-8"><a href="#cb33-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">public</span><span class="kw">:</span><span class="at"> rlbInAj0qV69CysWPQY7KEBnKxpYCpaWqOs/dLevdWc=</span></span>
<span id="cb33-9"><a href="#cb33-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">shared</span><span class="kw">:</span><span class="at"> /path/to/shared.key</span></span>
<span id="cb33-10"><a href="#cb33-10" aria-hidden="true" tabindex="-1"></a><span class="at"> ...</span></span>
<span id="cb33-11"><a href="#cb33-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">key</span><span class="kw">:</span><span class="at"> mNb7OIIXTdgW4khM7OFlzJ+UPs7lmcWHV7xjPgakMkQ=</span></span></code></pre></div>
<div class="sourceCode" id="cb34"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb34-1"><a href="#cb34-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb34-2"><a href="#cb34-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tunnels</span><span class="kw">:</span></span>
<span id="cb34-3"><a href="#cb34-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">wg0</span><span class="kw">:</span></span>
<span id="cb34-4"><a href="#cb34-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mode</span><span class="kw">:</span><span class="at"> wireguard</span></span>
<span id="cb34-5"><a href="#cb34-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">addresses</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span>
<span id="cb34-6"><a href="#cb34-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">peers</span><span class="kw">:</span></span>
<span id="cb34-7"><a href="#cb34-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">keys</span><span class="kw">:</span></span>
<span id="cb34-8"><a href="#cb34-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">public</span><span class="kw">:</span><span class="at"> rlbInAj0qV69CysWPQY7KEBnKxpYCpaWqOs/dLevdWc=</span></span>
<span id="cb34-9"><a href="#cb34-9" aria-hidden="true" tabindex="-1"></a><span class="at"> ...</span></span>
<span id="cb34-10"><a href="#cb34-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">keys</span><span class="kw">:</span></span>
<span id="cb34-11"><a href="#cb34-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">private</span><span class="kw">:</span><span class="at"> /path/to/priv.key</span></span></code></pre></div></li>
</ul>
<p>WireGuard specific keys:</p>
<ul>
<li><p><strong><code>mark</code></strong> (scalar) since 0.100</p>
<blockquote>
<p>Firewall mark for outgoing WireGuard packets from this interface,
optional.</p>
</blockquote></li>
<li><p><strong><code>port</code></strong> (scalar) since 0.100</p>
<blockquote>
<p>UDP port to listen at or <code>auto</code>. Optional, defaults to
<code>auto</code>.</p>
</blockquote></li>
<li><p><strong><code>peers</code></strong> (sequence of mappings)
since 0.100</p>
<blockquote>
<p>A list of peers, each having keys documented below.</p>
</blockquote>
<p>Example:</p>
<div class="sourceCode" id="cb35"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb35-1"><a href="#cb35-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb35-2"><a href="#cb35-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">tunnels</span><span class="kw">:</span></span>
<span id="cb35-3"><a href="#cb35-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">wg0</span><span class="kw">:</span></span>
<span id="cb35-4"><a href="#cb35-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mode</span><span class="kw">:</span><span class="at"> wireguard</span></span>
<span id="cb35-5"><a href="#cb35-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">key</span><span class="kw">:</span><span class="at"> /path/to/private.key</span></span>
<span id="cb35-6"><a href="#cb35-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">mark</span><span class="kw">:</span><span class="at"> </span><span class="dv">42</span></span>
<span id="cb35-7"><a href="#cb35-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">port</span><span class="kw">:</span><span class="at"> </span><span class="dv">5182</span></span>
<span id="cb35-8"><a href="#cb35-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">peers</span><span class="kw">:</span></span>
<span id="cb35-9"><a href="#cb35-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">keys</span><span class="kw">:</span></span>
<span id="cb35-10"><a href="#cb35-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">public</span><span class="kw">:</span><span class="at"> rlbInAj0qV69CysWPQY7KEBnKxpYCpaWqOs/dLevdWc=</span></span>
<span id="cb35-11"><a href="#cb35-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">allowed-ips</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">0.0.0.0/</span><span class="dv">0</span><span class="kw">,</span><span class="at"> </span><span class="st">&quot;2001:fe:ad:de:ad:be:ef:1/24&quot;</span><span class="kw">]</span></span>
<span id="cb35-12"><a href="#cb35-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">keepalive</span><span class="kw">:</span><span class="at"> </span><span class="dv">23</span></span>
<span id="cb35-13"><a href="#cb35-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">endpoint</span><span class="kw">:</span><span class="at"> 1.2.3.4:5</span></span>
<span id="cb35-14"><a href="#cb35-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">keys</span><span class="kw">:</span></span>
<span id="cb35-15"><a href="#cb35-15" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">public</span><span class="kw">:</span><span class="at"> M9nt4YujIOmNrRmpIRTmYSfMdrpvE7u6WkG8FY8WjG4=</span></span>
<span id="cb35-16"><a href="#cb35-16" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">shared</span><span class="kw">:</span><span class="at"> /some/shared.key</span></span>
<span id="cb35-17"><a href="#cb35-17" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">allowed-ips</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">10.10.10.20/</span><span class="dv">24</span><span class="kw">]</span></span>
<span id="cb35-18"><a href="#cb35-18" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">keepalive</span><span class="kw">:</span><span class="at"> </span><span class="dv">22</span></span>
<span id="cb35-19"><a href="#cb35-19" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">endpoint</span><span class="kw">:</span><span class="at"> 5.4.3.2:1</span></span></code></pre></div>
<ul>
<li><p><strong><code>endpoint</code></strong> (scalar) since 0.100</p>
<blockquote>
<p>Remote endpoint IPv4/IPv6 address or a hostname, followed by a colon
and a port number.</p>
</blockquote></li>
<li><p><strong><code>allowed-ips</code></strong> (sequence of scalars)
since 0.100</p>
<blockquote>
<p>A list of IP (v4 or v6) addresses with CIDR masks from which this
peer is allowed to send incoming traffic and to which outgoing traffic
for this peer is directed. The catch-all 0.0.0.0/0 may be specified for
matching all IPv4 addresses, and ::/0 may be specified for matching all
IPv6 addresses.</p>
</blockquote></li>
<li><p><strong><code>keepalive</code></strong> (scalar) since
0.100</p>
<blockquote>
<p>An interval in seconds, between 1 and 65535 inclusive, of how often
to send an authenticated empty packet to the peer for the purpose of
keeping a stateful firewall or NAT mapping valid persistently.
Optional.</p>
</blockquote></li>
<li><p><strong><code>keys</code></strong> (mapping) since 0.100</p>
<blockquote>
<p>Define keys to use for the WireGuard peers.</p>
<p>This field can be used as a mapping, where you can further specify
the <code>public</code> and <code>shared</code> keys.</p>
</blockquote>
<ul>
<li><p><strong><code>public</code></strong> (scalar) since 0.100</p>
<blockquote>
<p>A base64-encoded public key, required for WireGuard peers.</p>
</blockquote></li>
<li><p><strong><code>shared</code></strong> (scalar) since 0.100</p>
<blockquote>
