1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
package fastd
config fastd sample_config
# Set to 1 to enable this instance:
option enabled 0
# Sets a static config file, optional
# Options set via UCI have higher priority that statically configured ones
# list config '/etc/fastd/sample_config/fastd.conf'
# Configures a single static peer from a configuration file
# list config_peer '/etc/fastd/sample_config/sample_peer.conf'
# Sets an additional directory from which peers configurations are read
# The peer list can be reloaded without restarting fastd
# Peer can either be configured via UCI (see examples below) or via peer dirs
# Can't be used in tun mode
# list config_peer_dir '/etc/fastd/sample_config/peers'
# Sets the log level
# Possible values: error, warn, info, verbose, debug
# Default: info
option syslog_level 'info'
# IP address and port of the local end, optional
# 'any' can be used to bind to both IPv4 and IPv6
# If no port is given fastd will bind to a random port
# list bind 'any:1337'
# list bind '0.0.0.0:1337'
# list bind '[::]:1337'
# "method null" uses no encryption or MAC
# "method xsalsa20-poly1305" uses the XSalsa20 encryption ad the Poly1305 MAC
list method 'xsalsa20-poly1305'
# "mode tap" will create an ethernet tunnel (tap device),
# "mode tun" will create an IP tunnel (tun device).
option mode 'tap'
# Set the name of the tunnel interface to use
option interface 'tap0'
# option interface 'tun0'
# option interface 'fastd0'
# Sets the MTU of the tunnel interface, default is 1500
# 1426 is a good value that avoids fragmentation for the xsalsa20-poly1305 method
# when the tunnel uses an IPv4 connection on a line with an MTU of 1492 or higher
option mtu 1426
# Enables direct forwaring of packets between peers
# WARNING: Only enable this if you know what you are doing, as this can lead to forwarding loops!
option forward 0
# Disable for compatiblity with fastd v10 and older
option secure_handshakes 1
# Set a packet mark to filter for with iptables or ip rules
# option packet_mark 42
# Socket to get fastd's status
# option status_socket '/var/run/fastd-example.sock'
# Limits the maximum number of connections, optional
# option peer_limit 5
# The secret key
# A keypair can be generated with `fastd --generate-key`
# When the corresponding public key is lost it can be recovered with `/etc/init.d/fastd show-key <config name>`
# option secret '0000000000000000000000000000000000000000000000000000000000000000'
# Sets the user to run fastd as. Defaults to root
# option user 'daemon'
# Sets the group to run fastd as. Defaults to the user's primary group
# option group 'daemon'
# If set to 1, the logs won't contain peers' IP addresses
# option hide_ip_addresses '0'
# If set to 1, the logs won't contain peers' MAC addresses
# option hide_mac_addresses '0'
# Read the documentation about this one. Only ever useful in severly broken networks.
# option pmtu ''
# command to configure IP addresses etc. after the tunnel interface is up; $1 will be the interface name (optional)
# option up ''
# command to execute before the tunnel interface is set down; $1 will be the interface name (optional)
# option down ''
config peer sample_peer
# Set to 1 to enable this peer
# In tap mode peers can be reloaded dynamically
option enabled 0
# Controls which instance this peer is associated with
option net 'sample_config'
# Controls which peer group this peer belongs to, optional
# For most use cases peer groups aren't necessary
# option group 'sample_group'
# The peer's public key
option key '0000000000000000000000000000000000000000000000000000000000000000'
# A remote specification consists of an address or a hostname, and a port
# When a hostname is given, it is recommended to specify the address family to use
# It is possible to specify no, one or multiple remotes
# (but all entries must designate the same host as the public key must be unique)
# list remote '192.0.2.1:1337'
# list remote '[2001:db8::1]:1337'
# list remote '"example.com" port 1337'
# list remote 'ipv4 "example.com" port 1337'
# list remote 'ipv6 "example.com" port 1337'
# Setting float to 1 allow incoming connections with this key from other addresses/hostnames/ports than the specified remotes
# option float 0
config peer_group sample_group
# Set to 1 to enable this peer group
option enabled 0
# Controls which instance this peer group is associated with
# Peer groups can't be used in tun mode
option net 'sample_config'
# Allows configuring nested groups
# option parent 'other_group'
# Includes another config file inside the peer group definition
# list config '/etc/fastd/sample_config/sample_group.conf'
# Configures a single static peer from a configuration file
# list config_peer '/etc/fastd/sample_config/sample_peer.conf'
# Configures an additional peer directory for this group
# list config_peer_dir '/etc/fastd/sample_config/peers2'
# Limits the maximum number of connections to peers in this group (optional)
# option peer_limit 5
|
