package fastd config fastd sample_config # Set to 1 to enable this instance: option enabled 0 # Sets a static config file, optional # Options set via UCI have higher priority that statically configured ones # If a config file is set all other options except the interface may become optional if the are set in the file # list config '/etc/fastd/sample_config/fastd.conf' # Sets a directory from which peers configurations are read # The peer list can be reloaded without restarting fastd # Peer can either be configured via UCI (see example below) or via peer dirs list config_peer_dir '/etc/fastd/sample_config/peers' # Sets the log level # Possible values: error, warn, info, verbose, debug # Default: info option syslog_level 'info' # IP address and port of the local end, optional # 'any' can be used to bind to both IPv4 and IPv6 # If the port is 0 fastd will bind to a random port # list bind 'any:1337' # list bind '0.0.0.0:1337' # list bind '[::]:1337' # "method null" uses no encryption or MAC # "method xsalsa20-poly1305" uses the XSalsa20 encryption ad the Poly1305 MAC list method 'xsalsa20-poly1305' # "mode tap" will create an ethernet tunnel (tap device), # "mode tun" will create an IP tunnel (tun device). option mode 'tap' # Set the name of the tunnel interface to use option interface 'tap0' # option interface 'tun0' # option interface 'fastd0' # Sets the MTU of the tunnel interface, default is 1500 # 1426 is a good value that avoids fragmentation for the xsalsa20-poly1305 method # when the tunnel uses an IPv4 connection on a line with an MTU of 1492 or higher option mtu 1426 # Enables direct forwaring of packets between peers # WARNING: Only enable this if you know what you are doing, as this can lead to forwarding loops! option forward 0 # The secret key # A keypair can be generated with `fastd --generate-key` # When the corresponding public key is lost it can be recovered with `/etc/init.d/fastd show-key ` # option secret '0000000000000000000000000000000000000000000000000000000000000000' # command to configure IP addresses etc. after the tunnel interface is up; $1 will be the interface name (optional) # option up '' # command to execute before the tunnel interface is set down; $1 will be the interface name (optional) # option down '' config peer sample_peer # Set to 1 to enable this peer: option enabled 0 # Controls which instance this peer is associated with option net 'sample_config' # The peer's public key option key '0000000000000000000000000000000000000000000000000000000000000000' # A complete remote specification consists of an address or a hostname, and a port # When a hostname is given, it is recommended to specify an address family to use # The address to connect to (optional) # option address '192.0.2.1' # option address '[2001:db8::1]' # The hostname to connect to (optional) # option hostname 'example.com' # The address family to use to connect to the hostname (optional) # Must be 'ipv4' or 'ipv6' # Has no effect when an address is specified # option address_family 'ipv4' # The remote port to connect to (optional) # option port 1337 # Setting float to 1 allow incoming connections with this key from other addresses/hostnames/ports than the specified remote option float 0