<p>A base64-encoded pre-shared key. Optional for WireGuard peers. When
the <code>systemd-networkd</code> back end (v242+) is used, this can
also be an absolute path to a file containing the pre-shared key.</p>
</blockquote></li>
</ul></li>
</ul></li>
</ul>
<p>VXLAN specific keys:</p>
<ul>
<li><p><strong><code>id</code></strong> (scalar) since 0.105</p>
<blockquote>
<p>The VXLAN Network Identifier (VNI or VXLAN Segment ID). Takes a
number in the range <code>1..16777215</code>.</p>
</blockquote></li>
<li><p><strong><code>link</code></strong> (scalar) since 0.105</p>
<blockquote>
<p>Netplan ID of the parent device definition to which this VXLAN gets
connected.</p>
</blockquote></li>
<li><p><strong><code>type-of-service</code></strong> (scalar) since
0.105</p>
<blockquote>
<p>The Type Of Service byte value for a VXLAN interface.</p>
</blockquote></li>
<li><p><strong><code>mac-learning</code></strong> (scalar) since
0.105</p>
<blockquote>
<p>Takes a boolean. When <code>true</code>, enables dynamic MAC learning
to discover remote MAC addresses.</p>
</blockquote></li>
<li><p><strong><code>ageing</code></strong>,
<strong><code>aging</code></strong> (scalar) since 0.105</p>
<blockquote>
<p>The lifetime of Forwarding Database entry learned by the kernel, in
seconds.</p>
</blockquote></li>
<li><p><strong><code>limit</code></strong> (scalar) since 0.105</p>
<blockquote>
<p>Configures maximum number of FDB entries.</p>
</blockquote></li>
<li><p><strong><code>arp-proxy</code></strong> (scalar) since
0.105</p>
<blockquote>
<p>Takes a boolean. When <code>true</code>, bridge-connected VXLAN
tunnel endpoint answers ARP requests from the local bridge on behalf of
remote Distributed Overlay Virtual Ethernet (DOVE) clients. Defaults to
<code>false</code>.</p>
</blockquote></li>
<li><p><strong><code>notifications</code></strong> (sequence of scalars)
since 0.105</p>
<blockquote>
<p>Takes the flags <code>l2-miss</code> and <code>l3-miss</code> to
enable netlink LLADDR and/or netlink IP address miss notifications.</p>
</blockquote></li>
<li><p><strong><code>short-circuit</code></strong> (scalar) since
0.105</p>
<blockquote>
<p>Takes a boolean. When <code>true</code>, route short circuiting is
turned on.</p>
</blockquote></li>
<li><p><strong><code>checksums</code></strong> (sequence of scalars)
since 0.105</p>
<blockquote>
<p>Takes the flags <code>udp</code>, <code>zero-udp6-tx</code>,
<code>zero-udp6-rx</code>, <code>remote-tx</code> and
<code>remote-rx</code> to enable transmitting UDP checksums in
VXLAN/IPv4, send/receive zero checksums in VXLAN/IPv6 and enable
sending/receiving checksum offloading in VXLAN.</p>
</blockquote></li>
<li><p><strong><code>extensions</code></strong> (sequence of scalars)
since 0.105</p>
<blockquote>
<p>Takes the flags <code>group-policy</code> and
<code>generic-protocol</code> to enable the “Group Policy” and/or
“Generic Protocol” VXLAN extensions.</p>
</blockquote></li>
<li><p><strong><code>port</code></strong> (scalar) since 0.105</p>
<blockquote>
<p>Configures the default destination UDP port. If the destination port
is not specified then Linux kernel default will be used. Set to
<code>4789</code> to get the IANA assigned value.</p>
</blockquote></li>
<li><p><strong><code>port-range</code></strong> (sequence of scalars)
since 0.105</p>
<blockquote>
<p>Configures the source port range for the VXLAN. The kernel assigns
the source UDP port based on the flow to help the receiver to do load
balancing. When this option is not set, the normal range of local UDP
ports is used. Uses the form <code>[LOWER, UPPER]</code>.</p>
</blockquote></li>
<li><p><strong><code>flow-label</code></strong> (scalar) since
0.105</p>
<blockquote>
<p>Specifies the flow label to use in outgoing packets. The valid range
is <code>0-1048575</code>.</p>
</blockquote></li>
<li><p><strong><code>do-not-fragment</code></strong> (scalar) since
0.105</p>
<blockquote>
<p>Allows setting the IPv4 Do not Fragment (DF) bit in outgoing packets.
