IPv6 and M0n0wall: How To

[Maiku]

If anyone is interested in getting IPv6 working with M0n0wall, this is how I did it.
I use a Soekris 4801 with a Draytek Vigor 100 ADSL-Ethernet modem, but this should work for other hardware too.

You'll need the latest 1.33 version of M0n0wall Here. My Soekris uses the 'embedded' image.

First, install M0n0wall as per the normal instructions depending on your hardware, a simple method if you have an old PC is the CD ISO option, where it will run off a CD, I used physdiskwrite to put an image on a CF card for the Soekris.
Setup the IPV4 Lan address and get into the GUI. Make sure the interfaces are set how you like them, ie which is wan/lan.

Enable IPv6:
In 'Advanceed' Tick the 'Enable IPv6 Support' and then hit save.
You'll now have more options in the WAN and LAN interface pages.

WAN configuration:
Type: PPPoE
IPv6 mode: PPP
Leave everything else blank/ as is, and enter you IDNet login details in the PPPoE configuration section (username@idnet.gwX) and the password.
The rest of the options are not required. Click save.

LAN Configuration:
IP address: Your normal, internal, private IPv4 address.
IPv6 mode: DHCP-PD

IPV6 Prefix Delegation:
This part was the most frustrating, as its not clear whats supposed to go in here, initially I had tried various combinations of the delegation address/range from IDNet, and got no where, what your supposed to put in here is a number for the 'Site Level Aggregator ID', which is nice and cryptic, but it appears its just like a subnet number to split your delegation. So in other words, putting a single '1' in here works perfectly fine. Then choose /48 from the drop down box. Its a bit like getting a class B v4 address, choosing 1 and having a subnet like 123.123.1.0 <- the 1 being the 'ID', you can use different IDs for each lan segment.

IPV6 RA:
Tick the 'Send IPv6 Router advertisements' box.

I have the rest unchecked, save.

M0n0wall sets up a DNS Forwarder by default, and this defaults to use the DNS servers provided by IDNet from the PPP session, this is fine as is.

DHCP Server:
Enable and configure your IPv4 section.
Do NOT configure the IPv6 section - it will be done by RA from IDNet, so you leave it off.
Note - I had issues with errors in the log while I was doing this, the work around was to setup the DHCPv6 server with random stuff then disable it, I don't know if that will be needed or not, but just putting it in here just in case you get stuck, you shouldn't need to do that.

Firewall -> IPv6 rules:
WAN: Nothing. I don't have any rules here, nothing is allowed inbound at all.
LAN: A single rule: Any protocol, source 'LAN Net' any port, destination Any, port any.
This rule lets any/etherything out on IPv6 - you need to decide if thats good or not.
Press 'apply' to activate the rules.

Finally, reboot the router. In the 'Diagnostics' menu theres a 'Reboot System' option.

When it comes back up, it should pull a v4 and a v6 address from IDNet via PPP, and then use RA to give out adresses to anything on the LAN.
I've noticed it can take a few moments for the V6 stuff to work, and you may need to disable/enable your lan interface in windows for it to pick it up.

If it works try things like   ping -6 ipv6.google.com
or take a look at www.thinkbroadband.com and try their V6 section and speed test.

Questions / suggestion on how to make this better, let me know

[Steve]

Thanks Maiku , I don't use a software firewall but very informative indeed