IPFire 2.21 - Core Update 129 is ready for testing

by Michael Tremer, March 19, 2019

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

The next release is available for testing - presumably going to be last release in the 2.21 series before we bring some bigger changes. This update has a huge number and significant changes for IPsec as well as many updates to the core system and various smaller bug fixes.

IPsec Reloaded

IPsec has been massively extended. Although IPsec in IPFire is already quite versatile and delivered high performance, some features for experts were required and are now available through the web UI:

  • Routed VPNs with GRE & VTI
  • Transport Mode for net-to-net tunnels
  • IPsec connections can now originate from any public IP address of the IPFire installation. This can be selected on a per-connection basis.

The code has also been cleaned up the UI has been made a little bit tidier to accommodate for the new settings.

Smaller changes include:

  • The "On-Demand" mode is finally the default setting. Tunnels will shut down when they are not used and they will be established again when they are required.

Misc.

  • DHCP: A crash has been fixed when filenames containing a slash have been entered for PXE boot.
  • DHCP: Editing static leases has been fixed
  • Domains in the "DNS Forwarding" section can now be disabled for DNSSEC validation. This is a dangerous change, but has been requested by many users.
  • Updated packages: bind 9.11.6, groff 1.22.4, ipset 7.1, iptables 1.8.2, less 530, libgcrypt 1.8.4, openssl 1.1.1b, openvpn 2.4.7, squid 4.6, tar 1.32, unbound 1.9.0, wpa_supplicant 2.7
  • New commands: kdig 2.8.0
  • The build system has been optimised to reduce build time of the whole distribution to around 4-5 hours on a fast machine.

Add-Ons

  • Alexander Koch has contributed zabbix_agentd which is the agent that is installed on the monitored machine. With this, IPFire can now be integrated into an environment that is monitored by Zabbix.
  • On that note, the SNMP daemon has also been updated to version 5.8 for people who use the SNMP protocol for monitoring.
  • tor has been updated to 0.3.5.8 and some minor bugs have been fixed in the web user interface
  • The spectre-meltdown-checker script is available as an add-on which allows IPFire users to test their hardware for vulnerabilities
  • Other updates: amavisd 2.11.1, hostapd 2.7, postfix 3.4.3

To help testing, you can download the installation images from here.