This document assumes that you are using a Linux system (as one should) and a systemd-based system, the latter part is not really a requirement but it just for having things start on system startup.
* This is the layer 2 tunnelling daemon we use to link up machines essentially providing a virtual ethernet network between the two nodes we want to link.
* You will need their public key which will be used to secure the connection to them such that traffic is encrypted (CRXN traffic and babeld router messages)
* Set this to either `ipv4` or `ipv6` depending of the address being used to connect to the remote peer. This parameter is optional and can be omitted.
> The `float yes` is to allow the peer with the provided public key to connect to you using a source address **other** than the one specified (as fastd does authenticate against that). The parameter is optional.
Fastd can provide a tunnel with `multitap` mode on layer 2 or a tunnel with `tun` mode on layer 3. Note that the fatsd has 20 bytes less overhead when using tun.
fastd supports various transmission encryptions. The encryption and authentication recommended by fastd is `salsa2012+umac`. If you specify multiple encryption methods, the first one specified is preferred. The others are used as fallbacks if the peer does not support the preferred one.
fastd has three groups of transmission ciphers:
- Encrypt and Authenticate
- Authenticate Only
- Transfer Only without Authentication
It should be noted that poly1305 is very slow on embedded systems and AES is very slow without OpenSSL.
When fastd is used without encryption or authentication, the data is authenticated only by the sender IP address. This authentication can be disabled with `float yes;`.
The default MTU of a fastd tunnel is 1500 bytes. However, this can be problematic if the Internet uplink also has an MTU of 1500 or less. In this case IP fragmentation can occur. This is usually something you want to avoid.
To calculate the appropriate MTU, you must first calculate the fastd overhead:
The default overhead is 28. If the `null` method is used, add 1, if the `null@l2tp` method is used, add 8, and for all other methods, add 24. If TAP is used instead of TUN, add 14. If the tunnel is established over IPv6, add 20.
Now calculate the MTU of the uplink (often 1500) minus the number you just calculated and you get the MTU that must be used in the fastd tunnel.
You can either write this statement in the configuration file. Then it applies to all configured peers. Alternatively, you can put it in the `peer` block on a per-peer basis.