Image Modification

Hi again,

I looked into the sources and your kernel is actually IPv6 enabled. The error I have been getting was about IPv6 forwarding which according to sysctl does not exist. Is there anything else I am supposed to modify aside the kernel to get more sysctl functionalities or is it just that maybe the kernel module is not loaded ?

Just making sure, thanks for your replies.

Apologies, my own stupidity for not looking more precisely into it, I have just finished to build an IPv6 enabled kernel with all I need. Now I wonder, is it of any interest to anyone or should I stop posting ? I'd be happy to contribute if other people want this.

There's a bit of TODO before getting to a usable version (at least in my view) :

- Modify PHP to add an IPv6 configuration tick and allow for AICCU to be enabled.
- Modify PHP to allow someone to enter their credentials
- Modify PHP to enable/disable rtadvd (which I enable by default since I want my router to assign IPv6 ra on the fly)
- Fix all the things that I might have broken in the process

...
Now I wonder, is it of any interest to anyone or should I stop posting ? I'd be happy to contribute if other people want this.
...
- Modify PHP to add an IPv6 configuration tick and allow for AICCU to be enabled.
- Modify PHP to allow someone to enter their credentials
- Modify PHP to enable/disable rtadvd (which I enable by default since I want my router to assign IPv6 ra on the fly)
- Fix all the things that I might have broken in the process

Yes please

Take a look at:
http://forum.m0n0.ch/index.php/topic,197.0.html

It would be great to have it hook up with AICCU, but a more generic approach would be nice as well.

Alright, news and not so good news.

Right now, i got the whole IPv6 image working and stuff. It launches rtadvd and sixxs-aiccu (it has all been hacked straight from /etc/rc, very dirty ...). I got IPv6 pinging by messing about with ipf which is blocking all of it by default.

I spent a bit of time playing with my soekris and OpenBSD and got it running again, so I am very tempted to leave it there right now rather than spend more nights into this.

This is where it is right now, sorry for not having better news.
 

Hey good work !

Why not have this integrated in the "official" m0n0 ?

Mostly because I was mucking up with workon.sh and I haven't actually created a proper release to include those changes. Also, everything is command line, there is no interface tool to configure it and foremost, you have to mess up with ipf to allow ALL IPv6 traffic which might almost definitely be a problem for a lot of people. I would like to highlight that my intent is not focusing on the firewalling side of things over v6 at the moment.

If your stuff is not ready to give to others, please consider doing a short write-up of what you have done. Someone else might feel tempted to roll it into some patches and PHP

If your stuff is not ready to give to others, please consider doing a short write-up of what you have done. Someone else might feel tempted to roll it into some patches and PHP

Good call. Ok, here's a short description of what I've done. I have used a FreeBSD 6.2-STABLE with all patches and kernel recompiled. Then I pretty much followed the outdated developer's guide to add functionalities. I also used workon.sh to use an existing image and modify it.

First step was recompiling the kernel using the kernelconfig from SVN : http://svn.m0n0.ch/wsvn/wall/branches/freebsd6/build/kernelconfigs/?rev=0&sc=0

I used the one for M0N0WALL_NET48XX since my development was made on soekris. You also need the kernel patches and apply them : http://svn.m0n0.ch/wsvn/wall/branches/freebsd6/build/patches/kernel/?rev=0&sc=0

Once kernel is rebuild, copy necessary kernel modules to the first image and kernel compressed as indicated in the dev guide. At this stage, I just recompressed the image and flashed it on my existing 1.3b4 (which i renamed 1.3b4-ipv6 to avoid any confusion).

After reboot, you can use exec.php with commands such as : ifconfig -a to spot if IPv6 is now part of the base kernel.

After having done that part, you need to add system tools, I added ping6 since it is useful (remember again to strip it before copying onto your image). Do the same for rtadvd and follow official documentation on how it works. Copy rtadvd.conf to /etc on the disk image and make sure it suits your nic name and subnet configuration.

The following considers that you also used csup to get the freshest list of ports possible.

I used AICCU 20070115 since this is the latest stable. You will need to strip aiccu and put it in /usr/sbin for example. It needs extra libs, so ldd aiccu to find out which ones to copy. You also need to copy your aiccu.conf file to /etc and make sure you have changed user/pass/tunnel/server. Remember that aiccu requires proper NTP so make sure you're running one.

Once you've done that step, edit /etc/rc and put commands on the fly in this, it is very dirty and should be handled with separate scripts but as I was saying, I have been testing this out and needed to make a quick run to see if it was worth sticking to m0n0.

Once done, you can recompress the image and just flash it again and reboot your m0n0. This should hopefully work. You can test commands without changing the rc script at first. exec.php has been of great help in order to test this.

I got the tunnel running, ipf has been the culprit here in blocking all IPv6 traffic. If m0n0 ever switches to pf, I'll be able to help more since I know it much more than ipf. Depending on the commands you type, you might loose connectivity to your box so make sure you have a serial lying around or similar.

Hope this helps.

FRLinux,

   Can you give me a little more detail on what you did to get your firewall to allow the connections, as I'm having the same issue with all ipv6 being blocked by default in version 1.3b15.   

I did go in and create a rule that specifically allows all IPV6-ICMP however it will will now allow ping to pass it keeps blocking within the firewall it's self.

I tried to get it working with ipf however am not very familure with this command myself.