IPFire 2.17 - Beta 1

by Michael Tremer, December 25, 2014

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

The next major release of IPFire 2 is coming up. As always, we would like to encourage you all to help us testing.

You may download the installation images from over here: [Download]
If you want to update an existing Installation make sure that is up-to-date (core85) and then switch to 2.17.1 [testing-tree]

These are the biggest changes:


Most of the work has been done under the hood and in the Linux kernel. This has been updated to version 3.14 and brings better support for various hardware and stability fixes.

Stability for various ARM platforms has been improved and support for more has been added. Among the new devices are the Banana Pi boards.


The installer program that helps to install IPFire has been very much improved. It is now easier to use and provides clearer error messages. It allows you to select disk you want to install IPFire on and does not use the first one any more if there are more than one.

An other main feature is that the installer is now able to download the ISO image from the Internet. That allows it to be used on devices that can not boot from USB drives like the PCEngines ALIX. Installations using the serial console are possible as well so you can install IPFire the usual way on the PCEngines APU systems and similar ones.

The installer allows you to use the XFS filesystem and supports installation on harddisks larger than 2TB by using GPT. The entire partitioning has been rewritten and is able to produce better partitioning layouts.

The unattended installation feature is now usable again.

Changing bootloaders on x86

As this may possibly break your system, please create a full backup of your harddrives before updating. During the beta phase of the updater, we are happy to get your feedback. While testing this release we could not find any problems what so ever, but as always, we heavily rely on a greater group of testers.

We changed the bootloader on all x86 installations from GRUB-legacy to GRUB2. New systems will be installed right away with the new version and old ones will be migrated. The huge benefit we get from migrating to GRUB2 is more flexibility for testing new kernels and much better reliability on various hardware. RAID installations and similar things are well supported out of the box.

Security fixes in third-party packages

  • The ntp package has been updated because of recent security vulnerabilities that have been discovered
    • CVE-2014-9293: ntp: automatic generation of weak default key in config_auth()
    • CVE-2014-9294: ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
    • CVE-2014-9295: ntp: Multiple buffer overflows via specially-crafted packets
    • CVE-2014-9296: ntp: receive() missing return on error
  • The openvpn package has been updated to version 2.3.6
    • Fixes CVE-2014-8104


  • Timmothy Wilson suggested to use SHA256 for the SSL certificate that is used for accessing the web user interface. All new installations will use this.
  • iw was updated to version 3.14
  • strongswan was updated to version 5.2.1
  • Erik Kapfer added tmux as an add-on package
  • Umberto Parma sent in an Italian translation for the web user interface

We consider this release safe since a couple of weeks, but updating the bootloader still needs some testing. Please join us and don’t forget to send us your bug reports (if any). We would like to release IPFire 2.17 as soon as possible.