This is the official release announcement of IPFire 2.17 – Core Update 89. This one comes with some new features, many updates of software packages and various minor bug fixes.

OpenVPN Net-To-Net Statistics

Connection statistics of OpenVPN net-to-net connections are now collected and graphed. They show incoming and outgoing traffic of the VPN connections and compression ratios.

Dynamic DNS Updater

The dynamic DNS updater tool ddns has been massively extended:

  • A database is used to track successful and failed updates. ddns will automatically back-off when an update could not be performed and will re-try after a longer time. asked to never repeat any updates after one has failed for any reason.
  • New supported providers:,,,,|net,,,,
  • Token-based authentication is now supported for
  • Support for and has been fixed which have changed their update protocols.
  • used to remove MX and backup MX records for every update. Additional parameters of the update request have been added so that the original settings are not changed any more.
  • Handle badagent response for all DynDNS2 protocol-compatible providers. ddns will respect if it has been blocked by the provider.
  • Improve error handling for various responses from the provider’s HTTP services.

Updated packages

daq 2.0.4, ethtool 3.16, fcron 3.2.0, file 5.20, fuse 2.9.3, gnupg 1.4.18, grep 2.21, hdparm 9.45, libart 2.3.21, libassuan 2.1.3, libcap 1.6.2, libevent 2.0.21-stable, libffi 3.2.1, libpcap 1.6.2, ntfs-3g 2014.2.15, pcre 8.36, screen 4.2.1, smartmontools 6.3, snort, strongswan 5.2.2, sqlite 8.7.4, squid 3.4.9, tar 1.28, tzdata 2015a, wget 1.16, zlib 1.2.8

dnsmasq has been updated to a recent version with various fixes for DNSSEC and other bugs.


asterisk 11.15.0 + support for TLS and SRTP, clamav 0.98.6, NEW haproxy 1.5, htop 1.0.3, libdvbpsi 1.2.0, lynis 1.6.4, mc 4.8.13, NEW monit 5.11, miniupnpd 1.9, nginx 1.6.2, nmap 6.47, owncloud 7.0.3, samba 3.6.25, tcpdump 4.6.2

Feature Enhancements & Bug fixes

  • Firewall
    • Service groups are limited to 15 services per protocol. Due to a defect in the web GUI it was possible to create groups with up to 16 services which has been fixed now.
    • The remark of some firewall rules could not be removed when nothing else was changed. This has been fixed as well.
    • Fix setting rate-limiting rules. Those were not always applied correctly.
  • IPsec
    • Allow an IKE lifetime up to 24 hours.
  • OpenVPN
    • Allow setting an expiration time for net-to-net connection certificates.
    • Let openssl pick the sources for entropy that are used to initialize the random-number generator on its own.
  • The backup functionality is robust against filenames including hyphens.
  • squid-accounting: #10693 (last month of year leads to error (no data shown in webinterface))
  • fireinfo: Improve finding the vendor/model of ARM single-board-computers.
  • Installer: Cut off too long harddisk description strings

There were many contributions to this Core Update by Matthias Fischer, Dirk Wagner, Erik Kapfer, and Christoph Anderegg in addition to the usual IPFire Core Developers. Thanks for that.

You can contribute as well or support the IPFire project with your donation. Your help is a foundation of this project and very much appreciated by all contributors. Maybe you can help funding a new feature. We also do now accept donations in various currencies.

In other news

We would like to point you to some interesting articles on our developer’s blog. We find them an interesting read and they give some more insights into the project. There is a RSS feed which you can subscribe to, or follow us on Twitter.

Published by Michael Tremer, April 21, 2015 at 6:45 pm