IPFire 2.19 - Core Update 110 is available for testing

by Michael Tremer, April 5, 2017

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

Hello Community,

it is once again time to give the next Core Update a good test before it is rolled out to everyone. We included some exciting features in this one as well as updates of many system packages and many bug and security fixes.

On-Demand IPsec VPNs

IPFire used to keep IPsec VPNs up all the time. This wastes resources if a connection is not used very often for example for a daily backup only.

Core Update 110 allows to configure IPsec VPNs in an On-Demand mode which will establish the connection as soon as it is needed and will close it after 15 minutes of inactivity to save resources.

This is especially handy for people who have a large number of IPsec net-to-net connections on either weak hardware or connections that are not required all the time like maintenance or backup connections, etc.

Performance Enhancements for DNS

unbound, the DNS resolver working inside IPFire, has been tuned to allow more concurrent queries and assigned more memory to keep a larger DNS cache.

Especially in large networks or when a burst of DNS queries needs to be handled, there is a notable increase of performance.

Misc.

  • Graphs in the web user interface are now larger to show more detail
  • Packets that are received from a bridge interface are not passed through the firewall engine any more
  • Apache allows more concurrent connections now, which speeds up distributing proxy.pac, updates from Update Accelerator and more
  • The GeoIP database is now regularly updated over HTTPS
  • Gabriel Rolland has updated the Italian translation
  • Jonatan Schlag reorganised all initscripts in the build system which makes packaging add-ons easier
  • setup allows now to set the subnet mask of the RED interface to 255.255.255.255. This is required with some web hosting companies which are trying to save IPv4 addresses and then need a host route for the default gateway.

Updated Packages

apcupsd 3.14.14, bind 9.11.0-P3, cairo 1.14.8, conntrack-tools 1.4.4, fontconfig 2.12.1, freetype 2.7.1, lm_sensors 3.4.0, nettle 3.3, ntp 4.2.8p10, openssh 7.4p1 – for PCI compliance, pixman 0.34.0, squid 3.5.25, unbound 1.6.1, wget 1.19.1

Add-ons

avahi 0.6.32, cups 2.2.2 & cups-filter, ffmpeg 3.2.4, ghostscript 9.20, mc 4.8.19, motion 4.0.1, mpd 0.20.6, tcpdump 4.9.0

New Packages
  • gnutls, an SSL library
  • epson-inkjet-printer-escpr for EPSON printers
  • lcms2, an image library
  • qpdf and poppler PDF rendering libraries


As always, we would like to ask all users to participate in testing which will highly improve the quality of this update.

Please report any bugs to our bug tracker and provide any feedback on our development mailing list.