Download IPFire 2.17 - Core Update 89
(ISO-Image - i586 - 155M)


Image type Size

Installable CD image
Use this image to burn a CD and install IPFire from it.

SHA1 checksum: 9d3186f145348942b7d392f8afa944d29085f7b6

Flash image
An image that is meant to run on embedded devices.

SHA1 checksum: 00b1639f66aab064ff8f0d1e3bcea7e622f835d8

Flash image for devices with serial console
Flash image where a serial console is enabled by default.

SHA1 checksum: 5f8611b41623e34808b391816af48d5a6cabbb78
Xen-Image Generator
Generator for creating a Xen image.

SHA1 checksum: 10fc9123e333c68daaf684844f86f58797b3c18f


Image type Size

Image for the armv5tel architecture
This image runs on many ARM-based boards

SHA1 checksum: 53c39c73c00d39b2d8b3e98b432de697e01cf01b

armv5tel image for boards with serial console
This image runs on ARM boards with a serial console

SHA1 checksum: 1d715af0aac753b05a2acbbdedcd4120b4d7caf0

Legend: Magnet link, Torrent download

Announcement: IPFire 2.17 - Core Update 89 released

This is the official release announcement of IPFire 2.17 – Core Update 89. This one comes with some new features, many updates of software packages and various minor bug fixes.

OpenVPN Net-To-Net Statistics

Connection statistics of OpenVPN net-to-net connections are now collected and graphed. They show incoming and outgoing traffic of the VPN connections and compression ratios.

Dynamic DNS Updater

The dynamic DNS updater tool ddns has been massively extended:

  • A database is used to track successful and failed updates. ddns will automatically back-off when an update could not be performed and will re-try after a longer time. asked to never repeat any updates after one has failed for any reason.
  • New supported providers:,,,,|net,,,,
  • Token-based authentication is now supported for
  • Support for and has been fixed which have changed their update protocols.
  • used to remove MX and backup MX records for every update. Additional parameters of the update request have been added so that the original settings are not changed any more.
  • Handle badagent response for all DynDNS2 protocol-compatible providers. ddns will respect if it has been blocked by the provider.
  • Improve error handling for various responses from the provider’s HTTP services.

Updated packages

daq 2.0.4, ethtool 3.16, fcron 3.2.0, file 5.20, fuse 2.9.3, gnupg 1.4.18, grep 2.21, hdparm 9.45, libart 2.3.21, libassuan 2.1.3, libcap 1.6.2, libevent 2.0.21-stable, libffi 3.2.1, libpcap 1.6.2, ntfs-3g 2014.2.15, pcre 8.36, screen 4.2.1, smartmontools 6.3, snort, strongswan 5.2.2, sqlite 8.7.4, squid 3.4.9, tar 1.28, tzdata 2015a, wget 1.16, zlib 1.2.8

dnsmasq has been updated to a recent version with various fixes for DNSSEC and other bugs.


asterisk 11.15.0 + support for TLS and SRTP, clamav 0.98.6, NEW haproxy 1.5, htop 1.0.3, libdvbpsi 1.2.0, lynis 1.6.4, mc 4.8.13, NEW monit 5.11, miniupnpd 1.9, nginx 1.6.2, nmap 6.47, owncloud 7.0.3, samba 3.6.25, tcpdump 4.6.2

Feature Enhancements & Bug fixes

  • Firewall
    • Service groups are limited to 15 services per protocol. Due to a defect in the web GUI it was possible to create groups with up to 16 services which has been fixed now.
    • The remark of some firewall rules could not be removed when nothing else was changed. This has been fixed as well.
    • Fix setting rate-limiting rules. Those were not always applied correctly.
  • IPsec
    • Allow an IKE lifetime up to 24 hours.
  • OpenVPN
    • Allow setting an expiration time for net-to-net connection certificates.
    • Let openssl pick the sources for entropy that are used to initialize the random-number generator on its own.
  • The backup functionality is robust against filenames including hyphens.
  • squid-accounting: #10693 (last month of year leads to error (no data shown in webinterface))
  • fireinfo: Improve finding the vendor/model of ARM single-board-computers.
  • Installer: Cut off too long harddisk description strings

There were many contributions to this Core Update by Matthias Fischer, Dirk Wagner, Erik Kapfer, and Christoph Anderegg in addition to the usual IPFire Core Developers. Thanks for that.

You can contribute as well or support the IPFire project with your donation. Your help is a foundation of this project and very much appreciated by all contributors. Maybe you can help funding a new feature. We also do now accept donations in various currencies.

In other news

We would like to point you to some interesting articles on our developer’s blog. We find them an interesting read and they give some more insights into the project. There is a RSS feed which you can subscribe to, or follow us on Twitter.

Published by Michael Tremer, April 21, 2015 at 6:45 pm