IPFire 2.19 - Core Update 117 is available for testing

by Michael Tremer, December 18, 2017

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

Hello all,

it is time again for testing the next Core Update with number 117 which comes with a huge number of various bug and security fixes. This will also most-likely be the last Core Update in this year.

Thanks for the people who contributed to this Core Update by submitting their patches and please help us to support everyones work by sending us your donation!

OpenSSL 1.0.2n

One moderate and one low security vulnerability have been patched in OpenSSL 1.0.2n. The official security advisory can be found here.


  • It is now possible to define the inactivity timeout time when an idle IPsec VPN tunnel is being closed
  • Support for MODP groups with subgroups has been dropped
  • Compression is now disabled by default because it is not very effective at all
  • strongswan has been updated to 5.6.1


  • It is now easier to route OpenVPN Roadwarrior Clients to IPsec VPN networks by choosing routes in each client’s configuration. This makes hub-and-spoke designs easier to configure.

Build toolchain

  • Some build scripts have been refactored to clean up the build process and the toolchain has been moved from /tools to /tools_<arch>.
  • nasm, the Net Assembler, has been updated to 2.13.2


  • SSL compression and SSL session tickets have been disabled in Apache. This will improve the security of the web user interface.
  • At various places, GeoIP information is available where IP addresses are shown and that information is useful to know
  • Adding static routes over the web user interface has been fixed
  • Some aesthetic issues on the captive portal configuration pages have been fixed and the captive portal is now working together with the proxy in transparent mode
  • Syslogging to a remove server can now be configured to either use TCP or UDP


  • Samba has been updated to fix several security issues
  • ffmpeg has been updated to 3.4
  • mc has been updated to 4.8.20
  • nano has been updated to 2.9.1
  • sslscan, vsftpd and Pound have been dropped because they are not maintained upstream any more and incompatible with OpenSSL 1.1.0