Command line options
********************

Command line options and config files are parsed in order they are
specified, so config files specified before other options are
overwritten by the other options, config files specified later will
overwrite options specified before.

--help, -h

Shows this help text

--version, -v

Shows the fastd version

--daemon, -d

Runs fastd in the background

--pid-file <filename>

Writes fastd's PID to the specified file.

--status-socket <socket>

Configures a socket to get fastd's status.

--log-level error|warn|info|verbose|debug|debug2
   Sets the stderr log level; default is info, if no alternative log
   destination ist configured. If logging to syslog or files is
   enabled, the default is not to log to stderr.

--syslog-level error|warn|info|verbose|debug|debug2
   Sets the log level for syslog output; default is not to use syslog.

--syslog-ident <ident>

Sets the syslog identification; default is 'fastd'.

--config, -c <filename>

Loads a config file. - can be specified to read a config file from
stdin.

--config-peer <filename>

Loads a config file for a single peer. The filename will be used as
the peer name.

--config-peer-dir <dir>

Loads all files from a directory as peer configs. On SIGHUP fastd will
reload peer directories.

--mode, -m tap|multitap|tun
   Sets the mode of the interface; default is TAP mode.

--interface, -i <name>

Sets the name of the TUN/TAP interface to use. If not specified,
default names specified by the system will be used.

--mtu, -M <mtu>

Sets the MTU; must be at least 576. You should read MTU configuration,
the default 1500 is suboptimal in most setups.

--bind, -b <address:port>

Sets the bind address. Address can be an IPv4 address or an IPv6
address, or the keyword any. IPv6 addresses must be put in square
brackets.

Default is to bind to a random port, for IPv4 and IPv6. You can
specify one IPv4 and one IPv6 bind address, or both at once as any. It
is currently not possible to specify an IPv6 link-local address on the
command line.

--protocol, -p <protocol>

Sets the handshake protocol. Currently the only protocol available is
ec25519-fhmqvc, which provides a secure authentication of peers based
on public/secret keys.

--method <method>

Sets the encryption/authentication method. See the page Encryption &
authentication methods for more information about the supported
methods. More than one method can be specified; the earlier you
specify a method the higher is the preference for a method, so methods
speficied later will only be used if a peer doesn't support the first
methods.

--forward

Enables forwarding of packets between clients; read the paragraph
about this option before use!

--on-pre-up <command>

Sets a shell command to execute before interface creation. See the
detailed documentation below for an overview of the available
environment variables.

--on-up <command>

Sets a shell command to execute after interface creation. See the
detailed documentation below for an overview of the available
environment variables.

--on-down <command>

Sets a shell command to execute before interface destruction. See the
detailed documentation below for an overview of the available
environment variables.

--on-post-down <command>

Sets a shell command to execute after interface destruction. See the
detailed documentation below for an overview of the available
environment variables.

--on-connect <command>

Sets a shell command to execute when a handshake is sent to establish
a new connection.

--on-establish <command>

Sets a shell command to execute when a new connection is established.
See the detailed documentation below for an overview of the available
environment variables.

--on-disestablish <command>

Sets a shell command to execute when a connection is lost. See the
detailed documentation below for an overview of the available
environment variables.

--on-verify <command>

Sets a shell command to execute to check a connection attempt by an
unknown peer. See the detailed documentation below for more
information and an overview of the available environment variables.

--verify-config

Checks the configuration and exits.

--generate-key

Generates a new keypair.

--show-key

Shows the public key corresponding to the configured secret.

--machine-readable

Suppresses output of explaining text in the --show-key and --generate-
key commands.
