The next release is available for testing - presumably going to be last release in the 2.21 series before we bring some bigger changes. This update has a huge number and significant changes for IPsec as well as many updates to the core system and various smaller bug fixes.
IPsec Reloaded
IPsec has been massively extended. Although IPsec in IPFire is already quite versatile and delivered high performance, some features for experts were required and are now available through the web UI:
- Routed VPNs with GRE & VTI
- Transport Mode for net-to-net tunnels
- IPsec connections can now originate from any public IP address of the IPFire installation. This can be selected on a per-connection basis.
The code has also been cleaned up the UI has been made a little bit tidier to accommodate for the new settings.
Smaller changes include:
- The "On-Demand" mode is finally the default setting. Tunnels will shut down when they are not used and they will be established again when they are required.
Misc.
- DHCP: A crash has been fixed when filenames containing a slash have been entered for PXE boot.
- DHCP: Editing static leases has been fixed
- Domains in the "DNS Forwarding" section can now be disabled for DNSSEC validation. This is a dangerous change, but has been requested by many users.
- Updated packages:
bind
9.11.6,groff
1.22.4,ipset
7.1,iptables
1.8.2,less
530,libgcrypt
1.8.4,openssl
1.1.1b,openvpn
2.4.7,squid
4.6,tar
1.32,unbound
1.9.0,wpa_supplicant
2.7 - New commands:
kdig
2.8.0 - The build system has been optimised to reduce build time of the whole distribution to around 4-5 hours on a fast machine.
Add-Ons
- Alexander Koch has contributed
zabbix_agentd
which is the agent that is installed on the monitored machine. With this, IPFire can now be integrated into an environment that is monitored by Zabbix. - On that note, the SNMP daemon has also been updated to version 5.8 for people who use the SNMP protocol for monitoring.
tor
has been updated to 0.3.5.8 and some minor bugs have been fixed in the web user interface- The
spectre-meltdown-checker
script is available as an add-on which allows IPFire users to test their hardware for vulnerabilities - Other updates:
amavisd
2.11.1,hostapd
2.7,postfix
3.4.3
To help testing, you can download the installation images from here.