[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Beta version 1.1b6 available
 Date:  Sat, 17 Apr 2004 23:10:46 +0200
A new beta version with some changes to NAT, MTU adjustment and PPTP
VPN is available:

net45xx: http://m0n0.ch/wall/download.php?file=net45xx-1.1b6.img
net48xx: http://m0n0.ch/wall/download.php?file=net48xx-1.1b6.img
generic-pc: http://m0n0.ch/wall/download.php?file=generic-pc-1.1b6.img
cdrom: http://m0n0.ch/wall/download.php?file=cdrom-1.1b6.iso
wrap: http://m0n0.ch/wall/download.php?file=wrap-1.1b6.img

(these images are not digitally signed)

This release may be buggy and is not intended for production use! You
have been warned!

I've been held up by stupid things again... The TCP MSS fixup (which
is vital for PPPoE-type connections) was implemented using ipnat's
mssclamp option (for lack of alternatives at that time). I've come
across a situation where m0n0wall is used with a PPPoE uplink and a
routed subnet on the DMZ interface (no NAT). In that situation, there
are no ipnat rules to take care of the clamping, so the dreaded MTU
problem creeps up with DMZ traffic. MPD 3.17 supports MSS clamping,
but as it turned out, it doesn't always work (why can't things just
*work* the way they're supposed to for a change?). To solve this
problem (even in situations where MSS fixup with non-PPP WAN links is
required), I decided to patch ipnat - I'll post details and the patch
to the m0n0wall-dev mailing list shortly (code review is appreciated).

Here's the list of changes since 1.0:

- updated MPD to 3.17

- MSS clamping now works even when packets are not NATed

- MSS clamping is used for PPTP VPN - this should correct problems
when accessing the Internet via a PPTP VPN tunnel to m0n0wall

- made PPTP VPN page tabbed

- inbound/outbound/1:1 NAT on optional interfaces (contributed by
Kurt Inge Smådal)

- generate NAT rules for the PPTP VPN subnet and static routes when
advanced outbound NAT is disabled

- IP address can be specified on a per-user basis for PPTP VPN
(contributed by Steven Honson)

- updated PHP to 4.3.6

- updated racoon to version 20040408a

the following changes were already in 1.1b1:

- DNS servers assigned via PPPoE/PPTP are now used if the "allow
override" option is set
- local subnet mask of /0 now allowed in IPsec tunnels

- new SVG-based traffic grapher (contributed by Thierry Lechat)

- bpalogin support

- updated system to FreeBSD 4.9-RELEASE-p4

- updated ipfilter to 3.4.33

- disabled hardware TX checksumming for 3com cards due to buggy chips

- new kernel patch that should solve PPTP VPN timeout/packet loss
problems once and for all