Takes a boolean value. When unset, the kernel default will be used.</p>
</blockquote></li>
</ul>
<h2 id="properties-for-device-type-virtual-ethernets">Properties for
device type <code>virtual-ethernets</code></h2>
<p><strong>Status</strong>: Optional.</p>
<p><strong>Purpose</strong>: Use the <code>virtual-ethernets</code> key
to create virtual Ethernet interfaces.</p>
<p><strong>Structure</strong>: The key consists of a mapping of
<code>veth</code> interface names. Each <code>veth</code> requires a
<code>peer</code>. In order to have a fully working <code>veth</code>
pair, both devices must be defined, i.e., only setting the
<code>peer</code> key with the peer name is not enough, the peer
interface must also be defined and set the first one as its peer. The
general configuration structure for virtual Ethernet is shown below.</p>
<div class="sourceCode" id="cb36"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb36-1"><a href="#cb36-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb36-2"><a href="#cb36-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">virtual-ethernets</span><span class="kw">:</span></span>
<span id="cb36-3"><a href="#cb36-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">veth0</span><span class="kw">:</span></span>
<span id="cb36-4"><a href="#cb36-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">peer</span><span class="kw">:</span><span class="at"> veth1</span></span>
<span id="cb36-5"><a href="#cb36-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">veth1</span><span class="kw">:</span></span>
<span id="cb36-6"><a href="#cb36-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">peer</span><span class="kw">:</span><span class="at"> veth0</span></span></code></pre></div>
<p>When applied, two virtual interfaces called <code>veth0</code> and
<code>veth1</code> will be created in the system.</p>
<p>Virtual Ethernet devices act as tunnels forwarding traffic from one
interface to the other. They can be used to connect two separate virtual
networks such as network namespaces and bridges. Its not possible to
move <code>virtual-ethernets</code> to different namespaces through
Netplan at the present moment.</p>
<p>The specific settings for <code>virtual-ethernets</code> are defined
below.</p>
<ul>
<li><p><strong><code>peer</code></strong> (scalar)</p>
<blockquote>
<p>Defines the <code>virtual-ethernet</code> peer. The peer interface
must also be a <code>virtual-ethernet</code> device.</p>
</blockquote></li>
</ul>
<p>Below is a complete example that uses a pair of virtual Ethernet
devices to create a link between two bridges:</p>
<div class="sourceCode" id="cb37"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb37-1"><a href="#cb37-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb37-2"><a href="#cb37-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">version</span><span class="kw">:</span><span class="at"> </span><span class="dv">2</span></span>
<span id="cb37-3"><a href="#cb37-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">renderer</span><span class="kw">:</span><span class="at"> networkd</span></span>
<span id="cb37-4"><a href="#cb37-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">virtual-ethernets</span><span class="kw">:</span></span>
<span id="cb37-5"><a href="#cb37-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">veth0-peer1</span><span class="kw">:</span></span>
<span id="cb37-6"><a href="#cb37-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">peer</span><span class="kw">:</span><span class="at"> veth0-peer2</span></span>
<span id="cb37-7"><a href="#cb37-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">veth0-peer2</span><span class="kw">:</span></span>
<span id="cb37-8"><a href="#cb37-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">peer</span><span class="kw">:</span><span class="at"> veth0-peer1</span></span>
<span id="cb37-9"><a href="#cb37-9" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb37-10"><a href="#cb37-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bridges</span><span class="kw">:</span></span>
<span id="cb37-11"><a href="#cb37-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">br0</span><span class="kw">:</span></span>
<span id="cb37-12"><a href="#cb37-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span></span>
<span id="cb37-13"><a href="#cb37-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> veth0-peer1</span></span>
<span id="cb37-14"><a href="#cb37-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">br1</span><span class="kw">:</span></span>
<span id="cb37-15"><a href="#cb37-15" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span></span>
<span id="cb37-16"><a href="#cb37-16" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> veth0-peer2</span></span></code></pre></div>
<h2 id="properties-for-device-type-vlans">Properties for device type
<code>vlans</code></h2>
<p><strong>Status</strong>: Optional.</p>
<p><strong>Purpose</strong>: Use the <code>vlans</code> key to create
