IPFire 2.17 - Core Update 94 released

by Michael Tremer, October 27, 2015

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

This is the official release announcement for IPFire 2.17 – Core Update 94 which is a release with smaller security fixes and a maintenance release in general.


OpenSSH was updated to version 7.1p1. With that we added support for elliptic curves (ECDSA and ED25519) and removed support for DSA which is considered broken. Too small RSA keys are removed as well and regenerated. These changes may require to import the keys of the IPFire system on your admin computer again.

Internal mail agent

An internal mail agent was added that is used by internal services to send out reports or alerts. So far only a few services use this (like the squid accounting add-on), but we expect to add more things in the future.

This is a very simple and lightweight mail agent that can be configured on the web user interface and will usually require an upstream mail server.


A new checkbox in the advanced settings page of an IPsec connections has been added. It allows to force using MOBIKE, a technology for IPsec to traverse NAT better. Sometimes when behind faulty routers, IPsec connections can be established, but no data can be transferred and the connection breaks very quickly (some routers have difficulties with forwarding DPD packets). MOBIKE circumvents that by using UDP port 4500 for IKE messages.


  • Required fields are now marked with a star. Previously this was the other way round so that optional fields where marked with a star, which is not seen anywhere on the web any more.
  • A monthly forced ddns update is removed since ddns is taking care itself of keeping all records up to date and refreshing them after 30 days if necessary.
  • fireinfo: Some crashes were fixed with IDs that only contain 0xff

Updated packages

bind 9.10.2-P4, coreutils 8.24, dnsmasq got the latest changes imported, file 5.24, glibc (security fixes), hdparm 9.48, iproute2 4.2.0, libgcrypt 1.6.4, libgpg-error 1.20, pcre (fixes for more buffer overflows), rrdtool 1.5.4, squid 3.4.14

This update does not require a reboot, though it is recommended.

Please help us to sustain the work on IPFire Project with your donation.