Welcome, Guest. Please login or register.

Recent Posts

Pages: [1] 2 3 ... 10
Feature Requests / Re: Support creating generic tunnel interface (GIF)
« Last post by andywhite on January 31, 2021, 08:18:04 PM »
Hi !

There is support already there , carried over from m0n0wall days, for an ipv6 tunnel. 

Once ipv6 is enabled (in the system settings), the wan interface will show options for using a tunnel endpoint for ipv6
Feature Requests / Support creating generic tunnel interface (GIF)
« Last post by tuaris on January 17, 2021, 02:26:45 PM »
This is a feature request to support creating a generic tunnel interface:

A use case example is with https://tunnelbroker.net.  The tunnel would be created as follows on a FreeBSD system

Code: [Select]
ifconfig gif0 create
ifconfig gif0 tunnel $IPv4_address_of_Firewall WAN interface $IPv4_address_of_remote_tunnel_server
ifconfig gif0 inet6 $assigned_IPV6_client_address $assigned_IPV6_endpoint_address prefixlen $given_prefixlen
route -n add -inet6 default $assigned_IPV6_endpoint_address
ifconfig gif0 up

The GUI/form to create this interface would probably be a new tab under Interfaces with a page name like interfaces_gif.php.  The form would prompt for the variables above:

Code: [Select]
$IPv4_address_of_Firewall = get_ip_of_wan_inet();
$IPv4_address_of_remote_tunnel_server= "x.x.x.x";
$assigned_IPV6_client_address = "x:x:x:x::x";
$assigned_IPV6_endpoint_address = "x:x:x:x::x";
$given_prefixlen = 128;

Afterwards a new interface should be present on the firewall, and the firewall has IPv6 connectivity.  The part I'm unsure of how to do (since I haven't experimented with dual stack yet, is how to configure the firewall to use dual stack to 1) provide cleints with IPv6 addresses, and 2) route IPv6 client packets over the GRE tunnel.
Installation / Re: restore config
« Last post by andywhite on June 15, 2020, 09:13:24 AM »

Sounds like a firewall rule that worked with ipfilter, but not pf.  can you send DM output of /status.php to me ?

Installation / restore config
« Last post by RobbanG on June 15, 2020, 04:55:55 AM »
I need help with my new APU3C4 i can login when its newly installed but as soon as i load an old config from smallwall or t1n1wall i cant get any ip or cant access webinterface.
but if i disable pf i get an ip and i can access webinterface.
But same occur if i reboot.
VPN / Firewall Rules for PPTP VPN clients
« Last post by tuaris on October 19, 2019, 10:06:19 AM »
I already have the default rule in place to allow PPTP clients to access hosts on the remote network (LAN).  No issue when a PPTP VPN client makes an outbound connection to a host on the LAN.

The hosts on the LAN are unable to make outbound connections to (or ping) any of the VPN clients.  Additionally, VPN clients are unable to communicate with each other.
What additional firewall rules do I need to add?

This is what my LAN rules currently are:

General Questions / Re: DNSSEC Problem?
« Last post by hb2000 on September 19, 2019, 11:20:18 AM »
the new images are working and DNSSEC is working great too.  Thanks!
General Questions / Re: DNSSEC Problem?
« Last post by andywhite on September 18, 2019, 11:21:48 PM »
i have re-uploaded the images, something seems to have gone wrong last time, corrupting the images.
General Questions / Re: DNSSEC Problem?
« Last post by hb2000 on September 18, 2019, 05:06:12 PM »
I downloaded version 178 for i386 - the IMG file updated but on reboot it only gets about halfway on the restart before it gives an error and reboots.  I tried the ISO to install from scratch and it does the same.
Firewall/NAT / Re: NAT Port Fowarding Ranges Not Workig Correctly
« Last post by andywhite on September 18, 2019, 10:38:55 AM »
t1n1wall is getting less tiny , due to changes in 11.3, snmpd version etc.  I need to take a look at the flashing process as it's probably erroring (with bad messaging) because images are bigger.
General Questions / Re: DNSSEC Problem?
« Last post by andywhite on September 18, 2019, 10:37:39 AM »

t1n1wall was set to use a single trust anchor that is removed from root servers,  I have added the second trust anchor, so should be good now (fixed in r178)

it's on my to-do list to make it user configurable in the future.

Pages: [1] 2 3 ... 10