VLAN interfaces.</p>
<p><strong>Structure</strong>: The key consists of a mapping of VLAN
interface names. The interface used in the <code>link</code> option
(<code>enp5s0</code> in the example below) must also be defined in the
Netplan configuration. The general configuration structure for VLANs is
shown below.</p>
<div class="sourceCode" id="cb38"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb38-1"><a href="#cb38-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb38-2"><a href="#cb38-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vlans</span><span class="kw">:</span></span>
<span id="cb38-3"><a href="#cb38-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vlan123</span><span class="kw">:</span></span>
<span id="cb38-4"><a href="#cb38-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">id</span><span class="kw">:</span><span class="at"> </span><span class="dv">123</span></span>
<span id="cb38-5"><a href="#cb38-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">link</span><span class="kw">:</span><span class="at"> enp5s0</span></span>
<span id="cb38-6"><a href="#cb38-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span></code></pre></div>
<p>The specific settings for VLANs are defined below.</p>
<ul>
<li><p><strong><code>id</code></strong> (scalar)</p>
<blockquote>
<p>VLAN ID, a number between <code>0</code> and <code>4094</code>.</p>
</blockquote></li>
<li><p><strong><code>link</code></strong> (scalar)</p>
<blockquote>
<p>Netplan ID of the underlying device definition on which this VLAN
gets created.</p>
</blockquote></li>
</ul>
<p>Example:</p>
<div class="sourceCode" id="cb39"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb39-1"><a href="#cb39-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb39-2"><a href="#cb39-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ethernets</span><span class="kw">:</span></span>
<span id="cb39-3"><a href="#cb39-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">eno1</span><span class="kw">:</span><span class="at"> </span><span class="kw">{</span><span class="at">...</span><span class="kw">}</span></span>
<span id="cb39-4"><a href="#cb39-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vlans</span><span class="kw">:</span></span>
<span id="cb39-5"><a href="#cb39-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">en-intra</span><span class="kw">:</span></span>
<span id="cb39-6"><a href="#cb39-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">id</span><span class="kw">:</span><span class="at"> </span><span class="dv">1</span></span>
<span id="cb39-7"><a href="#cb39-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">link</span><span class="kw">:</span><span class="at"> eno1</span></span>
<span id="cb39-8"><a href="#cb39-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">dhcp4</span><span class="kw">:</span><span class="at"> </span><span class="ch">yes</span></span>
<span id="cb39-9"><a href="#cb39-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">en-vpn</span><span class="kw">:</span></span>
<span id="cb39-10"><a href="#cb39-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">id</span><span class="kw">:</span><span class="at"> </span><span class="dv">2</span></span>
<span id="cb39-11"><a href="#cb39-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">link</span><span class="kw">:</span><span class="at"> eno1</span></span>
<span id="cb39-12"><a href="#cb39-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">addresses</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span></code></pre></div>
<h2 id="properties-for-device-type-vrfs">Properties for device type
<code>vrfs</code></h2>
<p><strong>Status</strong>: Optional.</p>
<p><strong>Purpose</strong>: Use the <code>vrfs</code> key to create
Virtual Routing and Forwarding (VRF) interfaces.</p>
<p><strong>Structure</strong>: The key consists of a mapping of VRF
interface names. The interface used in the <code>link</code> option
(<code>enp5s0</code> in the example below) must also be defined in the
Netplan configuration. The general configuration structure for VRFs is
shown below.</p>
<div class="sourceCode" id="cb40"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb40-1"><a href="#cb40-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb40-2"><a href="#cb40-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">renderer</span><span class="kw">:</span><span class="at"> networkd</span></span>
<span id="cb40-3"><a href="#cb40-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vrfs</span><span class="kw">:</span></span>
<span id="cb40-4"><a href="#cb40-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vrf1</span><span class="kw">:</span></span>
<span id="cb40-5"><a href="#cb40-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">table</span><span class="kw">:</span><span class="at"> </span><span class="dv">1</span></span>
<span id="cb40-6"><a href="#cb40-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span></span>
