[ previous ] [ next ] [ threads ]
 
 From:  Lynn Grant <lgrant at adamscon dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Beta 1.3b12 released
 Date:  Mon, 7 Jul 2008 22:21:30 -0500
Manuel...

I am very happy to hear about IPV6 support.  I have been using an IPV6 tunnel 
from Hurricane Electric, and wishing I could run IPV6 on my whole network.  
Now I can.

Thanks!

Lynn


On Monday 07 July 2008 16:25:37 Manuel Kasper wrote:
> Hello m0n0wall users,
>
> in case you've been wondering - no, I haven't fallen off the face of
> the earth yet - just had other things than m0n0wall to keep me busy.
>
> But not to worry - m0n0wall 1.3b12 is out, and there's a new feature:
> IPv6 support (routing and firewalling)! I realize that IPv6 is still a
> bit of a geeky thing without much use/demand in real life, but maybe,
> hopefully, one day... The base for this was actually contributed by
> Michael Hanselmann way back in 2005, and with some modifications to
> reflect the changes in m0n0wall since then, as well as a few fixes/
> improvements (most notably easy to configure 6to4 support), it is now
> finally in an official release. (Belated) Thanks, Michael!
>
> IPv6 support must be explicitly enabled on the System: Advanced setup
> page before any of the new options will become available. Also, by
> default there are no firewall rules for IPv6, so everything is
> blocked. Make sure to add at least a rule on your LAN interface for
> outbound connections if you want to use IPv6.
>
> Since it's the first release with IPv6 support, bugs in the
> implementation are likely. As always, please post on the mailing list
> or in the forum if you've found something odd (with a detailled
> description of what you did, please). Also let us know if everything
> worked "out of the box". :)
>
> If you don't have native IPv6 connectivity yet, don't worry: 6to4
> tunneling is supported, which should work anywhere you've got a (non-
> firewalled) public IPv4 address. Simply choose "6to4" for the IPv6
> mode on both the WAN and LAN interfaces - no need to manually
> configure any IPv6 addresses (check the IPv6 RA option on the LAN
> interface and your LAN hosts will be able to automatically obtain an
> IPv6 address). It can also work with dynamic WAN IPv4 addresses (LAN/
> OPT IPv6 subnets are adjusted automatically). Note that some operating
> systems do not use IPv6 when connecting to a host that supports both
> IPv4 and IPv6 if they are configured with a 6to4 IPv6 address (-> RFC
> 3484), so use an IPv6-only host (try http://ipv6.m0n0.ch) for browser
> testing, or simply do a "ping6".
>
> If you've got native IPv6 connectivity (not supported over PPPoE/PPTP
> yet), remember that you'll have to statically route your m0n0wall's
> LAN subnet from your upstream router - there's no NAT for IPv6 in
> m0n0wall (and it would be pretty pointless in most cases anyway :).
>
> Also, if you've gotten it to work and need some IPv6 capable web sites
> to try it out, have a look at http://sixy.ch (or http://ipv6.sixy.ch),
> a directory of IPv6 enabled web sites.
>
> In other news, m0n0wall now generates a self-signed SSL certificate
> and key pair for the webGUI on the fly if there's none when switching
> from HTTP to HTTPS - this should be much more secure than the default,
> shared one. There's also a button on the System: Advanced page to
> regenerate the cert/key - you may want to use that one if you've got
> existing configs with HTTPS and no custom certificate.
>
> Finally, a bug in ipnat has been fixed that I have found to cause rare
> and thus hard to diagnose kernel panics on a non-m0n0wall system that
> I'm managing.
>
> Detailed change log and downloads:
>
> http://m0n0.ch/wall/beta.php
>
> Enjoy,
>
> Manuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch