1.8b Development

Hi all,

when using the WebGUI via IPv6, the certificate is displayed as wrong. The browser always tries to connect to the IPv4 - Version, only to try the IPv6-Version again with the same failure.

Safari can't trust the certificate, Firefox will not display it at all using IPv6.

All the best,

maybe

I can confirm this for Firefox 13 and m0n0wall 1.8b510. When clicking on "Add Exception", it states "No information available. Unable to obtain identification status for the given site."

one thought crossed my mind: The certificate was generated before m0n0wall knew about IPv6, so I re-generated a new certificate in the hope it would somehow include the IPv6 Address, but it did not.

So, same error, newest version (510)

This looks more like a bug in Firefox to me - see https://bugzilla.mozilla.org/show_bug.cgi?id=633001. I can reproduce the problem when using the raw (bracketed) IPv6 address, but it works fine when using a proper hostname (that maps to an IPv6 address only) instead of the raw address. Same problem with Safari under Windows. Google Chrome, Internet Explorer and Opera don't have any problems with the raw address though.

Hello Manuel,

I am trying to setup everything with IPv6 at home, but as of now I did not have DNS-Server here, so I could not test what you said.

So I did setup a centOS server with bind, correctly delivering forward and reverse IPv4 and IPv6 hostnames and addresses, and it is reachable via v4 and v6.

And now I'm wondering how to tell the clients which DNS-Server to use without disabling auto configuration for IPv6.

From my research the tool of choice here is "stateless dhcpv6", so as the client auto configures its IPv6-address, and then gets told by the router to query the dhcpv6, where it only gets DNS-information but no address.

Does m0n0wall support stateless dhcpv6 or do I have to input my new DNS Server manually to all clients?

So, I can confirm that the certificate does not fail once connecting through a FQDN rather than IPv6-Adress directly.

My question remains: How to tell auto configured IPv6 clients where the DNS Server reachable at?

m0n0wall supports stateless (RA) and stateful (dhcpv6)

To give the ip statelessly and the DNS via dhcp to clients, select 'other' not managed to be sent with the RA, and configure a DHCPv6 scope in m0n0wall.  Clients should then use dhcp to receive their DNS server setting.

Hi, thx for the clarification.

However, it does somehow not work that way. When I enable RA set to "other", and enable a DHCPv6 Server with a valid scope, clients get my m0n0wall as DNS and not the set DNS-Servers in the general Settings tab.
Not even if I disable DNS forwarder, and not even if I only set IPv6-DNS-Servers in the General Settings tab.