1FASTD(1)                         User Commands                        FASTD(1)
2
3
4

NAME

6       fastd - Fast and Secure Tunnelling Daemon
7

SYNOPSIS

9       fastd OPTION...
10

DESCRIPTION

12       fastd  is a very small VPN daemon which tunnels IP packets and Ethernet
13       frames over UDP. It supports various modern encryption and  authentica‐
14       tion schemes and can be used in many different network topologies (1:1,
15       1:n, meshed).
16

OPTIONS

18       --help, -h
19              Shows a help text.
20
21       --version, -v
22              Shows the fastd version.
23
24       --daemon, -d
25              Runs fastd in the background.
26
27       --pid-file <filename>
28              Writes fastd's PID to the specified file.
29
30       --status-socket <socket>
31              Configure a socket to get fastd's status.
32
33       --config, -c <filename>
34              Loads a config file. - can be specified to read  a  config  file
35              from stdin. More than one config file can be loaded.
36
37       --config-peer <filename>
38              Loads a config file for a single peer. The filename will be used
39              as the peer name.
40
41       --config-peer-dir <dir>
42              Loads all files from a directory  as  peer  configs.  On  SIGHUP
43              fastd will reload peer directories.
44
45       --user <user>
46              Sets the user to run fastd as.
47
48       --group <group>
49              Sets the group to run fastd as.
50
51       --log-level error|warn|info|verbose|debug|debug2
52              Sets the stderr log level; default is info if no alternative log
53              destination is configured.
54
55       --syslog-level error|warn|info|verbose|debug|debug2
56              Sets the log level for syslog output; default is not to use sys‐
57              log.
58
59       --syslog-ident <ident>
60              Sets the syslog identification; default is fastd.
61
62       --hide-ip-addresses
63              Hides IP addresses in log output.
64
65       --hide-mac-addresses
66              Hides MAC addresses in log output.
67
68       --mode, -m tap|multitap|tun
69              Sets the mode of the interface; default is TAP mode.
70
71       --interface, -i <name>
72              Sets the name of the TUN/TAP interface to use. If not specified,
73              default names specified by the system will be used.
74
75       --mtu, -M <mtu>
76              Sets the MTU; must be at least 576.
77
78       --bind, -b <address>[:<port>]
79              Sets the bind address. Address can be an IPv4 address or an IPv6
80              address,  or  the  keyword  any.  IPv6  addresses must be put in
81              square brackets.
82
83              By default fastd will to bind to a random port for both IPv4 and
84              IPv6. It is currently not possible to specify an IPv6 link-local
85              address on the command line.
86
87       --protocol, -p <protocol>
88              Sets the handshake protocol. Currently the only protocol  avail‐
89              able  is  ec25519-fhmqvc, which provides a secure authentication
90              of peers based on public/secret keys.
91
92       --method <method>
93              Sets the encryption method.
94
95       --forward
96              Enables forwarding of packets between peers; read the full docu‐
97              mentation before use!
98
99       --on-pre-up <command>
100              Sets a shell command to execute before interface creation.
101
102       --on-up <command>
103              Sets a shell command to execute after interface creation.
104
105       --on-down <command>
106              Sets a shell command to execute before interface destruction.
107
108       --on-post-down <command>
109              Sets a shell command to execute after interface destruction.
110
111       --on-connect <command>
112              Sets  a  shell  command  to  execute when a handshake is sent to
113              establish a new connection.
114
115       --on-establish <command>
116              Sets a shell command to execute when a new connection is  estab‐
117              lished.
118
119       --on-disestablish <command>
120              Sets a shell command to execute when a connection is lost.
121
122       --on-verify <command>
123              Sets a shell command to execute to check a connection attempt by
124              an unknown peer.
125
126       --verify-config
127              Checks the configuration and exits.
128
129       --generate-key
130              Generates a new keypair.
131
132       --show-key
133              Shows the public key corresponding to the configured secret.
134
135       --machine-readable
136              Suppresses output of  explaining  text  in  the  --show-key  and
137              --generate-key commands.
138

SEE ALSO

140       The  full  documentation  for  fastd  is  maintained  in  the  Wiki  at
141       https://projects.universe-factory.net/projects/fastd/wiki/Fastd.
142
143       See    the    user     manual     at     https://projects.universe-fac
144       tory.net/projects/fastd/wiki/User_manual in particular.
145
146
147
148fastd v18                         March 2016                          FASTD(1)
Impressum