| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- # This file is managed by ansible, don't make changes here - they will be overwritten.
- # Bind to a fixed address and port, IPv4 and IPv6
- bind {{ansible_eth0.ipv4.address}}:{{fastd.port}} interface "eth0";
- {% for v6 in ansible_eth0.ipv6 %}
- {% if v6.scope == 'global' %}
- bind [{{v6.address}}]:{{fastd.port}} interface "eth0";
- {% endif %}
- {% endfor %}
- # Set the user, fastd will work as
- user "nobody";
- # Set the interface name
- interface "mesh-vpn";
- # Set the mode, the interface will work as
- mode tap;
- # Set the mtu of the interface (salsa2012 with ipv6 will need 1406)
- mtu 1406;
- # Set the methods (aes128-gcm preferred, salsa2012+umac preferred for nodes)
- method "aes128-gcm";
- method "salsa2012+umac";
- method "salsa2012+gmac";
- # Secret key generated by `fastd --generate-key`
- include "secret.key";
- # Log everything to syslog
- log to syslog level debug;
- # Include peers from our git-repos
- include peers from "/etc/fastd/vpn/peers/";
- # Status Socket
- status socket "/tmp/fastd-status";
- # Configure a shell command that is run on connection attempts by unknown peers (true means, all attempts are accepted)
- # on verify "true";
- on verify "
- /bin/bash /var/gateway-ffms/fastd/verify.sh $PEER_KEY
- ";
- # Configure a shell command that is run when fastd comes up
- on up "
- chmod ugo+rw /tmp/fastd-status
- ip link set dev $INTERFACE address de:ad:be:ef:43:{{server_id}}
- ip link set dev $INTERFACE up
- batctl if add $INTERFACE
- {% if fastd.ip_rule_42 %}
- ip rule add from {{ffrl_nat_ip}} lookup 42
- ip -6 rule add from {{ff_network.v6_network}} lookup 42
- {% endif %}
- ";
|
