CRXN
/
docs
mirror of https://codeberg.org/CRXN/docs.git
1
0
Fork 0
Code Releases Activity

Merge pull request 'fastd_tun' (#19) from mark22k/docs:fastd_tun into master 

Reviewed-on: https://codeberg.org/CRXN/docs/pulls/19
This commit is contained in:
Marek Küthe 2023-01-04 17:27:53 +00:00
parent 07e8489a85 87d226bd9b
commit 8997c536a1
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
docs/tunneling/fastd.md
View File

@ -44,9 +44,9 @@ forward no;
# Setup a peer to allow incoming connections from or initiate a connection too
peer "<peerName>"
{
remote <type> "<ip>" port <port>;
remote <type> "<hostname>" port <port>;
key "<peer's public key>";
interface "<interface>";
interface "%n";
float yes;
}
@ -67,8 +67,8 @@ on down "ip link set dev $INTERFACE down";
The template needs to have the following filled in:
1. `<ip>` and `<port>`
* The IP address and port to bind to and listen on for incoming connections from your peer's daemon (if his daemon initiates the connection first)
1. `<port>`
* The port to bind to and listen on for incoming connections from your peer's daemon (if his daemon initiates the connection first)
Now you must run the following:
@ -87,19 +87,25 @@ Now we need to fill in the peer details of the node you are connecting to:
1. `"<peerName>"`
* Sets the interface name of the connection with the peer to crxn`<peerName>`
2. `<type>`
* Set this to either `ipv4` or `ipv6` depending of the address being used to connect to the remote peer
3. `"<ip>"`
* Set this to either `ipv4` or `ipv6` depending of the address being used to connect to the remote peer. This parameter is optional and can be omitted.
3. `"<hostname>"`
* Set this to the remote peer's fastd address
4. `"port`
4. `"<port>`
* Set this to the remote peer's fastd port
5. `"<peer's public key>"`
* Set this to your peer's public key
6. `interface "%n";`
* This sets the peer name as the interface name. If this interface name should be different, it can be adjusted here.
> The `float yes` is to allow the peer with the provided public key to connect to you using a source address **other** than the one specified (as fastd does authenticate against that). [Read more](https://fastd.readthedocs.io/en/stable/manual/config.html#main-configuration).
> The `float yes` is to allow the peer with the provided public key to connect to you using a source address **other** than the one specified (as fastd does authenticate against that). The parameter is optional.
The last thing to configure now is to rise the interface up when fastd starts (as it normally doesn't rise it for you), all occurences of `<interfaceName>` here should match the one in the `interface <interfaceName>;` declaration as shown earlier.
### Modes
Fastd can provide a tunnel with `multitap` mode on layer 2 or a tunnel with `tun` mode on layer 3. Note that the fatsd has 20 bytes less overhead when using tun.
### MTU
The default MTU of a fastd tunnel is 1500 bytes. However, this can be problematic if the Internet uplink also has an MTU of 1500 or less. In this case IP fragmentation can occur. This is usually something you want to avoid.