The M0n0wall project has released BETA6 (22/12/2007). This release adds support for IPsec filtering and tunnels with (dynamic) remote host names. It also allows up to 256 concurrent PPTP VPN clients (instead of only 16) and contains fixes for the filtering bridge and the captive portal. An ipfilter update also corrects the lockup issues experienced by some users with 1.3b5.
Full list of changes:
- added support for IPsec tunnels with (possibly dynamic) remote host names (instead of fixed IP addresses); the host name is polled at regular intervals (default 60 seconds), and if the IP address that it maps to changes, IPsec is reconfigured. Note that this will also cause other (non-dynamic) tunnels to be briefly interrupted.
- added firewall support for decapsulated IPsec packets (new pseudo-interface “IPsec” in firewall rule editor); this is on by default, but the default configuration contains a “pass all” rule on the new IPsec pseudo- interface (and this is also added automatically for existing configurations), which can then be deleted to actually filter IPsec VPN traffic
- enabled larger client subnet sizes (= more concurrent connections) for PPTP VPN server (up to 256); change subnet size on PPTP VPN setup page if desired
- fixed filtering bridge when used in conjunction with traffic shaper
- captive portal reliability fixes
- updated timezone data
- stop discriminating against nge(4) (National Semiconductor PCI Gigabit Ethernet) adapters
- fix DHCP release button on interface status page
- updated FreeBSD to 6.2-RELEASE-p9
- updated ipfilter to 4.1.28 (fixes lockup issues from 1.3b5)