Register | Log in

fastd

Fast and Secure Tunneling Daemon

Choose email to subscribe with

general

source: fastd (main)
version: 23-1
maintainer: Debian CommunityWLAN Team (DMD)
uploaders: Haiko Helmholz [DMD] – Sven Eckelmann [DMD]
arch: all any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 18-3+deb10u1
oldstable: 21-1
old-bpo: 22-4~bpo11+1
stable: 22-4
testing: 22-4
unstable: 23-1

versioned links

18-3+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
21-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
22-4~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
22-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
23-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

fastd
fastd-doc

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-24356: fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast reconnect" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake packet (~150 bytes of UDP payload). Including IPv4 and UDP headers, the resulting amplification factor is roughly 12-13. By sending data packets with a spoofed source address to fastd instances reachable on the internet, this amplification of UDP traffic might be used to facilitate a Distributed Denial of Service attack. This vulnerability is fixed in v23.

Created: 2025-01-26 Last update: 2025-01-29 14:00

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-24356: (needs triaging) fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast reconnect" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake packet (~150 bytes of UDP payload). Including IPv4 and UDP headers, the resulting amplification factor is roughly 12-13. By sending data packets with a spoofed source address to fastd instances reachable on the internet, this amplification of UDP traffic might be used to facilitate a Distributed Denial of Service attack. This vulnerability is fixed in v23.

You can find information about how to handle this issue in the security team"s documentation.

Created: 2025-01-26 Last update: 2025-01-29 14:00

debian/patches: 1 patch to forward upstream low

Among the 2 debian patches available in version 23-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-01-27 11:21

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 4.6.2).

Created: 2024-04-07 Last update: 2025-01-26 21:49

testing migrations

This package will soon be part of the auto-libsodium transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for fastd (22-4 to 23-1): Will attempt migration (Any information below is purely informational)
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/f/fastd.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Reproducible on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- ∙ ∙ 5 days old (needed 5 days)

news

[2025-01-26] Accepted fastd 23-1 (source) into unstable (Sven Eckelmann)
[2022-12-25] Accepted fastd 22-4~bpo11+1 (source) into bullseye-backports (Sven Eckelmann)
[2022-12-25] fastd 22-4 MIGRATED to testing (Debian testing watch)
[2022-12-17] Accepted fastd 22-4 (source) into unstable (Sven Eckelmann)
[2022-11-20] fastd 22-3 MIGRATED to testing (Debian testing watch)
[2022-11-14] Accepted fastd 22-3 (source) into unstable (Sven Eckelmann)
[2021-09-02] Accepted fastd 22-2~bpo10+1 (source amd64 all) into oldstable-backports-sloppy->backports-policy, oldstable-backports-sloppy (Debian FTP Masters) (signed by: Sven Eckelmann)
[2021-08-24] Accepted fastd 22-2~bpo11+1 (source amd64 all) into bullseye-backports, bullseye-backports (Debian FTP Masters) (signed by: Sven Eckelmann)
[2021-08-20] fastd 22-2 MIGRATED to testing (Debian testing watch)
[2021-08-15] Accepted fastd 22-2 (source) into unstable (Sven Eckelmann)
[2021-06-27] Accepted fastd 22-1 (source) into experimental (Sven Eckelmann)
[2020-11-19] Accepted fastd 18-3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sven Eckelmann)
[2020-10-25] Accepted fastd 18-2+deb9u1 (source) into oldstable (Sven Eckelmann)
[2020-10-22] Accepted fastd 21-1~bpo10+1 (source) into buster-backports (Sven Eckelmann)
[2020-10-22] fastd 21-1 MIGRATED to testing (Debian testing watch)
[2020-10-19] Accepted fastd 21-1 (source) into unstable (Sven Eckelmann)
[2020-10-16] Accepted fastd 20-1~bpo10+1 (source) into buster-backports (Sven Eckelmann)
[2020-10-16] fastd 20-1 MIGRATED to testing (Debian testing watch)
[2020-10-10] Accepted fastd 20-1 (source) into unstable (Sven Eckelmann)
[2020-06-19] Accepted fastd 19-3~bpo10+1 (source amd64 all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Sven Eckelmann)
[2020-06-16] fastd 19-3 MIGRATED to testing (Debian testing watch)
[2020-06-11] Accepted fastd 19-3 (source) into unstable (Sven Eckelmann)
[2020-06-11] Accepted fastd 19-2 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Sven Eckelmann)
[2020-06-10] Accepted fastd 19-1~bpo10+1 (source amd64) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Sven Eckelmann)
[2020-06-05] fastd 19-1 MIGRATED to testing (Debian testing watch)
[2020-05-31] Accepted fastd 19-1 (source) into unstable (Sven Eckelmann)
[2018-03-13] Accepted fastd 18-3~bpo9+1 (source amd64) into stretch-backports, stretch-backports (Steffen Moeller)
[2018-02-15] fastd 18-3 MIGRATED to testing (Debian testing watch)
[2018-02-10] Accepted fastd 18-3 (source amd64) into unstable (Matthias Schiffer) (signed by: Steffen Moeller)
[2016-11-08] Accepted fastd 18-2~bpo8+1 (source amd64) into jessie-backports (Steffen Moeller)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 23-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing