This is the official release announcement for IPFire 2.17 – Core Update 95 which is a bigger release with a new kernel and various smaller feature enhancements and bug fixes.
This update contains a minor update to the Linux kernel IPFire is using based on Linux 3.14.57. Various device drivers for Intel network controllers and some other hardware have been improved.
strongswan has been updated to version 5.3.3 and much work was done on the IPsec VPN stack. The changes include feature enhancements and bug fixes.
It is now possible to configure more than one subnet per IPsec net-to-net connection- That makes configuration for more complex networks easier and also reduces the overhead for the IPsec connection.
Formerly, packets that were supposed to be sent through an IPsec tunnel were routed and then silently dropped when a tunnel was not established. This caused that packets may be sent out towards the Internet and that this connection was remembered in the connection tracking table and in rare cases causes issues so that for example SIP telephones where the PBX was on the other end of an IPsec tunnel could not register properly any more.
Packets will now be rejected by the firewall if the IPsec tunnel is not established which improves security and also eliminated the issue described above.
The DHCP is now able to submit DNS updates to an upstream name server after a DHCP lease was handed out. Therefore the names of these systems can be made available in an external DNS zone. It uses the mechanism also known as RFC2136 which is operable with many major name servers and requires TSIG keys to sign the updates.
snortwas updated to version 22.214.171.124
ntppackage was updated to version 4.2.8p4 which fixes various security vulnerabilities
dma, the new mailing component, was updated to version 0.10 which handles unreachable mail servers better and tries to resend emails
pgrepbinaries which was requested by some users
ddns, the Dynamic DNS Updater, was updated to version 009 which improves handling of SSL errors and adds desec.io as a provider
lzocompression library was updated to version 2.09
Please help us to sustain the work on IPFire Project with your donation.
Published by Michael Tremer, December 11, 2015 at 8:00 pm