This is the official release announcement for IPFire 2.15 – Core Update 82. This Core Update’s main features are the inclusion of the crowd-funded Windows Active-Directory Single Sign-On Web Proxy and the option to disable masquerading (NAT) on the local networking interfaces. In addition to that, several system libraries and tools have been updated, and minor bugs have been fixed.

Windows Active-Directory Single Sign-On Web Proxy

Proper and secure authentication against the squid Web Proxy has not been possible in IPFire before. The “Windows” authentication has been broken for a long time since there were bigger changes in the Windows Domain Controllers. This update adopts IPFire to the new and secure Active Directory authentication interfaces which use the SMB and Kerberos protocols.

Documentation is available on our IPFire wiki and some more technical insights on the IPFire planet post.

We would like to thank all donors who contributed to this feature.

Firewall changes

Disabling masquerading on local zones is now possible to configure on the GUI. If you have got public IP address space this can be used on one of the zones (for example DMZ) and the firewall will not need to NAT any packets at all. This functionality was requested by David Hauser from Technische Universität Wien (Vienna University of Technology).

Timo Eissler also contributed a fix for some Voice-over-IP devices that fail to register after reconnection of the Internet connection. All packets that are sent to the firewall will now be dropped until the Internet connection has been fully established and therefore false entries into the connection tracking table will be avoided.


  • pppd has been updated to version 2.4.7. This release fixes some seldom occurring crashes on some PPPoE connections that use MSCHAPv2 for authentication.
  • gmp has been updated to version 6.0.0
  • mpfr has been updated to version 3.2.1
  • Several fixes for the CGI scripts have been submitted by Dominik Hassler:
    • OpenVPN: The generated configuration files now contain correct line endings.
    • Active connections: IP addresses from the static OpenVPN address pools are now coloured correctly
  • Axel Gembe contributed a fix for correct validation of fully qualified domain names according to RFC1035.
  • Some coding style and minor bugs have been fixed in the ddns.cgi script.
  • batctl, boost, and tracepath are now shipped with the core distribution.


New arrivals

  • bacula (contributed by Timo Eissler)
  • squid-accounting: Alexander Marx wrote a new squid accounting addon which can create beautiful PDF reports about how much data traffic has been used by each proxy user or IP address (Documentation)


  • owncloud has been updated to version 7.0.0 by Daniel Weismüller

Thanks to all contributors and testers. We are happy to have you helping to make IPFire better. If you want to contribute, too, please consider sending us a donation.

Published by Michael Tremer, September 11, 2014 at 8:00 pm