About project

This is m0n0wall mod project.

m0n0wall is a great tool but there are limitations in standard distribution. Mod project is a patchset intended to overcome these limitations.

Mod main features concern: * DHCP+PPTP for WAN interface * DHCP+PPPoE for WAN interface * Separated WAN Ethernet interface named 'WAN eth' * L2TP support

Some ISPs use DHCP+PPTP to setup client connections. First, you get IP address by DHCP over Ethernet. Second, you open VPN PPTP connection. Standard m0n0wall can not use PPTP in conjunction with DHCP, so you specify 'Local IP address' manually.

Additionally some ISPs have their own servers accessible through Ethernet interface. Opening PPP connection you can not access them directly because traffic goes through PPTP tunnel. As you may figure out it is not very fast.

Mod project solves these two problems. You can use DHCP+PPTP/PPPoE/L2TP and have full access to WAN eth interface (firewall, NAT, etc).

Features

• DHCP+PPTP for WAN interface
• static+PPPoE for WAN interface
• DHCP+PPPoE on WAN interface (currently mpd is fired up after receiving DHCP lease)
• L2TP support (1.3x only)
• separated WAN Ethernet interface named 'WAN eth' in DHCP+PPTP/PPPoE mode (can be used in firewall, NAT, etc)
• setting DHCP options in DHCP+PPTP/PPPoE mode
• execute arbitrary commands on PPTP link up/down
• automatic outbound NAT rules generation for WAN eth (with advanced outbound NAT disabled)
• simplified LAN-to-LAN routing
• some sysctl tuning

Enabling WAN eth

Open WAN settings, select PPTP or PPPoE, set options, save. Open Interfaces/assign and click 'Add WAN eth interface', reboot.

WAN eth interface is ready.

Configure routing table for desired traffic to go through WAN eth interface.

Upgrading

When upgrading from generic-pc 1.2x to generic-pc 1.3x, you must install 1.2x-0.3b3 (or later) first before you install 1.3x image.

TODO

• Allow OPT interfaces work as WAN interface, so multiple ISPs can be connected to one router (multi-WAN)
• DHCP/PPTP/PPPoE for OPT interfaces
• Allow hostnames for PPTP server (WAN config)
• IPTV support

Changelog

0.33 (June 18, 2013)

• Updated 1.3x from 1.33 to 1.34 (low priority security fixes).
• 1.3x specific: changed rootfs size to 32 Mb to avoid 'file system full' errors with many DHCP clients.
• 1.3x specific: added L2TP secret support.

0.32 (April 2, 2011)

• Updated 1.3x from 1.32 to 1.33.

0.32 (April 30, 2010)

• Updated 1.3x from 1.31 to 1.32.

0.32 (March 14, 2010)

• Updated 1.3x from 1.3 to 1.31.

0.32 (December 7, 2009)

All 1.3x users are strongly recommended to update because of security fix.

• Updated 1.3x from 1.3b18 to 1.3 final (DHCP client security fix, etc).

0.32 (October 4, 2009)

All 1.2x users are strongly recommended to update because of security fix.

• Updated 1.2x from 1.235 to 1.236 (DHCP client security fix, captive portal fixes).
• Added experimental L2TP support (1.3x only).
• Fixes in rc.newwanip improving DHCP+PPPx (default route handling, host-route to VPN server).
• PPPx: added encryption and authentication protocol options.
• PPPoE: added linkup/linkdown fields.
• PPTP: added MTU field (1.3x).
• NAT: added WAN eth rule for outgoing DNS queries.
• NAT: added 'PPTP subnet -> WAN eth' outbound rule if PPTP server is enabled.
• Captive portal: 'Allowed IP Addresses' -> 'Allowed Networks'.
• GUI: fixed garbage at linkup/linkdown fields if errors occur after clicking 'Save' (WAN config).
• GUI: show IPv4 gateway at Status/Interfaces page for WAN eth (if 'Ignore routers information' is unchecked).
• GUI: some small fixes.
• All .img files are digitally signed now.

0.31 (August 21, 2009)

Updated 1.3x from 1.3b16 to 1.3b18. This is intermediate release before 0.32.

0.31 (May 22, 2009)

• Fixed bug: IPSEC didn't work when configured on WAN eth.

0.3 (May 16, 2009)

• Checking firmware upgrades using its own server.
• 1.3x specific: ported changes from m0n0wall HEAD fixing 1.3b16 DHCPv6 problem.
• PPTP: added 'Execute on link down' field.
• PPTP: 'Execute on link up' and 'Execute on link down' are processed as shell scripts (e.g. variables can be used including $1-$9 set by mpd).
• GUI: added IP filtering and table header highlighting to Diagnostics/Logs/Firewall.
• GUI: fixed some JS to save disabled fields at WAN settings page.
• GUI: LAN is last interface at Status/Interfaces.
• GUI: LAN is default interface at Status/Traffic graph.
• GUI: added mod info to console.

0.3b3 (Apr 19, 2009)

• Added 1.3x support (IPv6 is not tested and may not work).
• 1.2x specific: 1.2x -> 1.3x upgrade is possible now.
• 1.3x specific: improved booting.
• NAT: simplified automatic outbound rules generation.

0.3b2 (Dec 23, 2008)

• DHCP+PPPoE implemented (static IP is also possible)

0.3b1 (Dec 07, 2008)

• PPTP: added 'Do not rebuild routing table on link up' flag.
• GUI: Fixed incorrect WAN statistics in PPTP mode if WAN eth exists (Status/Interfaces).
• GUI: WAN eth is fixed and reordered everywhere. Now interfaces are shown in the following order: LAN, WAN, WAN eth.
• GUI: LAN is default interface at Firewall/Rules.

0.2 (Nov 29, 2008)

• DHCP configuration now accessible in PPTP mode.
• DHCP: added 'Ignore routers information' flag.
• PPTP: added 'Execute on link up' field to execute arbitrary commands on PPTP link up.
• GUI: Fixed sorting outbound NAT rules. Now sorting includes both source and destination networks.

0.1 (Nov 19, 2008)

Initial mod release.

Digital signature

Starting from 0.32 all .img files are digitally signed. See image format.

RSA public key:

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcLayzFBCQ9Z7nC45dcgoHrSKz

Extkd7yHsk73deIWWYWym9PPn5JjPGfNYAaY8nF+U3c5hgxX8NS5jb1Zl5hBgNF6

b+nAMgKpkake7skbEj/fHuElQXCXm/yGNjOa0Rm9nWS/Wo/tyd2foPMzIA8F3sgW

akIYuWYCzZXg9KhuzwIDAQAB

-----END PUBLIC KEY-----

Donations

If you like this project you are welcome to make some donations.