add net/fastd

fastd is a very small VPN daemon which tunnels IP packets and Ethernet frames
over UDP. It supports various modern encryption and authentication schemes
and can be used in many different network topologies (1:1, 1:n, meshed).

2 files changed, 56 insertions, 0 deletions

diff --git a/net/fastd/files/fastd.conf b/net/fastd/files/fastd.conf
new file mode 100644
index 00000000000..9ff7dbcd412
--- /dev/null
+++ b/net/fastd/files/fastd.conf
@@ -0,0 +1,36 @@
+# $NetBSD: fastd.conf,v 1.1 2021/06/24 14:01:31 nia Exp $
+
+# Log warnings and errors to stderr
+log level warn;
+
+# Log everything to syslog
+log to syslog level debug;
+
+# Drop privileges and run as the fastd user
+drop capabilities yes;
+user "@FASTD_USER@";
+group "@FASTD_GROUP@";
+
+# Create a status socket
+status socket "@VARBASE@/run/fastd/fastd.sock";
+
+# Set the interface name
+mode tap;
+interface "tap0";
+
+# Support salsa2012+umac and null methods, prefer salsa2012+umac
+method "salsa2012+umac";
+method "null";
+
+# Bind to a fixed port, IPv4 only
+bind 0.0.0.0:10000;
+
+# Generate a secret key with `fastd --generate-key`
+secret "CHANGE_ME";
+
+# Set the interface MTU for TAP mode with xsalsa20/aes128 over IPv4 with a base MTU of 1492 (PPPoE)
+# (see MTU selection documentation)
+mtu 1426;
+
+# Include peers from the directory 'peers'
+include peers from "peers";
diff --git a/net/fastd/files/fastd.sh b/net/fastd/files/fastd.sh
new file mode 100644
index 00000000000..ca3416f618c
--- /dev/null
+++ b/net/fastd/files/fastd.sh
@@ -0,0 +1,20 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: fastd.sh,v 1.1 2021/06/24 14:01:31 nia Exp $
+#
+# PROVIDE: fastd 
+# REQUIRE: DAEMON
+
+. /etc/rc.subr
+
+name="fastd"
+rcvar=${name}
+required_files="@PKG_SYSCONFDIR@/fastd.conf"
+pidfile="@VARBASE@/run/fastd/${name}.pid"
+command="@PREFIX@/bin/fastd"
+command_args="--daemon"
+command_args="${command_args} --pid-file ${pidfile}"
+command_args="${command_args} --config @PKG_SYSCONFDIR@/fastd.conf"
+
+load_rc_config $name
+run_rc_command "$1"