<span id="cb40-7"><a href="#cb40-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> enp5s0</span></span>
<span id="cb40-8"><a href="#cb40-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">routes</span><span class="kw">:</span></span>
<span id="cb40-9"><a href="#cb40-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">to</span><span class="kw">:</span><span class="at"> default</span></span>
<span id="cb40-10"><a href="#cb40-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">via</span><span class="kw">:</span><span class="at"> </span><span class="fl">10.10.10.4</span></span>
<span id="cb40-11"><a href="#cb40-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">routing-policy</span><span class="kw">:</span></span>
<span id="cb40-12"><a href="#cb40-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">from</span><span class="kw">:</span><span class="at"> </span><span class="fl">10.10.10.42</span></span></code></pre></div>
<ul>
<li><p><strong><code>table</code></strong> (scalar) since 0.105</p>
<blockquote>
<p>The numeric routing table identifier. This setting is compulsory.</p>
</blockquote></li>
<li><p><strong><code>interfaces</code></strong> (sequence of scalars)
since 0.105</p>
<blockquote>
<p>All devices matching this ID list will be added to the VRF. This may
be an empty list, in which case the VRF will be brought online with no
member interfaces.</p>
</blockquote></li>
<li><p><strong><code>routes</code></strong> (sequence of mappings)
since 0.105</p>
<blockquote>
<p>Configure static routing for the device; see the <code>Routing</code>
section. The <code>table</code> value is implicitly set to the VRF
<code>table</code>.</p>
</blockquote></li>
<li><p><strong><code>routing-policy</code></strong> (sequence of
mappings) since 0.105</p>
<blockquote>
<p>Configure policy routing for the device; see the <code>Routing</code>
section. The <code>table</code> value is implicitly set to the VRF
<code>table</code>.</p>
</blockquote></li>
</ul>
<p>Example:</p>
<div class="sourceCode" id="cb41"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb41-1"><a href="#cb41-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb41-2"><a href="#cb41-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vrfs</span><span class="kw">:</span></span>
<span id="cb41-3"><a href="#cb41-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vrf20</span><span class="kw">:</span></span>
<span id="cb41-4"><a href="#cb41-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">table</span><span class="kw">:</span><span class="at"> </span><span class="dv">20</span></span>
<span id="cb41-5"><a href="#cb41-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span><span class="at"> </span><span class="kw">[</span><span class="at"> br0 </span><span class="kw">]</span></span>
<span id="cb41-6"><a href="#cb41-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">routes</span><span class="kw">:</span></span>
<span id="cb41-7"><a href="#cb41-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">to</span><span class="kw">:</span><span class="at"> default</span></span>
<span id="cb41-8"><a href="#cb41-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">via</span><span class="kw">:</span><span class="at"> </span><span class="fl">10.10.10.3</span></span>
<span id="cb41-9"><a href="#cb41-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">routing-policy</span><span class="kw">:</span></span>
<span id="cb41-10"><a href="#cb41-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fu">from</span><span class="kw">:</span><span class="at"> </span><span class="fl">10.10.10.42</span></span>
<span id="cb41-11"><a href="#cb41-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">[</span><span class="at">...</span><span class="kw">]</span></span>
<span id="cb41-12"><a href="#cb41-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">bridges</span><span class="kw">:</span></span>
<span id="cb41-13"><a href="#cb41-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">br0</span><span class="kw">:</span></span>
<span id="cb41-14"><a href="#cb41-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">interfaces</span><span class="kw">:</span><span class="at"> </span><span class="kw">[]</span></span></code></pre></div>
<h2 id="properties-for-device-type-nm-devices">Properties for device
type <code>nm-devices</code></h2>
<p><strong>Status</strong>: Optional. Its use is not recommended.</p>
<p><strong>Purpose</strong>: Use the <code>nm-devices</code> key to
configure device types that are not supported by Netplan. This is
NetworkManager specific configuration.</p>
<p><strong>Structure</strong>: The key consists of a mapping of
NetworkManager connections. The <code>nm-devices</code> device type is
for internal use only and should not be used in normal configuration
files. It enables a fallback mode for unsupported settings, using the
<code>passthrough</code> mapping. The general configuration structure
for NM connections is shown below.</p>
<div class="sourceCode" id="cb42"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb42-1"><a href="#cb42-1" aria-hidden="true" tabindex="-1"></a><span class="fu">network</span><span class="kw">:</span></span>
<span id="cb42-2"><a href="#cb42-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">version</span><span class="kw">:</span><span class="at"> </span><span class="dv">2</span></span>
<span id="cb42-3"><a href="#cb42-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">nm-devices</span><span class="kw">:</span></span>
<span id="cb42-4"><a href="#cb42-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">NM-db5f0f67-1f4c-4d59-8ab8-3d278389cf87</span><span class="kw">:</span></span>
<span id="cb42-5"><a href="#cb42-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">renderer</span><span class="kw">:</span><span class="at"> NetworkManager</span></span>
<span id="cb42-6"><a href="#cb42-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">networkmanager</span><span class="kw">:</span></span>
<span id="cb42-7"><a href="#cb42-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">uuid</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;db5f0f67-1f4c-4d59-8ab8-3d278389cf87&quot;</span></span>
<span id="cb42-8"><a href="#cb42-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;myvpnconnection&quot;</span></span>
<span id="cb42-9"><a href="#cb42-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">passthrough</span><span class="kw">:</span></span>
<span id="cb42-10"><a href="#cb42-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">connection.type</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;vpn&quot;</span></span>
<span id="cb42-11"><a href="#cb42-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vpn.ca</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;path to ca.crt&quot;</span></span>
<span id="cb42-12"><a href="#cb42-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vpn.cert</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;path to client.crt&quot;</span></span>
<span id="cb42-13"><a href="#cb42-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vpn.cipher</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;AES-256-GCM&quot;</span></span>
<span id="cb42-14"><a href="#cb42-14" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vpn.connection-type</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;tls&quot;</span></span>
<span id="cb42-15"><a href="#cb42-15" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vpn.dev</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;tun&quot;</span></span>
<span id="cb42-16"><a href="#cb42-16" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vpn.key</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;path to client.key&quot;</span></span>
<span id="cb42-17"><a href="#cb42-17" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vpn.remote</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;1.2.3.4:1194&quot;</span></span>
<span id="cb42-18"><a href="#cb42-18" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vpn.service-type</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;org.freedesktop.NetworkManager.openvpn&quot;</span></span></code></pre></div>
<h2 id="back-end-specific-configuration-parameters">Back end-specific
configuration parameters</h2>
<p>In addition to the other fields available to configure interfaces,
some back ends may require to record some of their own parameters in
Netplan, especially if the Netplan definitions are generated
automatically by the consumer of that back end. Currently, this is only
used with <code>NetworkManager</code>.</p>
<ul>
<li><p><strong><code>networkmanager</code></strong> (mapping) since
0.99</p>
<blockquote>
<p>Keeps the NetworkManager-specific configuration parameters used by
the daemon to recognise connections.</p>
</blockquote>
<ul>
<li><p><strong><code>name</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Set the display name for the connection.</p>
</blockquote></li>
<li><p><strong><code>uuid</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Defines the UUID (unique identifier) for this connection, as
generated by NetworkManager itself.</p>
</blockquote></li>
<li><p><strong><code>stable-id</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Defines the stable ID (a different form of a connection name) used by
NetworkManager in case the name of the connection might otherwise
change, such as when sharing connections between users.</p>
</blockquote></li>
<li><p><strong><code>device</code></strong> (scalar) since 0.99</p>
<blockquote>
<p>Defines the interface name for which this connection applies.</p>
</blockquote></li>
<li><p><strong><code>passthrough</code></strong> (mapping) since
0.102</p>
<blockquote>
<p>Can be used as a fallback mechanism to missing key-file settings.</p>
</blockquote></li>
</ul></li>
</ul>
<!--- vim: ft=markdown -->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink