|
Post by Lee Sharp on Jun 24, 2016 2:03:17 GMT
I just uploaded beta 11. I was actually quite pleased with the changes until late today... I updated a lot of options, like more known ports in the firewall, and smaller VPN subnets are now available so you do not need a block of 32 addresses if you want both pptp and l2tp. (Thanks to a client's needs, actually)
And I was working on cleaning up the web server and making it less insecure. For one thing, I was still using the old m0n0wall cert as default! (Ooops!) So I was cleaning up and making progress, and was trying to turn off SSL2 and found out there is a new release of mini_httpd! Argh!
I wanted to make a full release before the end of the month since 1.8.3 came out in June, but I will not release it untill I have mini_httpd updated and stable. And that may take some time... And I still having gotten to updating EZ-IPconfig!
Anyway, please test it out with https in lots of browsers, with default certs, SmallWall generated certs, and imported high security certs. It should support next gen certs on all browsers, but it can not automatically generate them yet.
Enjoy!
|
|
|
Post by Lee Sharp on Jun 29, 2016 3:49:47 GMT
Bad link fixed now... Doh!
|
|
|
Post by knightmb on Jan 26, 2020 15:37:33 GMT
Any plans for another beta release or are you about to hit a stable version release?
|
|
|
Post by Lee Sharp on Jan 26, 2020 15:54:25 GMT
Any plans for another beta release or are you about to hit a stable version release? That is a good question. The beta is very stable, and there is not reason not to, but I did want to add a few things... The question is if there is still any interest?
|
|
|
Post by knightmb on Jan 27, 2020 4:03:50 GMT
Any plans for another beta release or are you about to hit a stable version release? That is a good question. The beta is very stable, and there is not reason not to, but I did want to add a few things... The question is if there is still any interest? Well, I know I might be a few years late on the subject, but that was kind of the nice thing about m0n0wall is that it had a nice, stable, and long testing release cycle instead of churning out betas every week and breaking some things and fixing others. I haven't tried the beta yet for any long term test but if it has been this good for others this many years, then heck, why not make it a release? It makes news on tech sites (headlines like "SmallWall hits 5 year of stable releases") and hell it's nice to brag about how SmallWall has been stable for all these years, works on just about any hardware you can buy, etc. You read about tech hacks and exploits everyday, it's nice to have (at the time, m0n0wall, now SmallWall), software that you knew you could trust to do the job without any fuss or inconsistent configuration headaches. It just works, almost a turn-key solution. While the younger generation wants the "move fast and break things", it's nice to have the "move normal and things still work", LOL. Just my two cents.
|
|
|
Post by tuaris on Feb 21, 2020 4:57:05 GMT
I'll chime in and show interest in seeing another release. I've been running 1.8.4b11 for over a month on a Soekris net5501 and haven't run into any issues. I think the optics of seeing the last release sometime in 2015 might turn away some potential users who don't realize how stable FreeBSD is. I'm a user of both this and the other one that's based of 11.3-RELEASE. I would like to see 2 things back ported to SmallWall: 1) The change I made that lets you override the gateway on the DHCP options page. That same change also included the ability to set a hostname and override the gateway on a per client basis. (I know you use a different DCHP service, but it should provide an idea of what needs to be changed) 2) (I know this one is a sensitive one), but UPNP is really something that needs to be given as an option. It's perfectly fine if it's disabled by default and if it has a big scary warning message next to it.
|
|
|
Post by Lee Sharp on Feb 21, 2020 14:03:46 GMT
Upnp is a tough one. It is not easy to implement, and it is also something I feel is an absolutely terrible security risk!  So a lot of work for a bad product. As to DHCP, are you talking about making an option for a different default route?
|
|
|
Post by knightmb on Feb 25, 2020 0:52:07 GMT
Upnp is a tough one. It is not easy to implement, and it is also something I feel is an absolutely terrible security risk!  So a lot of work for a bad product. As to DHCP, are you talking about making an option for a different default route? Yeah, Upnp is becoming one of those things that people are requesting to make their video chat work, phone what-ever work, etc. I hate it too, but had to setup some sites with a simple DD-WRT router on some DMZ to make them happy for that. At least if SmallWall had the option, it could be "centrally" controlled. I don't know what options are available for SmallWall to support this or if it will just make the current system image too bulky, eat too much RAM, etc. But maybe just a separate discussion thread about it or point me to one already started here. I would even volunteer some time or resources to help if needed.
|
|
|
Post by Lee Sharp on Feb 25, 2020 2:43:10 GMT
Mainly a lot of work. 
|
|
|
Post by lpsantil on Oct 20, 2020 22:48:52 GMT
I'd be interested in a new release. Especially if it meant that I could keep using the cheap, low power HP t5745 Thin Client I have. I really hate having to move to pfSense and a bigger, more power hungry Dell Optiplex 9020 SFF. Pretty sure my Thin Client can handle my 500/500 fiber connection way better the POS router Frontier gave me. 64-bit CPU requirement is also a turn off for me.
|
|
|
Post by lpsantil on Oct 21, 2020 0:14:08 GMT
|
|
|
Post by Lee Sharp on Oct 21, 2020 3:59:45 GMT
I'd be interested in a new release. Especially if it meant that I could keep using the cheap, low power HP t5745 Thin Client I have. I really hate having to move to pfSense and a bigger, more power hungry Dell Optiplex 9020 SFF. Pretty sure my Thin Client can handle my 500/500 fiber connection way better the POS router Frontier gave me. 64-bit CPU requirement is also a turn off for me. I do not think you will get 500 meg out of it. You will have to test, but I think about 200 will be as good as it gets. To get full gig takes core i 4th get chips... (Very low end works fine...) Just a lot of bits to push. It is really the bus more than the CPU.
As to why I have not upgraded... The only reason to is driver support and I have not run into any problems yet. Also security patches, but most of the new vulnerabilities are in components not in smallwall!  t1n1wall is quite good and Andrew is a good guy. It is a good option if you want 12. But I am using smallwall in VMs and getting multi gig speed. And it takes no space at all!
|
|
|
Post by lpsantil on Oct 23, 2020 9:51:27 GMT
I'd be interested in a new release. Especially if it meant that I could keep using the cheap, low power HP t5745 Thin Client I have. I really hate having to move to pfSense and a bigger, more power hungry Dell Optiplex 9020 SFF. Pretty sure my Thin Client can handle my 500/500 fiber connection way better the POS router Frontier gave me. 64-bit CPU requirement is also a turn off for me. I do not think you will get 500 meg out of it. You will have to test, but I think about 200 will be as good as it gets. To get full gig takes core i 4th get chips... (Very low end works fine...) Just a lot of bits to push. It is really the bus more than the CPU.
As to why I have not upgraded... The only reason to is driver support and I have not run into any problems yet. Also security patches, but most of the new vulnerabilities are in components not in smallwall!  t1n1wall is quite good and Andrew is a good guy. It is a good option if you want 12. But I am using smallwall in VMs and getting multi gig speed. And it takes no space at all! Actually, I can pull about 500/400 with an Intel PRO/1000 PT Dual Port PCIe NIC and that silent Intel Atom N280 over AC WiFI on a TP-Link Archer C7 1750. That holds mostly true too from LAX to my employer HQ in Raleigh, NC (though ping goes from 3-5ms in LAX to 66ms in Raleigh). I am pushing about 75% CPU but I'm guessing that smallwall is only using 1 thread instead of the 2 that the N280 has. See WAN, CPU, Speedtest
|
|
|
Post by Lee Sharp on Oct 23, 2020 14:56:59 GMT
I do not think you will get 500 meg out of it. You will have to test, but I think about 200 will be as good as it gets. To get full gig takes core i 4th get chips... (Very low end works fine...) Just a lot of bits to push. It is really the bus more than the CPU.
As to why I have not upgraded... The only reason to is driver support and I have not run into any problems yet. Also security patches, but most of the new vulnerabilities are in components not in smallwall!  t1n1wall is quite good and Andrew is a good guy. It is a good option if you want 12. But I am using smallwall in VMs and getting multi gig speed. And it takes no space at all! Actually, I can pull about 500/400 with an Intel PRO/1000 PT Dual Port PCIe NIC and that silent Intel Atom N280 over AC WiFI on a TP-Link Archer C7 1750. That holds mostly true too from LAX to my employer HQ in Raleigh, NC (though ping goes from 3-5ms in LAX to 66ms in Raleigh). I am pushing about 75% CPU but I'm guessing that smallwall is only using 1 thread instead of the 2 that the N280 has. See WAN, CPU, SpeedtestThat is quite good! And while smallwall is multi-threaded, many of the complainants are not, so your are correct in the impact on core count. You can see improvements with 2, but not much difference with more than that.
|
|
|
Post by harold on Nov 21, 2020 14:37:54 GMT
Yes, there is still interest in a new release! Also a question since I don't know how new changes work: Would DoT support require a newer version of dnsmasq?
|
|