Updated connman to version 1.35

Change-Id: I13526fbf80296a79be15548fc226a308941ac9ec
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>

18 files changed, 1236 insertions, 280 deletions

diff --git a/doc/agent-api.txt b/doc/agent-api.txt
index 2ddd19a6..aa7271d4 100755
--- a/doc/agent-api.txt
+++ b/doc/agent-api.txt
@@ -119,7 +119,7 @@ Fields		string Name
 		string PreviousPassphrase
 
 			The previous passphrase successfully saved, i.e.
-			which lead to a successfull connection. This field is
+			which led to a successfull connection. This field is
 			provided as an informational argument when connecting
 			with it does not work anymore, for instance when it
 			has been changed on the AP. Such argument appears when
@@ -166,10 +166,10 @@ Arguments	string Type
 			would be the network name or SSID.
 
 			All "mandatory" fields must be returned, while the
-			"optional" can be returned if available.
+			"optional" ones can be returned if available.
 
 			Nothing needs to be returned for "informational", as it
-			is here only to provide an information so a value is
+			is here only to provide an information. A value is
 			attached to it.
 
 		array{string} Alternates
diff --git a/doc/config-format.txt b/doc/config-format.txt
index b16f4e43..ed3123aa 100755
--- a/doc/config-format.txt
+++ b/doc/config-format.txt
@@ -83,6 +83,16 @@ The following options are valid if Type is "wifi"
   passphrase. The PrivateKeyPassphrase field is ignored when this field is set
   to fsid.
 - Identity: Identity string for EAP.
+- AnonymousIdentity: Anonymous Identity string for EAP.
+- SubjectMatch: Substring to be matched against the subject of the
+  authentication server certificate for EAP.
+- AltSubjectMatch: Semicolon separated string of entries to be matched against
+  the alternative subject name of the authentication server certificate for EAP.
+- DomainSuffixMatch: Constraint for server domain name. If set, this FQDN is
+  used as a suffix match requirement for the authentication server certificate
+  for EAP.
+- DomainMatch: This FQDN is used as a full match requirement for the
+  authentication server certificate for EAP.
 - Phase2: Phase2 (inner authentication with TLS tunnel) authentication method.
   Prefix the value with "EAP-" to indicate the usage of an EAP-based inner
   authentication method (should only be used with EAP = TTLS).
diff --git a/doc/connman-service.config.5.in b/doc/connman-service.config.5.in
new file mode 100644
index 00000000..535c626c
--- /dev/null
+++ b/doc/connman-service.config.5.in
@@ -0,0 +1,197 @@
+.\" connman-service.config(5) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH "service-name.config" "5" "2015-10-15" ""
+.SH NAME
+service-name.config \- ConnMan service provisioning file
+.SH SYNOPSIS
+.B @storagedir@/\fIservice-name\fB.config
+.SH DESCRIPTION
+.P
+\fIConnMan\fP's services are configured with so called
+"\fBprovisioning files\fP" which reside under \fI@storagedir@/\fP.
+The files can be named anything, as long as they end in \fB.config\fP.
+The provisioning files can be used to configure for example secured
+wireless access points which need complex authentication, for example
+eduroam, or for static IPs and so on. Each provisioning file can be
+used for multiple services at once.
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [global]
+This section is optional, and can be used to describe the actual file. The
+two allowed fields for this section are:
+.TP
+.BI Name= name
+Name of the network.
+.TP
+.BI Description= description
+Description of the network.
+.SS [service_*]
+Each provisioned service must start with a [service_*] tag, with * replaced
+by an unique name within the file.
+The allowed fields are:
+.TP
+.B Type=ethernet \fR|\fB wifi
+Mandatory. Other types than ethernet or wifi are not supported.
+.TP
+.BI IPv4=off \ \fR|\  dhcp\ \fR|\  network / netmask / gateway
+IPv4 settings for the service. If set to \fBoff\fP, IPv4 won't be used.
+If set to \fBdhcp\fP, dhcp will be used to obtain the network settings.
+\fInetmask\fP can be specified as length of the mask rather than the
+mask itself. The gateway can be omitted when using a static IP.
+.TP
+.BI IPv6=off \ \fR|\  auto\ \fR|\  network / prefixlength / gateway
+IPv6 settings for the service. If set to \fBoff\fP, IPv6 won't be used.
+If set to \fBauto\fP, settings will be obtained from the network.
+.TP
+.B IPv6.Privacy=disabled \fR|\fB enabled \fR|\fB preferred
+IPv6 privacy settings as per RFC3041.
+.TP
+.BI MAC= address
+MAC address of the interface to be used. If not specified, the first
+found interface is used. Must be in format ab:cd:ef:01:23:45.
+.TP
+.BI Nameservers= servers
+Comma separated list of nameservers.
+.TP
+.BI SearchDomains= domains
+Comma separated list of DNS search domains.
+.TP
+.BI Timeservers= servers
+Comma separated list of timeservers.
+.TP
+.BI Domain= domain
+Domain name to be used.
+.TP
+The following keys can only be used for wireless networks:
+.TP
+.BI Name= name
+A string representation of an network SSID. If the SSID field is
+present, the Name field is ignored. If the SSID field is not present,
+this field is mandatory.
+.TP
+.BI SSID= ssid
+SSID: A hexadecimal representation of an 802.11 SSID. Use this format to
+encode special characters including starting or ending spaces.
+.TP
+.BI Passphrase= passphrase
+RSN/WPA/WPA2 Passphrase.
+.TP
+.BI Security= type
+The security type of the network. Possible values are \fBpsk\fP
+(WPA/WPA2 PSK), \fBieee8021x\fP (WPA EAP), \fBnone\fP and \fBwep\fP.
+When not set, the default value is \fBieee8021x\fP if an EAP type is
+configured, \fBpsk\fP if a passphrase is present and \fBnone\fP otherwise.
+.TP
+.B Hidden=true \fR|\fB false
+If set to \fBtrue\fP, then this AP is hidden. If missing or set to
+\fBfalse\fP, then AP is not hidden.
+.TP
+.B EAP=tls \fR|\fB ttls \fR|\fB peap
+EAP type to use. Only \fBtls\fP, \fBttls\fP and \fBpeap\fP are supported.
+.TP
+.BI CACertFile= file
+Path to the CA certificate file. Only PEM and DER formats are supported.
+.TP
+.BI PrivateKeyFile= file
+Path to the private key file. Only PEM, DER and PFX formats are supported.
+.TP
+.BI PrivateKeyPassphrase= passphrase
+Passphrase of the private key.
+.TP
+.B PrivateKeyPassphraseType=fsid
+If specified, use the private key's fsid as the passphrase, and ignore the
+PrivateKeyPassphrase field.
+.TP
+.BI Identity= identity
+Identity string for EAP.
+.TP
+.BI AnonymousIdentity= identity
+Anonymous identity string for EAP.
+.TP
+.BI Phase2= type
+Inner authentication type with for \fBEAP=tls\fP or \fBEAP=ttls\fP. Prefix
+the value with \fBEAP-\fP to indicate usage of EAP-based authentication
+method (should only be used with \fBEAP=ttls\fP).
+.SH "EXAMPLE"
+.SS Eduroam
+This is a configuration file for eduroam networks. This file could for
+example be @storagedir@/eduroam.config. Your university's exact
+settings might be different.
+.PP
+.nf
+[service_eduroam]
+Type = wifi
+Name = eduroam
+EAP = peap
+Phase2 = MSCHAPV2
+CACertFile = /etc/ssl/certs/UNIV_CA.crt
+.fi
+.SS Complex networking
+This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
+EAP-PEAP services. The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid
+and the file name could be @storagedir@/complex.config.
+.PP
+Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
+746c735f73736964"). If your SSID does not contain any exotic character then
+you should use the Name entry instead (e.g. "Name = tls_ssid").
+.PP
+.nf
+[global]
+Name = Example
+Description = Example network configuration
+
+[service_tls]
+Type = wifi
+SSID = 746c735f73736964
+EAP = tls
+CACertFile = /home/user/.certs/ca.pem
+ClientCertFile = /home/user/devlp/.certs/client.pem
+PrivateKeyFile = /home/user/.certs/client.fsid.pem
+PrivateKeyPassphraseType = fsid
+Identity = user
+
+[service_ttls]
+Type = wifi
+Name = ttls_ssid
+EAP = ttls
+CACertFile = /home/user/.cert/ca.pem
+Phase2 = MSCHAPV2
+Identity = user
+
+[service_peap]
+Type = wifi
+Name = peap_ssid
+EAP = peap
+CACertFile = /home/user/.cert/ca.pem
+Phase2 = MSCHAPV2
+Identity = user
+
+[service_home_ethernet]
+Type = ethernet
+IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
+IPv6 = 2001:db8::42/64/2001:db8::1
+MAC = 01:02:03:04:05:06
+Nameservers = 10.2.3.4,192.168.1.99
+SearchDomains = my.home,isp.net
+Timeservers = 10.172.2.1,ntp.my.isp.net
+Domain = my.home
+
+[service_home_wifi]
+Type = wifi
+Name = my_home_wifi
+Passphrase = password
+IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
+MAC = 06:05:04:03:02:01
+.fi
+.SH "SEE ALSO"
+.BR connman (8)
diff --git a/doc/connman-vpn-provider.config.5.in b/doc/connman-vpn-provider.config.5.in
new file mode 100644
index 00000000..ef704352
--- /dev/null
+++ b/doc/connman-vpn-provider.config.5.in
@@ -0,0 +1,432 @@
+.\" connman-vpn-provider.config(5) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH "connection_name.config" "5" "2015-10-15" ""
+.SH NAME
+connection_name.config \- ConnMan vpn connection provisioning file
+.SH SYNOPSIS
+.B @vpn_storagedir@/\fIconnection-name\fB.config
+.SH DESCRIPTION
+.P
+\fIConnMan\fP's vpn connections are configured with so called
+"\fBprovisioning files\fP" which reside under \fI@vpn_storagedir@/\fP.
+The files can be named anything, as long as they contain only printable
+ascii characers, for example letters, numbers and underscores. The file
+must end with \fB.config\fP. Each VPN connection requires a provisioning
+file, but multiple connections can be specified in the same file.
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [global]
+This section is optional, and can be used to describe the actual file. The
+two allowed fields for this section are:
+.TP
+.BI Name= name
+Name of the network.
+.TP
+.BI Description= description
+Description of the network.
+.SS [provider_*]
+Each provisioned connection must start with a [provider_*] tag,
+with * replaced by an unique name within the file.
+The following fields are mandatory:
+.TP
+.B Type=OpenConnect \fR|\fB OpenVPN \fR|\fB VPNC \fR|\fB L2TP \fR|\fB PPTP
+Specifies the VPN type.
+.TP
+.BI Host= IP
+VPN server IP address.
+.TP
+.BI Domain= domain
+Domain name for the VPN service.
+.TP
+The following field is optional:
+.TP
+.BI Networks= network / netmask / gateway [,...]
+Networks behind the VPN. If all traffic should go through the VPN, this
+field can be left out. The gateway can be left out. For IPv6 addresses,
+only the prefix length is accepted as the netmask.
+.SS OpenConnect
+The following keys can be used for \fBopenconnect\fP(8) networks:
+.TP
+.BI OpenConnect.ServerCert= cert
+SHA1 fingerprint of the VPN server's certificate.
+.TP
+.BI OpenConnect.CACert= cert
+File containing additional CA certificates in addition to the system
+trusted certificate authorities.
+.TP
+.BI OpenConnect.ClientCert= cert
+Client certificate, if needed by web authentication.
+.TP
+.BI OpenConnect.MTU= mtu
+Request \fImtu\fP from the server as the MTU of the tunnel.
+.TP
+.BI OpenConnect.Cookie= cookie
+The resulting cookie of the authentication process. As the cookie lifetime
+can be very limited, it does not usually make sense to add it into the
+configuration file.
+.TP
+.BI OpenConnect.VPNHost= host
+The final VPN server to use after completing the web authentication. Only
+usable for extremely simple VPN configurations and should normally be set
+only via the VPN Agent API.
+.PP
+If \fBOpenConnect.Cookie\fP, \fBOpenConnect.VPNHost\fP or
+\fBOpenConnect.ServerCert\fP are missing, the VPN Agent will be contacted
+to supply the information.
+.SS OpenVPN
+The following keys are mandatory for \fBopenvpn\fP(8) networks:
+.TP
+.BI OpenVPN.CACert= cert
+Certificate authority file.
+.TP
+.BI OpenVPN.Cert= cert
+Local peer's signed certificate.
+.TP
+.BI OpenVPN.Cert= cert
+Local peer's signed certificate.
+.TP
+.BI OpenVPN.Key= key
+Local peer's private key.
+.TP
+The following keys are optional for \fBopenvpn\fP(8) networks:
+.TP
+.BI OpenVPN.MTU= mtu
+MTU of the tunnel.
+.TP
+.B OpenVPN.NSCertType=client \fR|\fB server
+Peer certificate type, either \fBclient\fP or \fBserver\fP.
+.TP
+.BI OpenVPN.Protocol= protocol
+Use \fIprotocol\fP.
+.TP
+.BI OpenVPN.Port= port
+TCP/UDP port number.
+.TP
+.B OpenVPN.AuthUserPass=true \fR|\fB false
+Authenticate on the server using username/password.
+.TP
+.BI OpenVPN.AskPass= file
+Get certificate password from \fIfile\fP.
+.TP
+.B OpenVPN.AuthNoCache=true \fR|\fB false
+Don't cache AskPass or AuthUserPass value.
+.TP
+.BI OpenVPN.TLSRemote= name
+Accept connections only from a host with X509 name or common
+name equal to \fIname\fP.
+.TP
+.BI OpenVPN.TLSAuth= file
+Use \fIfile\fP for HMAC authentication.
+.TP
+.BI OpenVPN.TLSAuthDir= direction
+Use \fIdirection\fP for HMAC authentication direction.
+.TP
+.BI OpenVPN.Cipher= cipher
+Use \fIcipher\fP as the cipher.
+.TP
+.B OpenVPN.Auth=true \fR|\fB false
+Use HMAC authentication.
+.TP
+.B OpenVPN.CompLZO=yes \fR|\fB no \fR|\fB adaptive
+Use fast LZO compression.
+.TP
+.B OpenVPN.RemoteCertTls=client \fR|\fB server
+Require that remote certificate is signed based on RFC3280 TLS rules.
+.TP
+.BI OpenVPN.ConfigFile= file
+OpenVPN config file for extra options not supported by the OpenVPN plugin.
+.TP
+.BI OpenVPN.DeviceType= tun \fR|\fB tap
+Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer 2) device.
+Defaults to tun if omitted.
+.SS VPNC
+The following key is mandatory for \fBvpnc\fP(8) networks:
+.TP
+.BI VPNC.IPSec.ID= id
+Group username.
+.TP
+The following keys are optional for \fBvpnc\fP(8) networks:
+.TP
+.BI VPNC.IPSec.Secret= secret
+Group password.
+.TP
+.BI VPNC.XAuth.Username= username
+Username.
+.TP
+.BI VPNC.XAuth.Password= password
+Password.
+.TP
+.BI VPNC.IKE.Authmode= mode
+IKE authentication mode.
+.TP
+.BI VPNC.IKE.DHGroup= group
+IKE DH group name.
+.TP
+.BI VPNC.PFS= group
+Diffie-Hellman group for perfect forward secrecy.
+.TP
+.BI VPNC.Domain= domain
+Domain name for authentication.
+.TP
+.BI VPNC.Vendor= vendor
+Vendor of the IPSec gateway.
+.TP
+.BI VPNC.LocalPort= port
+Local ISAKMP port number to use.
+.TP
+.BI VPNC.CiscoPort= port
+Cisco UDP Encapsulation Port.
+.TP
+.BI VPNC.AppVersion= version
+Application version to report.
+.TP
+.BI VPNC.NATTMode= mode
+NAT-Traversal Method to use.
+.TP
+.BI VPNC.DPDTimeout= timeout
+DPD idle timeout.
+.TP
+.B VPNC.SingleDES=true \fR|\fB false
+Enable single DES encryption.
+.TP
+.B VPNC.NoEncryption=true \fR|\fB false
+Enable usage of no encryption for data traffic.
+.TP
+.BI VPNC.DeviceType= tun \fR|\fB tap
+Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer 2) device.
+Defaults to tun if omitted.
+.SS L2TP
+The following keys are optional for l2tp (\fBxl2tp.conf\fP(5), \fBpppd\fP(8))
+networks:
+.TP
+.BI L2TP.User= user
+L2TP username.
+.TP
+.BI L2TP.Password= password
+L2TP password.
+.TP
+.BI L2TP.BPS= bps
+Max bandwidth to use.
+.TP
+.BI L2TP.TXBPS= bps
+Max transmit bandwidth to use.
+.TP
+.BI L2TP.RXBPS= bps
+Max receive bandwidth to use.
+.TP
+.B L2TP.LengthBit=yes \fR|\fB no
+Use length bit.
+.TP
+.B L2TP.Challenge=yes \fR|\fB no
+Use challenge authentication.
+.TP
+.BI L2TP.DefaultRoute= route
+Add \fIroute\fP to the routing tables.
+.TP
+.B L2TP.FlowBit=yes \fR|\fB no
+Use seq numbers.
+.TP
+.BI L2TP.TunnelRWS= size
+Window size.
+.TP
+.B L2TP.Exclusive=yes \fR|\fB no
+Use only one control channel.
+.TP
+.B L2TP.Redial=yes \fR|\fB no
+Redial if disconnected.
+.TP
+.BI L2TP.RedialTimeout= timeout
+Redial timeout.
+.TP
+.BI L2TP.MaxRedials= count
+Maximum amount of redial tries.
+.TP
+.B L2TP.RequirePAP=yes \fR|\fB no
+Require PAP.
+.TP
+.B L2TP.RequireCHAP=yes \fR|\fB no
+Require CHAP.
+.TP
+.B L2TP.ReqAuth=yes \fR|\fB no
+Require authentication.
+.TP
+.B L2TP.AccessControl=yes \fR|\fB no
+Use access control.
+.TP
+.BI L2TP.AuthFile= file
+Authentication file location.
+.TP
+.BI L2TP.ListenAddr= address
+Listen address.
+.TP
+.B L2TP.IPSecSaref=yes \fR|\fB no
+Listen address.
+.TP
+.BI L2TP.Port= port
+UDP port used.
+.TP
+.BI PPPD.EchoFailure= count
+Echo failure count.
+.TP
+.BI PPPD.EchoFailure= count
+Dead peer check count.
+.TP
+.BI PPPD.EchoInterval= interval
+Dead peer check interval.
+.TP
+.BI PPPD.Debug= level
+Debug level.
+.TP
+.B PPPD.RefuseEAP=true \fR|\fB false
+Refuse EAP authentication.
+.TP
+.B PPPD.RefusePAP=true \fR|\fB false
+Refuse PAP authentication.
+.TP
+.B PPPD.RefuseCHAP=true \fR|\fB false
+Refuse CHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP=true \fR|\fB false
+Refuse MSCHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP2=true \fR|\fB false
+Refuse MSCHAPv2 authentication.
+.TP
+.B PPPD.NoBSDComp=true \fR|\fB false
+Disable BSD compression.
+.TP
+.B PPPD.NoPcomp=true \fR|\fB false
+Disable protocol compression.
+.TP
+.B PPPD.UseAccomp=true \fR|\fB false
+Disable Access/Control compression.
+.TP
+.B PPPD.NoDeflate=true \fR|\fB false
+Disable deflate compression.
+.TP
+.B PPPD.ReqMPPE=true \fR|\fB false
+Require the use of MPPE.
+.TP
+.B PPPD.ReqMPPE40=true \fR|\fB false
+Require the use of MPPE 40 bit.
+.TP
+.B PPPD.ReqMPPE128=true \fR|\fB false
+Require the use of MPPE 128 bit.
+.TP
+.B PPPD.ReqMPPEStateful=true \fR|\fB false
+Allow MPPE to use stateful mode.
+.TP
+.B PPPD.NoVJ=true \fR|\fB false
+No Van Jacobson compression.
+.SS PPTP
+The following keys are optional for \fBpptp\fP(8) (see also \fBpppd\fP(8))
+networks:
+.TP
+.BI PPTP.User= username
+Username.
+.TP
+.BI PPTP.Password= password
+Password.
+.TP
+.BI PPPD.EchoFailure= count
+Echo failure count.
+.TP
+.BI PPPD.EchoFailure= count
+Dead peer check count.
+.TP
+.BI PPPD.EchoInterval= interval
+Dead peer check interval.
+.TP
+.BI PPPD.Debug= level
+Debug level.
+.TP
+.B PPPD.RefuseEAP=true \fR|\fB false
+Refuse EAP authentication.
+.TP
+.B PPPD.RefusePAP=true \fR|\fB false
+Refuse PAP authentication.
+.TP
+.B PPPD.RefuseCHAP=true \fR|\fB false
+Refuse CHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP=true \fR|\fB false
+Refuse MSCHAP authentication.
+.TP
+.B PPPD.RefuseMSCHAP2=true \fR|\fB false
+Refuse MSCHAPv2 authentication.
+.TP
+.B PPPD.NoBSDComp=true \fR|\fB false
+Disable BSD compression.
+.TP
+.B PPPD.NoPcomp=true \fR|\fB false
+Disable protocol compression.
+.TP
+.B PPPD.UseAccomp=true \fR|\fB false
+Disable Access/Control compression.
+.TP
+.B PPPD.NoDeflate=true \fR|\fB false
+Disable deflate compression.
+.TP
+.B PPPD.ReqMPPE=true \fR|\fB false
+Require the use of MPPE.
+.TP
+.B PPPD.ReqMPPE40=true \fR|\fB false
+Require the use of MPPE 40 bit.
+.TP
+.B PPPD.ReqMPPE128=true \fR|\fB false
+Require the use of MPPE 128 bit.
+.TP
+.B PPPD.ReqMPPEStateful=true \fR|\fB false
+Allow MPPE to use stateful mode.
+.TP
+.B PPPD.NoVJ=true \fR|\fB false
+No Van Jacobson compression.
+
+.SH "EXAMPLE"
+This is a configuration file for a VPN providing L2TP, OpenVPN and
+OpenConnect services. It could, for example, be in the file
+.B @vpn_storagedir@/example.config\fR.
+.PP
+.nf
+[global]
+Name = Example
+Description = Example VPN configuration
+
+[provider_l2tp]
+Type = L2TP
+Name = Connection to corporate network
+Host = 1.2.3.4
+Domain = corporate.com
+Networks = 10.10.30.0/24
+L2TP.User = username
+
+[provider_openconnect]
+Type = OpenConnect
+Name = Connection to corporate network using Cisco VPN
+Host = 7.6.5.4
+Domain = corporate.com
+Networks = 10.10.20.0/255.255.255.0/10.20.1.5,192.168.99.1/24,2001:db8::1/64
+OpenConnect.ServerCert = 263AFAB4CB2E6621D12E90182008AEF44AEFA031
+OpenConnect.CACert = /etc/certs/certificate.p12
+
+[provider_openvpn]
+Type = OpenVPN
+Name = Connection to corporate network using OpenVPN
+Host = 3.2.5.6
+Domain = my.home.network
+OpenVPN.CACert = /etc/certs/cacert.pem
+OpenVPN.Cert = /etc/certs/cert.pem
+OpenVPN.Key = /etc/certs/cert.key
+.fi
+.SH "SEE ALSO"
+.BR connmanctl (1),\  connman (8),\  connman-vpn (8)
diff --git a/doc/connman-vpn.8.in b/doc/connman-vpn.8.in
new file mode 100644
index 00000000..6130b3b8
--- /dev/null
+++ b/doc/connman-vpn.8.in
@@ -0,0 +1,62 @@
+.\" connman-vpn(8) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH CONNMAN-VPN "8" "2015-10-15"
+.SH NAME
+ConnMan-VPN \- VPN management daemon
+.SH SYNOPSIS
+.B connman-vpnd
+.RB [\| \-\-version \||\| \-\-help \|]
+.PP
+.B connman-vpnd
+.RB [\| \-c
+.IR file \|]
+.RB [\| \-d\  [\c
+.IR file [,...]\|]\|]
+.RB [\| \-p
+.IR plugin [,...]\|]
+.RB [\| \-P
+.IR plugin [,...]\|]
+.RB [\| \-n \|]
+.RB [\| \-r \|]
+.SH DESCRIPTION
+The \fIConnMan-VPN\fP provides a daemon for managing vpn connections together
+with \fBconnmand\fP(8). The Connection Manager is designed to be slim and to
+use as few resources as possible. The VPN daemon supports \fBopenconnect\fP(8),
+\fBopenvpn\fP(8), \fBvpnc\fP(8) and L2TP/PPTP (\fBxl2tpd.conf\fP(5),
+\fBpptp\fP(8), \fBpppd\fP(8)).
+.P
+.SH OPTIONS
+The following options are supported:
+.TP
+.BR \-v ", " \-\-version
+Print the ConnMan-VPN software version and exit.
+.TP
+.BR \-h ", " \-\-help
+Print ConnMan-VPN's available options and exit.
+.TP
+.BI \-c\  file\fR,\ \fB\-\-config= \fIfile
+Specify configuration file to set up various settings for ConnMan.  If not
+specified, the default value of \fI@sysconfdir@/connman/connman-vpn.conf\fP
+is used.  See \fBconnman-vpn.conf\fP(5) for more information on
+configuration file. The use of config file is optional and sane default values
+are used if config file is missing.
+.TP
+.BR \-d\  [ \fIfile [,...]],\  \-\-debug [= \fIfile [,...]]
+Sets how much information ConnMan-VPN sends to the log destination (usually
+syslog's "daemon" facility).  If the file options are omitted, then debugging
+information from all the source files are printed. If file options are
+present, then only debug prints from that source file are printed. Example:
+.PP
+           connman-vpnd --debug=vpn/vpn-provider.c,vpn/vpn-config.c
+.TP
+.BR \-n ", " \-\-nodaemon
+Do not daemonize. This is useful for debugging, and directs log output to
+the controlling terminal in addition to syslog.
+.TP
+.BR \-r ", " \-\-routes
+Manage VPN routes instead of telling \fBconnmand\fP(8) to do it.
+.SH SEE ALSO
+.BR connmanctl (1), \ connman-vpn.conf (5), \c
+.BR \ connman-vpn-provider.config (5), \ connmand (8)
diff --git a/doc/connman-vpn.conf.5.in b/doc/connman-vpn.conf.5.in
new file mode 100644
index 00000000..fcc4c692
--- /dev/null
+++ b/doc/connman-vpn.conf.5.in
@@ -0,0 +1,42 @@
+.\" connman-vpn.conf(5) manual page
+.\"
+.\" Copyright (C) 2015 Intel Corporation
+.\"
+.TH "connman-vpn.conf" "5" "2015-10-15" ""
+.SH NAME
+connman-vpn.conf \- ConnMan-VPN configuration file
+.SH SYNOPSIS
+.B @sysconfdir@/connman/connman-vpn.conf
+.SH DESCRIPTION
+.P
+.B connman-vpn.conf
+is a configuration file for ConnMan-VPN. The configuration file is
+optional but it can be used to set up various aspects of ConnMan-VPN's
+behavior. The location of the file may be changed through use of
+the \fB\-\-config= \fRargument for \fBconnman-vpn\fP(8).
+.SH "FILE FORMAT"
+.P
+The configuration file format is key file format.
+It consists of sections (groups) of key-value pairs.
+Lines beginning with a '#' and blank lines are considered comments.
+Sections are started by a header line containing the section enclosed
+in '[' and ']', and ended implicitly by the start of the next section
+or the end of the file. Each key-value pair must be contained in a section.
+.P
+Description of sections and available keys follows:
+.SS [General]
+This section is the only mandatory section of the configuration file.
+.TP
+.BI InputRequestTimeout= secs
+Set input request timeout. Default is 300 seconds. The request for inputs
+like passphrase will timeout after certain amount of time. Use this setting
+to increase the value in case of different user interface designs.
+.SH "EXAMPLE"
+The following example configuration sets InputRequestTimeout to 10 minutes.
+.PP
+.nf
+[General]
+InputRequestTimeout = 600
+.fi
+.SH "SEE ALSO"
+.BR connman (8), \ connman-vpn (8)
diff --git a/doc/connman.8 b/doc/connman.8.in
index 7297cf86..ddfba09b 100755..100644
--- a/doc/connman.8
+++ b/doc/connman.8.in
@@ -1,14 +1,31 @@
 .\" connman(8) manual page
 .\"
-.\" Copyright (C) 2012 Intel Corporation
+.\" Copyright (C) 2012,2015 Intel Corporation
 .\"
-.TH CONNMAN "8" "21 August 2012"
+.TH CONNMAN "8" "2015-10-15"
 .SH NAME
 ConnMan \- network management daemon
 .SH SYNOPSIS
-.B connmand [\-\-version] | [\-\-help]
+.B connmand
+.RB [\| \-\-version \||\| \-\-help \|]
 .PP
-.B connmand [\-\-config=<filename>] [\-\-debug=<file1>:<file2>:...] [\-\-device=<interface1>,<interface2>,...] [\-\-nodevice=<interface1>,<interface2>,..] [\-\-wifi=<driver1>,<driver2>,...] [\-\-plugin=<plugin1>,<plugin2>,...] [\-\-noplugin=<plugin1>,<plugin2>,...] [\-\-nodaemon] [\-\-nodnsproxy]
+.B connmand
+.RB [\| \-c
+.IR file \|]
+.RB [\| \-d\  [\c
+.IR file [,...]\|]\|]
+.RB [\| \-i
+.IR interface [,...]\|]
+.RB [\| \-I
+.IR interface [,...]\|]
+.RB [\| \-W
+.IR driver [,...]\|]
+.RB [\| \-p
+.IR plugin [,...]\|]
+.RB [\| \-P
+.IR plugin [,...]\|]
+.RB [\| \-n \|]
+.RB [\| \-r \|]
 .SH DESCRIPTION
 The \fIConnMan\fP provides a daemon for managing internet connections
 within devices running the Linux operating system. The Connection Manager is
@@ -23,57 +40,61 @@ use cases.
 .SH OPTIONS
 The following options are supported:
 .TP
-.I "\-\-version"
+.BR \-v ", " \-\-version
 Print the ConnMan software version and exit.
 .TP
-.I "\-\-help"
+.BR \-h ", " \-\-help
 Print ConnMan's available options and exit.
 .TP
-.I "\-\-config=<filename>"
+.BI \-c\  file\fR,\ \fB\-\-config= \fIfile
 Specify configuration file to set up various settings for ConnMan.  If not
-specified, the default value of '<SYSCONFDIR>/connman/main.conf'
-is used; where <SYSCONFDIR> is dependent on your distribution (usually
-it's /etc).  See \fBconnman.conf\fP(5) for more information on configuration
-file. The use of config file is optional and sane default values
+specified, the default value of \fI@sysconfdir@/connman/main.conf\fP
+is used.  See \fBconnman.conf\fP(5) for more information on
+configuration file. The use of config file is optional and sane default values
 are used if config file is missing.
 .TP
-.I "\-\-debug=<file1>:<file2>:..."
+.BR \-d\  [ \fIfile [,...]],\  \-\-debug [= \fIfile [,...]]
 Sets how much information ConnMan sends to the log destination (usually
 syslog's "daemon" facility).  If the file options are omitted, then debugging
 information from all the source files are printed. If file options are
-present, then only debug prints from that source file are printed.
-Example: --debug=src/service.c:plugins/wifi.c
+present, then only debug prints from that source file are printed. Example:
+.PP
+           connmand --debug=src/service.c,plugins/wifi.c
 .TP
-.I "\-\-device=<interface1>,<interface2>,..."
+.BR \-i\ \fIinterface \fR[,...],\  \-\-device= \fIinterface \fR[,...]
 Only manage these network interfaces. By default all network interfaces
 are managed.
 .TP
-.I "\-\-nodevice=<interface1>,<interface2>,..."
+.BR \-I\ \fIinterface \fR[,...],\  \-\-nodevice= \fIinterface \fR[,...]
 Never manage these network interfaces.
 .TP
-.I "\-\-plugin=<plugin1>,<plugin2>,..."
+.BI \-p\  plugin \fR[,...],\ \fB\-\-plugin= plugin \fR[,...]
 Load these plugins only. The option can be a pattern containing
 "*" and "?" characters.
 .TP
-.I "\-\-noplugin=<plugin1>,<plugin2>,..."
+.BI \-P\  plugin \fR[,...],\ \fB\-\-noplugin= plugin \fR[,...]
 Never load these plugins. The option can be a pattern containing
 "*" and "?" characters.
 .TP
-.I "\-\-wifi=<driver1>,<driver2>,..."
-Wifi driver that WiFi/Supplicant should use. If omitted, then the value
-of "nl80211,wext" is used by default.
+.BI \-W\  driver \fR[,...],\ \fB\-\-wifi= driver \fR[,...]
+Wifi driver that WiFi/Supplicant should use. If this flag is omitted,
+then the value "nl80211,wext" is used by default.
+.TP
+.BR \-n ", " \-\-nobacktrace
+Don't print out backtrace information.
 .TP
-.I "\-\-nodaemon"
+.BR \-n ", " \-\-nodaemon
 Do not daemonize. This is useful for debugging, and directs log output to
 the controlling terminal in addition to syslog.
 .TP
-.I "\-\-nodnsproxy"
+.BR \-r ", " \-\-nodnsproxy
 Do not act as a DNS proxy. By default ConnMan will direct all DNS traffic
 to itself by setting nameserver to 127.0.0.1 in \fBresolv.conf\fP(5) file.
 If this is not desired and you want that all programs call directly some
-DNS server, then you can use the --nodnsproxy option.
+DNS server, then you can use the \fB--nodnsproxy\fP option.
 If this option is used, then ConnMan is not able to cache the DNS queries
 because the DNS traffic is not going through ConnMan and that can cause
 some extra network traffic.
 .SH SEE ALSO
-.BR connman.conf (5).
+.BR connmanctl (1), \ connman.conf (5), \ connman-service.config (5), \c
+.BR \ connman-vpn (8)
diff --git a/doc/connman.conf.5 b/doc/connman.conf.5.in
index c1ca75cc..fdc8e9ec 100755..100644
--- a/doc/connman.conf.5
+++ b/doc/connman.conf.5.in
@@ -1,25 +1,19 @@
 .\" connman.conf(5) manual page
 .\"
-.\" Copyright (C) 2012 Intel Corporation
+.\" Copyright (C) 2012,2015 Intel Corporation
 .\"
-.TH "connman.conf" "5" "21 August 2012" ""
+.TH "connman.conf" "5" "2015-10-15" ""
 .SH NAME
 main.conf \- ConnMan configuration file
 .SH SYNOPSIS
-/etc/connman/main.conf
-.br
-or
-.br
-\fI<SYSCONFDIR>\fP/connman/main.conf
-.br
-where <SYSCONFDIR> depends on your distribution or build.
+.B @sysconfdir@/connman/main.conf
 .SH DESCRIPTION
 .P
-.I main.conf
+.B main.conf
 is a configuration file for ConnMan. The configuration file is
 optional but it can be used to set up various aspects of ConnMan's
 behavior. The location of the file may be changed through use of
-the "\-\-config=" argument for \fBconnman\fP (8).
+the \fB\-\-config= \fRargument for \fBconnman\fP(8).
 .SH "FILE FORMAT"
 .P
 The configuration file format is key file format.
@@ -33,47 +27,53 @@ Description of sections and available keys follows:
 .SS [General]
 This section is the only mandatory section of the configuration file.
 .TP
-.B InputRequestTimeout=\fPsecs\fP
+.BI InputRequestTimeout= secs
 Set input request timeout. Default is 120 seconds
 The request for inputs like passphrase will timeout
 after certain amount of time. Use this setting to
 increase the value in case of different user
 interface designs.
 .TP
-.B BrowserLaunchTimeout=\fPsecs\fP
+.BI BrowserLaunchTimeout= secs
 Set browser launch timeout. Default is 300 seconds
 The request for launching a browser for portal pages
 will timeout after certain amount of time. Use this
 setting to increase the value in case of different
 user interface designs.
 .TP
-.B BackgroundScanning=\fPtrue|false\fP
+.BI BackgroundScanning=true\ \fR|\fB\ false
 Enable background scanning. Default is true.
 Background scanning will start every 5 minutes unless
 the scan list is empty. In that case, a simple backoff
 mechanism starting from 10s up to 5 minutes will run.
 .TP
-.B FallbackTimeservers=\fPserver1,server2,...\fP
+.BI FallbackTimeservers= server\fR[,...]
 List of Fallback timeservers separated by ",".
 These timeservers are used for NTP sync when there are
 no timeserver set by the user or by the service.
 These can contain mixed combination of fully qualified
 domain names, IPv4 and IPv6 addresses.
 .TP
-.B FallbackNameservers=\fPserver1,server2,...\fP
+.BI FallbackNameservers= server\fR[,...]
 List of fallback nameservers separated by "," appended
 to the list of nameservers given by the service. The
 nameserver entries must be in numeric format, host
 names are ignored.
 .TP
-.B DefaultAutoConnectTechnologies=\fPtechnology1,technology2,...\fP
+.BI DefaultAutoConnectTechnologies= technology\fR[,...]
 List of technologies that are marked autoconnectable
 by default, separated by commas ",". The default value
 for this entry when empty is ethernet,wifi,cellular.
 Services that are automatically connected must have been
 set up and saved to storage beforehand.
 .TP
-.B PreferredTechnologies=\fPtechnology1,technology2,...\fP
+.BI AlwaysConnectedTechnologies= technology\fR[,...]
+List of technoolgies which are always connected regardless
+of PreferredTechnologies setting (AutoConnect = true). The
+default value is empty and this feature is disabled unless
+explicitely enabled in the config file.
+.TP
+.BI PreferredTechnologies= technology\fR[,...]
 List of preferred technologies from the most preferred
 one to the least preferred one separated by commas ",".
 Services of the listed technology type will be tried one
@@ -86,19 +86,19 @@ of a preferred technology type in state 'online' will get
 the default route when compared to either a non-preferred
 type or a preferred type further down in the list.
 .TP
-.B NetworkInterfaceBlacklist=\fPinterface1,interface2,...\fP
+.BI NetworkInterfaceBlacklist= interface\fR[,...]
 List of blacklisted network interfaces separated by ",".
 Found interfaces will be compared to the list and will
 not be handled by connman, if their first characters
 match any of the list entries. Default value is
 vmnet,vboxnet,virbr,ifb.
 .TP
-.B AllowHostnameUpdates=\fPtrue|false\fP
+.BI AllowHostnameUpdates=true\ \fR|\fB\ false
 Allow connman to change the system hostname. This can
 happen for example if we receive DHCP hostname option.
 Default value is true.
 .TP
-.B SingleConnectedTechnology=\fPtrue|false\fP
+.BI SingleConnectedTechnology=true\ \fR|\fB\ false
 Keep only a single connected technology at any time. When a new
 service is connected by the user or a better one is found according
 to PreferredTechnologies, the new service is kept connected and all
@@ -110,7 +110,7 @@ user will be used until going out of network coverage. With this
 setting enabled applications will notice more network breaks than
 normal. Default value is false.
 .TP
-.B TetheringTechnologies=\fPtechnology1,technology2,...\fP
+.BI TetheringTechnologies= technology\fR[,...]
 List of technologies that are allowed to enable tethering separated by ",".
 The default value is wifi,bluetooth,gadget. Only those technologies listed
 here are used for tethering. If one wants to tether ethernet,
@@ -122,14 +122,37 @@ normal operation of these networks. Due to this ethernet is not
 tethered by default. Do not activate ethernet tethering unless you
 really know what you are doing.
 .TP
-.B PersistentTetheringMode=\fPtrue|false\fP
+.BI PersistentTetheringMode=true\ \fR|\fB\ false
 Restore earlier tethering status when returning from offline mode,
 re-enabling a technology, and after restarts and reboots.
 Default value is false.
 .TP
-.B Enable6to4=\fPtrue|false\fP
+.BI Enable6to4=true\ \fR|\fB\ false
 Automatically enable Anycast 6to4 if possible. This is not recommended, as the
 use of 6to4 will generally lead to a severe degradation of connection quality.
 See RFC6343.  Default value is false (as recommended by RFC6343 section 4.1).
+.TP
+.BI VendorClassID= string
+Set DHCP option 60 (Vendor Class ID) to the given string. This option can
+be used by DHCP servers to identify specific clients without having to
+rely on MAC address ranges, etc
+.TP
+.BI EnableOnlineCheck=true\ \fR|\fB\ false
+Enable or disable use of HTTP GET as on online status check.
+When a service is in a READY state, and is selected as default,
+ConnMan will issue an HTTP GET request to verify that end-to-end
+connectivity is successful. Only then the service will be
+transitioned to ONLINE state.
+If this setting is false, the default service will remain in READY state.
+Default value is true.
+.SH "EXAMPLE"
+The following example configuration disables hostname updates and enables
+ethernet tethering.
+.PP
+.nf
+[General]
+AllowHostnameUpdates = false
+TetheringTechnologies = ethernet,wifi,bluetooth,gadget
+.fi
 .SH "SEE ALSO"
-.BR Connman (8)
+.BR connman (8)
diff --git a/doc/connmanctl.1 b/doc/connmanctl.1
deleted file mode 100644
index b71c6e62..00000000
--- a/doc/connmanctl.1
+++ /dev/null
@@ -1,190 +0,0 @@
-.TH connmanctl 1 07/31/2012 "" "User Commands for Connman CLI"
-.SH
-NAME
-connmanctl \- Connman CLI
-.SH
-SYNOPSIS
-.BR connmanctl " ["
-.BR enable " <technology> | "
-.BR offlinemode "] ["
-.BR disable " <technology> | "
-.BR offlinemode "] ["
-.BR technologies "] ["
-.BR state "] ["
-.BR services " [\-\-properties <service>]] ["
-.BR scan " <technology>] ["
-.BR connect " <service>] ["
-.BR config " <service> \-\-<option> ARGS...] ["
-.BR help " | \-\-help]"
-.PP
-.SH
-DESCRIPTION
-Connmanctl is a Connman command line interface which can be run in two modes:
-a plain synchronous command input, and an asynchronous interactive shell.
-To run a specific command the user may enter connmanctl <command> [options]
-[args], or enter connmanctl; in this case, the program will drop into the
-interactive shell.
-.PP
-Connmantl can handle most simple network connections. It is able to enable/
-disable any technology that exists on the system, display a list of
-services available, connect to/disconnect from any unsecured networks,
-show properties of the system, the technologies, and any individual
-service, and configure all of the properties. It is also able to monitor
-changes in the properties of the services, technologies, and the system.
-.PP
-In the interactive shell, all of the same commands can be used. It
-provides quicker usage when needing to use connmanctl more extensively.
-.SH
-COMMANDS AND OPTIONS
-.TP
-.BR "help | \-\-help | " "(no arguments)"
-Shows the abbreviated help menu in the terminal.
-.PP
-.TP
-.BR enable " <technology>"
-Enables the given technology type (e.g. ethernet, wifi, 3g, etc.)
-Turns power on to the technology, but doesn't connect unless
-there is a service with autoconnect set to True.
-.PP
-.TP
-.BR disable " <technology>"
-Disables the given technology type. Turns power off to the
-technology and disconnects if it is already connected.
-.PP
-.TP
-.B enable offlinemode
-Enables offline mode. Disconnects and powers down all
-technologies system-wide, however each technology can be powered
-back on individually.
-.PP
-.TP
-.B disable offlinemode
-Disables offline mode. Technologies are powered back on according
-to their individual policies.
-.PP
-.TP
-.B technologies
-Shows a list of all technology types existing on the system and
-their properties. See the properties section of the Technology
-API for explanations of each property.
-.PP
-.TP
-.B state
-Shows the system properties. Includes ths online state of the
-system, offline mode, and session mode.
-.PP
-.TP
-.BR scan " <technology>"
-Scans for new services on the given technology.
-.PP
-.TP
-.B services
-Shows a list of all available service names. This includes the
-names of wifi networks, the wired ethernet connection, names of
-bluetooth devices, etc. These are the names used when a
-<service> command is called for. The service name
-(e.g. Joes-wifi), the service path (e.g.
-wifi_6834534139723_managed_none), or the full service path (e.g.
-/net/connman/Service/wifi_5467631...) are all accepted as valid
-input. An asterisk in front of the service indicates that the
-service is favorited, and a "C" indicates a service that is
-already connected.
-.PP
-.TP
-.BR "services \-\-properties" " <service>"
-Shows a list of all properties for that service. See the
-properties section of the Service API for explanations of each
-property.
-.PP
-.TP
-.BR connect " <service>"
-Connects to the given service if it is unsecured.
-.PP
-.TP
-.BR disconnect " <service>"
-Disconnects from the given service.
-.PP
-.TP
-.BR config " <service> " \-\-<option>
-Configures a writable property of the given service to the
-value(s) entered after --<option>.
-.PP
-.TP
-.BR monitor " [\-\-<option>]"
-Listens for and displays DBus signals sent by Connman. The option indicates
-which signals you want to subscribe to. If no option is entered, it displays
-all signals from all interfaces.
-.PP
-.SS
-Config Options:
-.PP
-.TP
-.B \-\-autoconnect=y/n
-Sets the autoconnect property of the service.
-.PP
-.TP
-.B \-\-ipv4
-Configures the IPv4 settings for the service. Enter the settings
-in the order "Method", "Address", "Netmask", then "Gateway"
-after the argument. See the properties section of the Service
-API for more information on these settings and the values
-accepted for them. It also displays a list of changes to both the
-IPv4 settings, and incidental changes to other values related to
-it.
-.PP
-.TP
-.B \-\-ipv6
-Configures the IPv6 settings for the service. Enter the settings
-in the order "Method", "Address", "PrefixLength", "Gateway", then
-"Privacy". See the properties section of the Service API for more
-information on these settings and the values accepted for them.
-It also displays a list of entered changes to the IPv6 settings,
-and incidental changes to other values related to it.
-.PP
-.TP
-.B \-\-nameservers
-Adds to the list of manually configured domain name servers.
-Enter the name servers after the argument separated by spaces.
-.PP
-.TP
-.B \-\-timeservers
-Adds to the list of manually configured time servers. Enter the
-time servers after the argument separated by spaces.
-.PP
-.TP
-.B \-\-domains
-Adds to the list of manually configured search domains. Enter
-the domains after the argument, separated by spaces.
-.PP
-.TP
-.B \-\-proxy
-Configures the IPv6 settings for the service. Enter the settings in the
-order "Method", "URL". If the Method is set to "direct", no other arguments
-are taken. If the Method is set to "auto", the URL is optional. To set the
-Servers and Excludes manually, enter "manual" followed by "servers" with a
-list of servers separated by spaces. Then, optionally, the word "excludes"
-followed by a list of excludes separated by spaces. e.g. "./connmanctl config
-joes-wifi \-\-proxy manual servers serv1 serv2 serv3 excludes excl1 excl2"
-.PP
-.SS
-Monitor Options:
-.PP
-.TP
-.B \-\-services
-Listens for and displays the PropertyChanged signal from the Service interface.
-Also displays the service name (e.g. Joes-wifi) that the property is part of.
-More information, including a list of possible properties can be found in the
-Service API.
-.PP
-.TP
-.B \-\-tech
-Listens for and displays the PropertyChanged signal from the Technology
-interface. More information, including a list of possible properties can be
-found in the Technology API.
-.PP
-.TP
-.B \-\-manager
-Listens for and displays the PropertyChanged, ServicesChanged, TechnologyAdded,
-and TechnologyRemoved signals from the Manager interface. More information on
-these signals and a list of possible properties can be found in the Manager API.
-.PP
diff --git a/doc/connmanctl.1.in b/doc/connmanctl.1.in
new file mode 100644
index 00000000..0f891bd0
--- /dev/null
+++ b/doc/connmanctl.1.in
@@ -0,0 +1,282 @@
+.TH connmanctl 1 "2015-10-15" ""
+.SH
+NAME
+connmanctl \- Connman CLI
+.SH
+SYNOPSIS
+.BR connmanctl \ [\|\c
+.BI state\fR\ |
+.BI technologies\fR\ |
+.BI enable \ technology\fR|offline\ |
+.BI disable \ technology\fR|offline\ |
+.BI tether \ technology\ \fRon|off\ |
+.BI tether\fR\ wifi\ on|off\  ssid\ passphrase\fR\ |
+.BR services \ [\fIservice\fR]\ |
+.BI peers \ peer\fR\ |
+.BI scan \ technology\fR\ |
+.RI \fBconnect \ service | peer \ |
+.RI \fBdisconnect \ service | peer \ |
+.B config \ \fIservice\ option\ arg\fR...\ |
+.BR vpnconnections \ [\fIconnection\fR]\ |
+.BI help \fR\|]
+.PP
+.SH
+DESCRIPTION
+Connmanctl is a Connman command line interface which can be run in two modes:
+a plain synchronous command input, and an asynchronous interactive shell.
+To run a specific command the user may enter
+.RI \fBconnmanctl\  command\  [ options ] \fR
+or just \fBconnmanctl\fR, in the latter case an interactive shell will start.
+.PP
+Connmanctl can handle most network connections. It can be used to
+enable/disable any technology that exists on the system, display a list of
+services available, connect/disconnect networks, show properties of the system,
+the technologies, and any individual service, and configure all of the
+properties. It is also able to monitor changes in the properties of the
+services, technologies, and the system.
+.PP
+In the interactive shell, all of the same commands can be used. It
+provides quicker usage when needing to use connmanctl more extensively. In
+addition, connecting to protected wireless access points for the first time
+requires interactive shell.
+.SH
+COMMANDS AND OPTIONS
+.TP
+.B help
+Shows the abbreviated help menu in the terminal.
+.PP
+.TP
+.B state
+Shows the system properties. Includes ths online state of the
+system, offline mode, and session mode.
+.PP
+.TP
+.B technologies
+Shows a list of all technology types existing on the system and
+their properties. See the properties section of the Technology
+API for explanations of each property.
+.PP
+.TP
+.BI enable \ technology
+Enables the given technology type (e.g. ethernet, wifi, 3g, etc.)
+Turns power on to the technology, but doesn't connect unless
+there is a service with autoconnect set to True.
+.PP
+.TP
+.BI disable \ technology
+Disables the given technology type. Turns power off to the
+technology and disconnects if it is already connected.
+.PP
+.TP
+.B enable offline
+Enables offline mode. Disconnects and powers down all
+technologies system-wide, however each technology can be powered
+back on individually.
+.PP
+.TP
+.B disable offline
+Disables offline mode. Technologies are powered back on according
+to their individual policies.
+.PP
+.TP
+.BI tether \ technology \ on \ \fR|\  off
+Enable or disable tethering on \fItechnology\fR. Ethernet cannot be tethered
+by default since tethering it usually breaks local networks. See
+.BR connman.conf (5)
+for enabling.
+.PP
+.TP
+.BR tether\ wifi\ on \ |\  off \ \fIssid\ passphrase
+Enable or disable wireless tethering, as well set the SSID and passphrase.
+.PP
+.TP
+.B services
+Shows a list of all available services. This includes the
+nearby wifi networks, the wired ethernet connections, bluetooth devices, etc.
+An asterisk in front of the service indicates that the service
+has been connected before.
+.PP
+.TP
+.BI services \ service
+Shows a list of all properties for that service.
+Only the service path (e.g. wifi_6834534139723_managed_none)
+is accepted as a parameter.
+.PP
+.TP
+.BI scan \ technology
+Scans for new services on the given technology.
+.PP
+.TP
+.BI connect \ service
+Connects to the given service. Some services need a so-called
+\fBprovisioning file\fR in order to connect to them, see
+\fBconnman-service.config\fR(5).
+.PP
+.TP
+.BI disconnect \ service
+Disconnects from the given service.
+.PP
+.TP
+.BI move-before \ service\ target-service
+Prefer connecting to \fIservice\fR over \fItarget-service\fR.
+.PP
+.TP
+.BI move-after \ service\ target-service
+Prefer connecting to \fItarget-service\fR over \fIservice\fR.
+.PP
+.TP
+.BI config \ service\ option\ arg\fR...
+Configures a writable property of the given service to the value(s) entered
+after \fIoption\fR. See the \fBConfig Options\fR subsection for details.
+.PP
+.TP
+.BI monitor \ target
+Listens for and displays DBus signals sent by Connman. If a currently monitored
+property changes, the changes will be shown. If no \fItarget\fR is specified,
+all changes will be shown. See the \fBMonitor Options\fR subsection for a
+summary of parameters.
+.PP
+.TP
+.BI vpnconnections
+Shows a list of all available vpn connections.
+.PP
+.TP
+.BI vpnconnections \ connection
+Shows the current properties of \fIconnection\fR.
+.PP
+.SS
+Commands only available in interactive mode:
+.PP
+.TP
+.BR agent\ on \ |\  off
+Enable or disable the wireless agent, used for entering wireless
+network passphrases. See the \fBEXAMPLE\fR section of this man page for
+an example of connecting to a wireless access point.
+.PP
+.TP
+.BR vpnagent\ on \ |\  off
+Enable or disable the vpn agent, used for entering vpn credentials.
+.SS
+Config Options:
+.PP
+.TP
+.BR \fBautoconnect\ on \ |\  off
+Sets the autoconnect property of the service.
+.PP
+.TP
+.BR ipv4\ off \ |\  dhcp \ |\  manual\ \fIaddress\ netmask\ gateway
+Configures the IPv4 settings for the service. The argument
+\fBoff\fR means that IPv4 won't be used, \fBdhcp\fR means that
+dhcp will be used to get the settings and \fBmanual\fR means
+that the given arguments will be used as IPv4 settings.
+.IR address ,\  netmask " and " gateway
+must be valid IPv4 addresses. See the \fBEXAMPLE\fR section
+of this man page for details.
+.PP
+.TP
+.BR ipv6\ off \ |\  auto \ |\  manual\ \fIaddress\ prefixlength\ gateway
+Configures the IPv6 settings for the service. The argument
+\fBoff\fR means that IPv6 won't be used, \fBauto\fR means that
+settings will be asked from the network and \fBmanual\fR means
+that the given arguments will be used as IPv6 settings.
+.IR address " and " gateway
+must be valid IPv4 addresses. \fIprefixlength\fR is the length
+of the prefix in bits. See the \fBEXAMPLE\fR section of this man
+page for details.
+.PP
+.TP
+.BI nameservers\  dns\fR\ [...]
+Set the list of nameservers, separated by spaces.
+.PP
+.TP
+.BI timeservers\  server\fR\ [...]
+Set the list of timeservers, separated by spaces.
+.PP
+.TP
+.BI domains\  domain\fR\ [...]
+Set the list of search domains, separated by spaces.
+.PP
+.TP
+.BR proxy\ direct \ |\  auto\fI\ URL \ |\  manual\ \fIserver [...]\ [--excludes\  \fIserver [...]]
+Configures the proxy settings for the service. \fBdirect\fR means that no
+proxy will be used. If using \fBauto\fR without a parameter, the network
+will be asked for the proxy settings. Otherwise, use \fIURL\fR as an
+proxy autoconfiguration URL. When set to \fBmanual\fR, the first list of servers
+is used as proxy servers, and the traffic to the second list of servers are
+excluded from the proxy. The list of excluded servers is optional. See the
+\fBEXAMPLE\fR section of this man page for details.
+.PP
+.SS
+Monitor Options:
+.PP
+.TP
+.BR services\  [ off ]
+Listens for changes to services, for example a service getting an IP address.
+.PP
+.TP
+.BR tech\  [ off ]
+Listens for changes to technologies, for example a technology getting enabled.
+.PP
+.TP
+.BR manager\  [ off ]
+Listens for the changes to global properties, available technologies,
+services, and peers.
+.PP
+.TP
+.BR vpnmanager\  [ off ]
+Listens for added or removed vpn connections.
+.PP
+.TP
+.BR vpnconnection\  [ off ]
+Listens for the changes to vpn connections, for example connecting to a VPN.
+.PP
+.SH
+EXAMPLE
+Listing available technologies:
+.PP
+      $ connmanctl technologies
+.PP
+Listing available services:
+.PP
+      $ connmanctl services
+.PP
+Scanning for wireless networks:
+.PP
+      $ connmanctl scan wifi
+.PP
+Using the interactive mode to access a wireless access point:
+.PP
+      $ connmanctl
+      connmanctl> agent on
+      Agent registered
+      connmanctl> connect wifi_100ba9d170fc_666f6f626172_managed_psk
+      Agent RequestInput wifi_100ba9d170fc_666f6f626172_managed_psk
+        Passphrase = [ Type=psk, Requirement=mandatory ]
+      Passphrase? password
+      Connected wifi_100ba9d170fc_666f6f626172_managed_psk
+      connmanctl>
+.PP
+Configuring a static IP from the command line:
+.PP
+      $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk ipv4 manual 192.168.1.101 255.255.255.0 192.168.1.1
+.PP
+Changing the IP back to dhcp:
+.PP
+      $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk ipv4 dhcp
+.PP
+Setting a proxy server:
+.PP
+      $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk proxy manual proxy.example.com
+.PP
+Setting multiple proxy servers:
+.PP
+      $ connmanctl config wifi_100ba9d170fc_666f6f626172_managed_psk proxy manual proxy.example.com http://httpproxy.example.com --excludes internal.example.com
+.PP
+Tethering a wireless connection (ssid "SSID", passphrase "password"):
+.PP
+      $ connmanctl tether wifi on SSID password
+.PP
+.SH
+SEE ALSO
+.BR connman.conf (5), \ connman-service.config (5), \c
+.BR \ connman-vpn-provider.config (5), \ connman (8), \ connman-vpn (8)
diff --git a/doc/overview-api.txt b/doc/overview-api.txt
index f1268878..fd51d706 100755
--- a/doc/overview-api.txt
+++ b/doc/overview-api.txt
@@ -265,8 +265,8 @@ the "idle" state since the service is not connected.
 
 		+---------------+
 		| idle          |<-------------------------------+
-		+---------------+                                |
-		      |                                          |
+		+---------------+                 A              |
+		      |               clear error |              |
 		      |                      +-------------+     |
 		      +----------------------| failure     |     |
 		      | service.Connect()    +-------------+     |
@@ -302,7 +302,7 @@ the "idle" state since the service is not connected.
 		      |                                          |
 		      +------------------------------------------+
 
-The different states should no be used by the user interface to trigger
+The different states should not be used by the user interface to trigger
 advanced actions. The state transitions are provided for the sole purpose
 to give the user feedback on what is currently going on. Especially in
 cases where networks are flaky or DHCP servers take a long time these
diff --git a/doc/plugin-api.txt b/doc/plugin-api.txt
index 616938b8..ea5ec0a1 100755
--- a/doc/plugin-api.txt
+++ b/doc/plugin-api.txt
@@ -37,7 +37,7 @@ Technology infrastructure
 
 A Technology in ConnMan is an abstract representation of the different
 kinds of technologies it supports such as WiFi, Ethernet, Bluetooth and
-Celullar. The technologies support are added to ConnMan through plugins, such
+Celullar. The technologies supported are added to ConnMan through plugins, such
 as plugins/bluetooth.c for the Bluetooth Technology or plugins/wifi.c for the
 WiFi Technology. Each new technology plugin needs to register itself as a
 Technology with ConnMan. As an example we will take a look at the Bluetooth
@@ -65,7 +65,7 @@ plugin initialization function, bluetooth_init() in this example:
 
 	connman_technology_driver_register(&tech_driver);
 
-In this document the error check is supressed for the sake of simplicity.
+In this document the error check is suppressed for the sake of simplicity.
 All plugins should check return values in driver registration functions.
 
 After this call ConnMan becomes aware of the new Technology plugin and will
@@ -74,7 +74,7 @@ the Bluetooth plugin for example probe() would be called when a Bluetooth
 adapter is recognized. A Technology is only probed if there exists at least
 one device of such technology plugged into the system.
 
-Complementary, the technology must be unregistered on the plugin exit function
+Complementary, the technology must be unregistered by the plugin exit function
 through 'connman_technology_driver_unregister()'.
 
 Device infrastructure
@@ -101,7 +101,7 @@ And to register the driver:
 'connman_device_driver_register()' is called during the plugin initialization
 process, not necessarily at the plugin init function.
 
-In this document the error check is supressed for the sake of simplicity.
+In this document the error check is suppressed for the sake of simplicity.
 All plugins should check return values in driver registration functions.
 
 Additionally code to handle the detection of new devices needs to be written
@@ -130,7 +130,7 @@ its API documentation.
 Network infrastructure
 ======================
 
-The Connection Manager provides a mean to plugins handle the specifics of
+The Connection Manager provides a means to plugins to handle the specifics of
 establishing/handling a connection for each type of Technology. For the
 bluetooth plugin a connman_network_driver needs to be registered:
 
@@ -147,12 +147,12 @@ And then call the register function:
 
 	connman_network_driver_register(&network_driver);
 
-In this document the error check is supressed for the sake of simplicity.
+In this document the error check is suppressed for the sake of simplicity.
 All plugins should check return values in driver registration functions.
 
 The next step would be the probe of a Network entity, for the bluetooth
 plugin this would happen when a new device that supports the PAN NAP role is
-paired with the system. ConnMan then call connman_device_add_network() to
+paired with the system. ConnMan then calls connman_device_add_network() to
 associate the new Network with the existing Device entity (the local Bluetooth
 Adapter).
 
diff --git a/doc/service-api.txt b/doc/service-api.txt
index 7d9889e6..4fe4093a 100755
--- a/doc/service-api.txt
+++ b/doc/service-api.txt
@@ -30,13 +30,12 @@ Methods		dict GetProperties()  [deprecated]
 
 		void ClearProperty(string name)
 
-			Clears the value of the specified property.
+			Clears the value of the specified property. Only
+			the readonly Error property can be cleared using
+			this method call. When cleared the service is reset
+			to the idle state.
 
-			Properties cannot be cleared for hidden WiFi service
-			entries or provisioned services.
-
-			Possible Errors: [service].Error.InvalidArguments
-					 [service].Error.InvalidProperty
+			Possible Errors: [service].Error.InvalidProperty
 
 		void Connect()
 
@@ -92,8 +91,9 @@ Methods		dict GetProperties()  [deprecated]
 			to false, but that is currently not supported.
 
 			In the case a connection attempt failed and the
-			service is in the State=failure, this method can
-			also be used to reset the service.
+			service is in the state "failure", "idle" or
+			"disconnect", this method can also be used
+			to reset the service.
 
 			Calling this method on Ethernet devices, hidden WiFi
 			services or provisioned services will cause an error
@@ -248,9 +248,9 @@ Properties	string State [readonly]
 			This value will be set to true if the service is
 			configured externally via a configuration file.
 
-			The only valid operation are Connect() and of
-			course Disconnect(). The Remove() method will
-			result in an error.
+			The only valid operations are Connect(), Disconnect()
+			and changing the AutoConnect property. The Remove()
+			method will result in an error.
 
 		boolean AutoConnect [readwrite]
 
@@ -341,9 +341,15 @@ Properties	string State [readonly]
 
 			string Method [readonly]
 
-				Possible values are "dhcp", "manual"
+				Possible values are "dhcp", "manual", "auto"
 				and "off".
 
+				It could be "auto" in case address was got
+				through IPv4LL after DHCP failed. In this
+				case also IPv4.Configuration will become
+				"auto" to allow user to ask for a DHCP
+				address at any time.
+
 				The value "fixed" indicates an IP address
 				that can not be modified. For example
 				cellular networks return fixed information.
diff --git a/doc/session-api.txt b/doc/session-api.txt
index 3aac535a..e8da5224 100755
--- a/doc/session-api.txt
+++ b/doc/session-api.txt
@@ -182,3 +182,26 @@ Settings	string State [readonly]
 			(This setting will be removed when the unique process
 			identification problem is solved.)
 
