From 2eb0efacac35c2f8829d64f9293030f239bf79f1 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 8 Sep 2014 22:40:27 +0200 Subject: Move systemd unit to a new doc/examples dir, add OpenWrt example config and init script --- doc/examples/openwrt/fastd.config | 143 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 doc/examples/openwrt/fastd.config (limited to 'doc/examples/openwrt/fastd.config') diff --git a/doc/examples/openwrt/fastd.config b/doc/examples/openwrt/fastd.config new file mode 100644 index 0000000..b47cc65 --- /dev/null +++ b/doc/examples/openwrt/fastd.config @@ -0,0 +1,143 @@ +package fastd + +config fastd sample_config + + # Set to 1 to enable this instance: + option enabled 0 + + # Sets a static config file, optional + # Options set via UCI have higher priority that statically configured ones +# list config '/etc/fastd/sample_config/fastd.conf' + + # Configures a single static peer from a configuration file +# list config_peer '/etc/fastd/sample_config/sample_peer.conf' + + # Sets an additional directory from which peers configurations are read + # The peer list can be reloaded without restarting fastd + # Peer can either be configured via UCI (see examples below) or via peer dirs + # Can't be used in tun mode +# list config_peer_dir '/etc/fastd/sample_config/peers' + + # Sets the log level + # Possible values: error, warn, info, verbose, debug + # Default: info + option syslog_level 'info' + + # IP address and port of the local end, optional + # 'any' can be used to bind to both IPv4 and IPv6 + # If no port is given fastd will bind to a random port +# list bind 'any:1337' +# list bind '0.0.0.0:1337' +# list bind '[::]:1337' + + # "method null" uses no encryption or MAC + # "method xsalsa20-poly1305" uses the XSalsa20 encryption ad the Poly1305 MAC + list method 'xsalsa20-poly1305' + + # "mode tap" will create an ethernet tunnel (tap device), + # "mode tun" will create an IP tunnel (tun device). + option mode 'tap' + + # Set the name of the tunnel interface to use + option interface 'tap0' +# option interface 'tun0' +# option interface 'fastd0' + + # Sets the MTU of the tunnel interface, default is 1500 + # 1426 is a good value that avoids fragmentation for the xsalsa20-poly1305 method + # when the tunnel uses an IPv4 connection on a line with an MTU of 1492 or higher + option mtu 1426 + + # Enables direct forwaring of packets between peers + # WARNING: Only enable this if you know what you are doing, as this can lead to forwarding loops! + option forward 0 + + # Disable for compatiblity with fastd v10 and older + option secure_handshakes 1 + + # Set a packet mark to filter for with iptables or ip rules +# option packet_mark 42 + + # Limits the maximum number of connections, optional +# option peer_limit 5 + + # The secret key + # A keypair can be generated with `fastd --generate-key` + # When the corresponding public key is lost it can be recovered with `/etc/init.d/fastd show-key ` +# option secret '0000000000000000000000000000000000000000000000000000000000000000' + + # Sets the user to run fastd as. Defaults to root +# option user 'daemon' + + # Sets the group to run fastd as. Defaults to the user's primary group +# option group 'daemon' + + # If set to 1, the logs won't contain peers' IP addresses +# option hide_ip_addresses '0' + + # If set to 1, the logs won't contain peers' MAC addresses +# option hide_mac_addresses '0' + + # Read the documentation about this one. Only ever useful in severly broken networks. +# option pmtu '' + + # command to configure IP addresses etc. after the tunnel interface is up; $1 will be the interface name (optional) +# option up '' + + # command to execute before the tunnel interface is set down; $1 will be the interface name (optional) +# option down '' + + +config peer sample_peer + + # Set to 1 to enable this peer + # In tap mode peers can be reloaded dynamically + option enabled 0 + + # Controls which instance this peer is associated with + option net 'sample_config' + + # Controls which peer group this peer belongs to, optional + # For most use cases peer groups aren't necessary +# option group 'sample_group' + + # The peer's public key + option key '0000000000000000000000000000000000000000000000000000000000000000' + + # A remote specification consists of an address or a hostname, and a port + # When a hostname is given, it is recommended to specify the address family to use + # It is possible to specify no, one or multiple remotes + # (but all entries must designate the same host as the public key must be unique) +# list remote '192.0.2.1:1337' +# list remote '[2001:db8::1]:1337' +# list remote '"example.com" port 1337' +# list remote 'ipv4 "example.com" port 1337' +# list remote 'ipv6 "example.com" port 1337' + + # Setting float to 1 allow incoming connections with this key from other addresses/hostnames/ports than the specified remotes +# option float 0 + + +config peer_group sample_group + + # Set to 1 to enable this peer group + option enabled 0 + + # Controls which instance this peer group is associated with + # Peer groups can't be used in tun mode + option net 'sample_config' + + # Allows configuring nested groups +# option parent 'other_group' + + # Includes another config file inside the peer group definition +# list config '/etc/fastd/sample_config/sample_group.conf' + + # Configures a single static peer from a configuration file +# list config_peer '/etc/fastd/sample_config/sample_peer.conf' + + # Configures an additional peer directory for this group +# list config_peer_dir '/etc/fastd/sample_config/peers2' + + # Limits the maximum number of connections to peers in this group (optional) +# option peer_limit 5 -- cgit v1.2.3