[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Update: SSL, IPsec tunnels
 Date:  Tue, 9 Sep 2003 21:51:36 +0200 (CEST) 
A new pre-release image is out:

http://m0n0.ch/wall/downloads/net45xx-pb15r497.img
http://m0n0.ch/wall/downloads/generic-pc-pb15r497.img

Changes:

- replaced thttpd by mini_httpd --> HTTPS support! Mode can be selected on
the System: General setup page, and a custom certificate/private key can
be submitted on the Diagnostics: Advanced page.

- to use the webGUI from interfaces other than LAN, simply add a filter
rule to pass traffic to m0n0wall's WAN IP (HTTP or HTTPS, respectively).
No NAT rule necessary anymore.

- upgraded PHP to 4.3.3

- the local subnet can now be specified for IPsec tunnels (no longer fixed
to the LAN subnet)

To generate a custom certificate:

openssl req -new -nodes > cert.csr
openssl x509 -in cert.csr -out cert.pem -req -signkey privkey.pem -days 365

The certificate can then be found in cert.pem and the private key in
privkey.pem. cert.csr is not needed anymore.

The SSL works OK for me, but I haven't had much chance to test the last
feature (other than making sure it generates the correct SPD/racoon/filter
configuration for each situation), so as always: please test and report
bugs to me. Thanks!

Enjoy,

Manuel