+		string AllowedInterface [readwrite] [experimental]
+
+			This field is used to bind a session to a specific
+			network interface. If this field is empty, the first
+			interface from a list of available ones will be used.
+			Also "*" string matches any interface.
+
+			Only one interface may be specified.
+
+			If a specified network interface is not available
+			(e.g. because AllowedBearers filters it out), the
+			session will not go online.
+
+		boolean SourceIPRule [readwrite] [experimental]
+
+			If set to true the session will create source IP
+			address rule in the firewall, which redirects traffic
+			to that session's routing table.
+
+			Each session maintains a dedicated routing table, with
+			a default route. When the source IP rule is enabled,
+			an application can select which session/interface to
+			send traffic on, using bind-before-connect mechanism.
diff --git a/doc/session-overview.txt b/doc/session-overview.txt
index 23931678..976c3518 100755
--- a/doc/session-overview.txt
+++ b/doc/session-overview.txt
@@ -92,3 +92,34 @@ The default session configuration does not enable the per application
 routing. Sessions are still useful in this setup, because the
 notification of sessions is still available, e.g. the online/offline
 notification.
+
+
+Multiple per-session routing tables
+===================================
+
+Sessions can be used in an environment with multiple network interfaces,
+where an application needs to direct outside traffic through a selected
+interface(s). ConnMan can maintain multiple sessions in a connected
+stated, and the application can dynamically, on a per-socket basis,
+select which session is used to route traffic.
+
+Example use cases are:
+- monitoring liveness of multiple connected interfaces, by sending
+  end-to-end heartbeat traffic on all of them in parallel.
+- prioritising traffic - e.g. sensitive data can be transferred over a slow,
+  but secure connection, while big, public downloads use a second session
+
+By default, ConnMan maintains only one online service. So it is impossible
+to send external traffic (routed through a gateway) on multiple interfaces.
+In order to enable this functionality, an application needs to issue the
+following API calls:
+- create multiple sessions, one for each interface to be used
+- set each session's AllowedInterface config field to the required interface
+  name (eth0, eth1, wlan0, ppp0, etc.)
+- set each session's SourceIPRule config field to true
+- connect each session (or the service it is using)
+
+That will instruct ConnMan to create multiple routing tables, with default
+routes in them. After that, the application can issue a bind() call on each
+socket, using required interface's source IP address. The bind() call must
+be made before a connect() call on a socket.
diff --git a/doc/technology-api.txt b/doc/technology-api.txt
index 14245eb6..fb6bd314 100755
--- a/doc/technology-api.txt
+++ b/doc/technology-api.txt
@@ -68,13 +68,16 @@ Properties	boolean Powered [readwrite]
 
 			Boolean representing if a technology is connected.
 
-			This is just a convience property for allowing the
+			This is just a convenience property for allowing the
 			UI to easily show if this technology has an active
 			connection or not.
 
 			If this property is True it means that at least one
 			service of this technology is in ready state.
 
+			In case of P2P technology, this property indicates
+			if the peer is fully connected to another peer.
+
 		string Name [readonly]
 
 			Name of this technology.
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index b4898eb0..cb0f16a8 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -88,7 +88,8 @@ OpenVPN VPN supports following options (see openvpn(8) for details):
                                          --auth-user-pass value (O)
  OpenVPN.TLSRemote      --tls-remote     Accept connections only from a host
                                          with X509 name or common name equal
-                                         to name parameter (O)
+                                         to name parameter (O). Deprecated in
+                                         OpenVPN 2.3+.
  OpenVPN.TLSAuth        sub-option of --tls-remote (O)
  OpenVPN.TLSAuthDir     sub-option of --tls-remote (O)
  OpenVPN.Cipher         --cipher         Encrypt packets with cipher algorithm
@@ -104,6 +105,9 @@ OpenVPN VPN supports following options (see openvpn(8) for details):
  OpenVPN.ConfigFile     --config         OpenVPN config file that can contain
                                          extra options not supported by OpenVPN
                                          plugin (O)
+ OpenVPN.DeviceType     --dev-type       Whether the VPN should use a tun (OSI
+                                         layer 3) or tap (OSI layer 2) device.
+                                         Value is "tun" (default) or "tap" (O)
 
 VPNC VPN supports following options (see vpnc(8) for details):
  Option name         VPNC config value     Description
@@ -113,16 +117,23 @@ VPNC VPN supports following options (see vpnc(8) for details):
  VPNC.Xauth.Password Xauth password        your password (cleartext) (O)
  VPNC.IKE.Authmode   IKE Authmode          IKE Authentication mode (O)
  VPNC.IKE.DHGroup    IKE DH Group          name of the IKE DH Group (O)
- VPNC.PFS Perfect    Forward Secrecy       Diffie-Hellman group to use for PFS (O)
+ VPNC.PFS            Perfect Forward Secrecy    Diffie-Hellman group to use for
+						PFS (O)
  VPNC.Domain         Domain                Domain name for authentication (O)
  VPNC.Vendor         Vendor                vendor of your IPSec gateway (O)
  VPNC.LocalPort      Local Port            local ISAKMP port number to use
- VPNC.CiscoPort      Cisco UDP Encapsulation Port  Local UDP port number to use (O)
- VPNC.AppVersion     Application Version   Application Version to report (O)
+ VPNC.CiscoPort      Cisco UDP Encapsulation Port    Local UDP port number to
+						     use (O)
+ VPNC.AppVersion     Application version   Application Version to report (O)
  VPNC.NATTMode       NAT Traversal Mode    Which NAT-Traversal Method to use (O)
- VPNC.DPDTimeout     DPD idle timeout (our side)  Send DPD packet after timeout (O)
+ VPNC.DPDTimeout     DPD idle timeout (our side)    Send DPD packet after
+						    timeout (O)
  VPNC.SingleDES      Enable Single DES     enables single DES encryption (O)
- VPNC.NoEncryption   Enable no encryption  enables using no encryption for data traffic (O)
+ VPNC.NoEncryption   Enable no encryption  enables using no encryption for data
+					   traffic (O)
+ VPNC.DeviceType     Interface mode        Whether the VPN should use a tun (OSI
+                                           layer 3) or tap (OSI layer 2) device.
+                                           Value is "tun" (default) or "tap" (O)
 
 L2TP VPN supports following options (see xl2tpd.conf(5) and pppd(8) for details)
  Option name         xl2tpd config value    Description
@@ -130,9 +141,9 @@ L2TP VPN supports following options (see xl2tpd.conf(5) and pppd(8) for details)
                                             if not set here (O)
  L2TP.Password       -                      L2TP password, asked from the user
                                             if not set here (O)
- L2TP.BPS            bps                    Max bandwith to use (O)
- L2TP.TXBPS          tx bps                 Max transmit bandwith to use (O)
- L2TP.RXBPS          rx bps                 Max receive bandwith to use (O)
+ L2TP.BPS            bps                    Max bandwidth to use (O)
+ L2TP.TXBPS          tx bps                 Max transmit bandwidth to use (O)
+ L2TP.RXBPS          rx bps                 Max receive bandwidth to use (O)
  L2TP.LengthBit      length bit             Use length bit (O)
  L2TP.Challenge      challenge              Use challenge authentication (O)
  L2TP.DefaultRoute   defaultroute           Default route (O)
@@ -162,13 +173,14 @@ L2TP VPN supports following options (see xl2tpd.conf(5) and pppd(8) for details)
  PPPD.RefuseMSCHAP2  refuse-mschapv2        Deny mschapv2 auth (O)
  PPPD.NoBSDComp      nobsdcomp              Disables BSD compression (O)
  PPPD.NoPcomp        nopcomp                Disable protocol compression (O)
- PPPD.UseAccomp      accomp                 Disable address/control compression (O)
+ PPPD.UseAccomp      noaccomp               Disable address/control
+					    compression (O)
  PPPD.NoDeflate      nodeflate              Disable deflate compression (O)
  PPPD.ReqMPPE        require-mppe           Require the use of MPPE (O)
  PPPD.ReqMPPE40      require-mppe-40        Require the use of MPPE 40 bit (O)
  PPPD.ReqMPPE128     require-mppe-128       Require the use of MPPE 128 bit (O)
  PPPD.ReqMPPEStateful mppe-stateful         Allow MPPE to use stateful mode (O)
- PPPD.NoVJ           no-vj-comp             No Van Jacobson compression (O)
+ PPPD.NoVJ           novj                   No Van Jacobson compression (O)
 
 
 PPTP VPN supports following options (see pptp(8) and pppd(8) for details)
@@ -193,7 +205,7 @@ PPTP VPN supports following options (see pptp(8) and pppd(8) for details)
  PPPD.RequirMPPE40   require-mppe-40      Require the use of MPPE 40 bit (O)
  PPPD.RequirMPPE128  require-mppe-128     Require the use of MPPE 128 bit (O)
  PPPD.RequirMPPEStateful mppe-stateful    Allow MPPE to use stateful mode (O)
- PPPD.NoVJ           no-vj-comp           No Van Jacobson compression (O)
+ PPPD.NoVJ           novj                 No Van Jacobson compression (O)
 
 IPsec VPN supports following options (see swanctl.conf(5) for details):
  Option name                   IPSec config value    Description
diff --git a/doc/vpn-connection-api.txt b/doc/vpn-connection-api.txt
index 4367699f..a814a388 100755
--- a/doc/vpn-connection-api.txt
+++ b/doc/vpn-connection-api.txt
@@ -144,7 +144,8 @@ Properties	string State [readonly]
 
 			string Netmask
 
-				The netmask of the route.
+				The netmask of the route. For IPv6 routes,
+				this is the prefix length.
 
 			string Gateway
 
@@ -166,7 +167,8 @@ Properties	string State [readonly]
 
 			string Netmask
 
-				The netmask of the route.
+				The netmask of the route. For IPv6 routes,
+				this is the prefix length.
 
 			string Gateway