[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  m0n0wall dash announce at lists dot m0n0 dot ch
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Beta 1.3b12 released
 Date:  Mon, 7 Jul 2008 23:25:37 +0200
Hello m0n0wall users,

in case you've been wondering - no, I haven't fallen off the face of  
the earth yet - just had other things than m0n0wall to keep me busy.

But not to worry - m0n0wall 1.3b12 is out, and there's a new feature:  
IPv6 support (routing and firewalling)! I realize that IPv6 is still a  
bit of a geeky thing without much use/demand in real life, but maybe,  
hopefully, one day... The base for this was actually contributed by  
Michael Hanselmann way back in 2005, and with some modifications to  
reflect the changes in m0n0wall since then, as well as a few fixes/ 
improvements (most notably easy to configure 6to4 support), it is now  
finally in an official release. (Belated) Thanks, Michael!

IPv6 support must be explicitly enabled on the System: Advanced setup  
page before any of the new options will become available. Also, by  
default there are no firewall rules for IPv6, so everything is  
blocked. Make sure to add at least a rule on your LAN interface for  
outbound connections if you want to use IPv6.

Since it's the first release with IPv6 support, bugs in the  
implementation are likely. As always, please post on the mailing list  
or in the forum if you've found something odd (with a detailled  
description of what you did, please). Also let us know if everything  
worked "out of the box". :)

If you don't have native IPv6 connectivity yet, don't worry: 6to4  
tunneling is supported, which should work anywhere you've got a (non- 
firewalled) public IPv4 address. Simply choose "6to4" for the IPv6  
mode on both the WAN and LAN interfaces - no need to manually  
configure any IPv6 addresses (check the IPv6 RA option on the LAN  
interface and your LAN hosts will be able to automatically obtain an  
IPv6 address). It can also work with dynamic WAN IPv4 addresses (LAN/ 
OPT IPv6 subnets are adjusted automatically). Note that some operating  
systems do not use IPv6 when connecting to a host that supports both  
IPv4 and IPv6 if they are configured with a 6to4 IPv6 address (-> RFC  
3484), so use an IPv6-only host (try http://ipv6.m0n0.ch) for browser  
testing, or simply do a "ping6".

If you've got native IPv6 connectivity (not supported over PPPoE/PPTP  
yet), remember that you'll have to statically route your m0n0wall's  
LAN subnet from your upstream router - there's no NAT for IPv6 in  
m0n0wall (and it would be pretty pointless in most cases anyway :).

Also, if you've gotten it to work and need some IPv6 capable web sites  
to try it out, have a look at http://sixy.ch (or http://ipv6.sixy.ch),  
a directory of IPv6 enabled web sites.

In other news, m0n0wall now generates a self-signed SSL certificate  
and key pair for the webGUI on the fly if there's none when switching  
from HTTP to HTTPS - this should be much more secure than the default,  
shared one. There's also a button on the System: Advanced page to  
regenerate the cert/key - you may want to use that one if you've got  
existing configs with HTTPS and no custom certificate.

Finally, a bug in ipnat has been fixed that I have found to cause rare  
and thus hard to diagnose kernel panics on a non-m0n0wall system that  
I'm managing.

Detailed change log and downloads:

http://m0n0.ch/wall/beta.php

Enjoy,

Manuel