1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
|
Configuration file format
=========================
Main configuration
------------------
Example config:
::
# Log warnings and errors to stderr
log level warn;
# Log everything to syslog
log to syslog level debug;
# Set the interface name
interface "mesh-vpn";
# Support salsa2012+umac and null methods, prefer salsa2012+umac
method "salsa2012+umac";
method "null";
# Bind to a fixed port, IPv4 only
bind 0.0.0.0:10000;
# Secret key generated by `fastd --generate-key`
secret "78dfb05fe0aa586fb017de566b0d21398ac64032fcf1c765855f4d538cc5a357";
# Set the interface MTU for TAP mode with xsalsa20/aes128 over IPv4 with a base MTU of 1492 (PPPoE)
# (see MTU selection documentation)
mtu 1426;
# Include peers from the directory 'peers'
include peers from "peers";
| ``bind <IPv4 address>:<port> [ interface "<interface>" ] [ default [ ipv4 ] ];``
| ``bind <IPv6 address>:<port> [ interface "<interface>" ] [ default [ ipv6 ] ];``
| ``bind any:<port> [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
| ``bind <IPv4 address> port <port> [ interface "<interface>" ] [ default [ ipv4 ] ];``
| ``bind <IPv6 address> port <port> [ interface "<interface>" ] [ default [ ipv6 ] ];``
| ``bind any port <port> [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
Sets the bind address, port and possibly interface. May be specified multiple times. The keyword
any makes fastd bind to the unspecified address for both IPv4 and IPv6. When
no bind address is configured at all, for each outgoing connection a new socket with a random
port is created.
IPv6 address must be put in square brackets. It is possible to specify an IPv6 link-local address
with an interface in the usual notation (e.g. [fe80::1%eth0]).
The default option makes it the default address for outgoing connections
for IPv4, IPv6 or both.
| ``cipher "<cipher>" use "<implementation>";``
Chooses a specific impelemenation for a cipher. Normally, the default setting is already the best choice.
Note that specific implementations may be unavailable on some platforms or disabled during compilation.
The available ciphers and implementations are:
* ``aes128-ctr``: AES128 in counter mode
- ``openssl``: Use implementation from OpenSSL's libcrypto
- ``nacl``: Use implementation from NaCl or libsodium
* ``null``: No encryption (for authenticated-only methods using composed_gmac)
- ``memcpy``: Simple memcpy-based implementation
* ``salsa20``: The Salsa20 stream cipher
- ``xmm``: Optimized implementation for x86/amd64 CPUs with SSE2 support
- ``nacl``: Use implementation from NaCl or libsodium
* ``salsa2012``: The Salsa20/12 stream cipher
- ``xmm``: Optimized implementation for x86/amd64 CPUs with SSE2 support
- ``nacl``: Use implementation from NaCl or libsodium
| ``drop capabilities yes|no|early;``
By default, fastd switches to the configured user and/or drops its
POSIX capabilities after the on up command has been run.
When drop capabilities is set to early, the on up command
is run after the privileges have been dropped, when set to no, the POSIX capabilities
aren't dropped at all (but the user is switched after the on up command
has been run nevertheless).
| ``forward yes|no;``
Enables or disabled forwarding packets between peers. Care must be taken not to create forwarding loops.
| ``group "<group>";``
Sets the group to run fastd as.
| ``hide ip addresses yes|no;``
Hides IP addresses in log output.
| ``hide mac addresses yes|no;``
Hides MAC addresses in log output.
| ``include "<file>";``
Includes another configuration file. Relative paths are interpreted relatively to the
including file.
| ``include peer "<file>" [ as "<name>" ];``
Includes a peer configuration (and optionally gives the peer a name).
| ``include peers from "<dir>";``
Includes each file in a directory as a peer configuration. These peers are reloaded when
fastd receives a SIGHUP signal.
| ``interface "<name>";``
Sets the name of the TUN/TAP interface to use; it will be set by the OS when no name is configured explicitly.
| ``log level fatal|error|warn|info|verbose|debug|debug2;``
Sets the default log level, meaning syslog if there is currently a level set for syslog, and stderr
otherwise.
| ``log to stderr level fatal|error|warn|info|verbose|debug|debug2;``
Sets the stderr log level. By default no log messages are printed on stderr, unless no other
log destination is configured, which causes fastd to log to stderr with level info.
| ``log to syslog [ as "<ident>" ] [ level fatal|error|warn|info|verbose|debug|debug2 ];``
Sets the syslog log level. By default syslog isn't used.
| ``mac "<MAC>" use "<implementation>";``
Chooses a specific impelemenation for a message authentication code. Normally, the default setting is already the best
choice. Note that specific implementations may be unavailable on some platforms or disabled during compilation.
The available MACs and implementations are:
* ``ghash``: The MAC used by the GCM and GMAC methods
- ``pclmulqdq``: An optimized implementation for modern x86/amd64 CPUs supporting the PCLMULQDQ instruction
- ``builtin``: A generic implementation
* ``uhash``: The MAC used by the UMAC methods
- ``builtin``: A generic implementation
| ``method "<method>";``
Sets the encryption/authentication method. See the page :doc:`methods` for more information about the supported methods.
When multiple method statements are given, the first one has the highest preference.
| ``mode tap|tun;``
Sets the mode of the interface; the default is TAP mode.
| ``mtu <MTU>;``
Sets the MTU; must be at least 576. You should read the page :doc:`mtu` as the default 1500 is suboptimal in most setups.
| ``on pre-up [ sync | async ] "<command>";``
| ``on up [ sync | async ] "<command>";``
| ``on down [ sync | async ] "<command>";``
| ``on post-down [ sync | async ] "<command>";``
| ``on connect [ sync | async ] "<command>";``
| ``on establish [ sync | async ] "<command>";``
| ``on disestablish [ sync | async ] "<command>";``
Configures a shell command that is run after the interface is created, before the interface is destroyed,
when a handshake is sent to make a new connection,
when a new peer connection has been established, or after a peer connection has been lost. fastd will
block until the command has finished, to long-running processes should be started in the background.
pre-up, up, down and post-down commands are executed synchronously by default, meaning fastd will block
until the commands have finished, while the other commands are executed asynchronously by default. This
can be changed using the keywords sync and async.
The following environment variables are set by fastd for all commands:
* ``FASTD_PID``: fastd's PID
* ``INTERFACE``: the interface name
* ``INTERFACE_MTU``: the configured MTU
* ``LOCAL_KEY``: the local public key
For on connect, on establish and on disestablish the following variables are set in addition:
* ``LOCAL_ADDRESS``: the local IP address
* ``LOCAL_PORT``: the local UDP port
* ``PEER_ADDRESS``: the peer's IP address
* ``PEER_PORT``: the peer's UDP port
* ``PEER_NAME``: the peer's name in the local configuration
* ``PEER_KEY``: the peer's public key
| ``on verify [ sync | async ] "<command>";``
Configures a shell command that is run on connection attempts by unknown peers. The same environment
variables as in the on establish command are supplied. When the commands returns 0, the
connection is accepted, otherwise the handshake is ignored. By default, fastd ignores connections
from unknown peers.
Verify commands are executed asynchronously by default. This
can be changed using the keywords sync and async.
| ``packet mark <mark>;``
Defines a packet mark to set on fastd's packets, which can be used in an ip rule.
Marks can be specified in decimal, hexadecimal (with a leading 0x), and octal (with a leading 0).
| ``peer "<name>" {`` *peer configuration* ``}``
An inline peer configuration.
| ``peer group "<name>" {`` *configuration* ``}``
Configures a peer group.
| ``peer limit <limit>;``
Sets the maximum number of connections for the current peer group.
.. _option-pmtu:
| ``pmtu yes|no|auto;``
Enables or disables Path MTU detection for IPv4. If enabled, all packets are sent with DF set, and all
fragmentation happens on the sending host itself. If disabled, routers may fragment the packets themselves,
possibly leading to multiple fragmentation. In general, disabling this should not be necessary, but in some
networks ICMP MTU Too Big packets are lost, so PMTU detection doesn't work correctly.
If possible, fastd's mtu setting should be adjusted so the packets aren't fragmented at all instead of
relying on this option.
The default is auto, which uses the system default as specified in /proc/sys/net/ipv4/ip_no_pmtu_disc.
The pmtu option is available on Linux platforms only.
| ``protocol "<protocol>";``
Sets the handshake protocol; at the moment only ec25519-fhmqvc is supported.
| ``secret "<secret>";``
Sets the secret key.
| ``secure handshakes yes|no;``
fastd v11+ implements a revised handshake scheme which prevents downgrade attacks (i.e. an attacker forcing
two peers to use the least secure encryption method supported by both sides, or even half-establishing a
session with an encryption method supported by one side only). To maintain backwards compatiblity, the old
handshake is still supported when secure handshakes is set to no.
Setting this option to yes (the default) on one side is enough to ensure that a session established by two peers has not
been downgraded.
| ``status socket "<socket>";``
Configures a UNIX socket which can be used to retrieve the current state of fastd. An example script
to get the status can be found at ``doc/examples/status.pl`` in the fastd repository.
| ``user "<user>";``
Sets the user to run fastd as.
Peer configuration
------------------
Example config:
::
key "f05c6f62337d291e34f50897d89b02ae43a6a2476e2969d1c8e8104fd11c1873";
remote 192.0.2.1:10000;
remote [2001:db8::1]:10000;
remote ipv4 "fastd.example.com" port 10000;
| ``include "<file>";``
Includes another configuration file.
| ``key "<key>";``
Sets the peer's public key.
| ``remote <IPv4 address>:<port>;``
| ``remote <IPv6 address>:<port>;``
| ``remote [ ipv4|ipv6 ] "<hostname>":<port>;``
| ``remote <IPv4 address> port <port>;``
| ``remote <IPv6 address> port <port>;``
| ``remote [ ipv4|ipv6 ] "<hostname>" port <port>;``
Sets the IP address or host name to connect to. If a peer doesn't have a remote address configured,
incoming connections are accepted, but no own connection attempts will be made.
The ipv4 or ipv6 options can be used to force fastd to resolve the host name for the
specified protocol version only.
Starting with fastd v9, multiple remotes may be given for a single peer. If this is the case, they
will be tried one after another. Starting with fastd v11, all addresses a given hostname resolves
to are taken into account, not only the first one. This can be use to specify alternative hostname,
addresses and/or ports for the same host; all remotes must still refer to the same peer as the public
key must be unique.
| ``float yes|no;``
The float option can be used to accept connections from the peer with the specified key from
other addresses that the configured ones.
|