Posts in 2014

The next major release of IPFire 2 is coming up. As always, we would like to encourage you all to help us testing.

Daniel Weismüller gives a short introduction about IPFire Addons. He covers what they are and what you need to do to create you own one.

This talk by Timo Eissler covers VLAN support in IPFire and gives you a basic introduction about what VLANs are and how to use them with IPFire:

Finally, I am able to present you some of the talks held on the IPFire Developers Summit 2014. This is the first one with me talking about various things... I guess it doesn't make so much sense writing it all down, so I recommend you watch it and maybe leave some feedback...

Due to various major maintenance work on our hosting infrastructure there will be a planned outage of most of the project infrastructure on Tuesday, December 16th from 9:00 UTC lasting approximately 8 hours. Some of the services listed below will be available much sooner, some later...

During the last weekend, the IPFire project exhibited at OpenRheinRuhr 2014, an Open Source conference and fair in Oberhausen.

Dear community,

Open Rhein Ruhr is a fair/congress for Open Source enthusiasts in Oberhausen, Germany. It is all about free software and meeting people who are involved into this. A couple of weeks ago, we already "announced":http://planet.ipfire.org/post/open-rhein-ruhr that the IPFire project will be there with an own booth.

Is there by any chance someone in the community who knows things about "Yate":http://yate.null.ro/ - the telephony engine? Especially the scripting bit?

This is the official release announcement for IPFire 2.15 - Core Update 85. It comes with security fixes for the SSL issue known as POODLE, which was recently discovered.

IPFire 2.15 - Core Update 84 has just been released yesterday, but all the security concerns do not give us even a short moment to breathe. The next Core Update has already been uploading onto the testing tree and we are going to release it as quickly as possible as it comes with even more security fixes for the SSL issue known as POODLE, which was recently discovered.

This is the official release announcement for IPFire 2.15 - Core Update 84. This is a release that fixes some security issues in the GNU bash package which are commonly known as "Shellshock" and comes with more fixes and minor feature enhancements.

The upcoming Core Update is available for testing. The release will be called IPFire 2.15 Core Update 84 and we are planning to release it as soon as possible, as it includes critical patches for GNU bash and the squid web proxy.

Since "IPFire 2.15 there is a new firewall GUI":http://www.ipfire.org/news/ipfire-2.15-core-update-77-released. It comes with so many new features and makes so many things easier. With the upcoming Core Update, it has been extended and adds two very interesting features that I would like to spotlight in this post.

"Open Rhein Ruhr":http://www.openrheinruhr.de/ is a fair/congress for Open Source enthusiasts in Oberhausen, Germany. It is all about free software and meeting people who are involved into this. I have been a visitor for a couple of years now and therefore even happier to announce that the IPFire project will be exhibiting this year.

This is the official release announcement for IPFire 2.15 Core Update 83. It mainly provides a fix for "several security issues in the GNU bash package":http://planet.ipfire.org/post/fixing-the-gnu-bash-vulnerability-cve-2014-6271 also known as "ShellShock" and filed under CVE-2014-6271 and CVE-2014-7169.

Hello,

this is the testing announcement for IPFire 2.15 Core Update 83 which mainly provides a fix for "several security issues in the GNU bash package":http://planet.ipfire.org/post/fixing-the-gnu-bash-vulnerability-cve-2014-6271 also known as "ShellShock" and filed under CVE-2014-6271 and CVE-2014-7169.

There is an other "severe security issue in almost every device that is running Linux or BSD":http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/. The GNU bash shell is vulnerable as it will execute random commands from the shell environment. IPFire is - as every other distribution as well - vulnerable to this issue filed under "CVE-2014-6271":http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 and a fix has been applied to the code yesterday.

This is the official release announcement for IPFire 2.15 - Core Update 82. This Core Update's main features are the inclusion of the "crowd-funded":http://wishlist.ipfire.org/wish/windows-active-directory-single-sign-on-for-web-proxy Windows Active-Directory Single Sign-On Web Proxy and the option to disable masquerading (NAT) on the local networking interfaces. In addition to that, several system libraries and tools have been updated, and minor bugs have been fixed.

Hello community!

This is an other testing release announcement this month. IPFire 2.15 - Core Update 82 has been pushed into the testing tree and we appreciate your help testing this release. The more people contribute, the sooner and the better will the update be released.

This is the official release announcement for IPFire 2.15 - Core Update 81 comes with fixes for nine security vulnerabilities in the OpenSSL library and some other smaller bugfixes. We recommend to install this update as soon as possible and reboot your systems.

IPFire 2.15 - Core Update 81 comes with nine security vulnerability fixes in the OpenSSL package and some other minor bugfixes. This update is going to be released very soon and therefore we would like you helping us to verify that everything is working fine.

We are going to release an other IPFire Core Update this week. This is just a short notification to let you know this some time ahead. The reason for this update are some security fixes in the OpenSSL library which are all of "moderate" severity ("according to the OpenSSL developers":http://marc.info/?l=openssl-announce&m=140706520526876&w=2).

This is the official release announcement for IPFire 2.15 - Core Update 80. It comes with lots of new features, some bugfixes and some minor security fixes.

Good Monday morning to you all!

We are hoping to be able to release Core Update 80 this week. Our usual measurement is that we want so see about 1% of the systems that are in the "fireinfo database":http://fireinfo.ipfire.org/stats/oses who got the update installed. So we assume that there are enough testers out there who checked that everything is working alright.

As someone living in Germany and occasionally travelling around Europe, I would like to show everyone else who thinks that we are overcharged for mobile data what the status is in other countries.

Hello to all you testers out there who support us with testing our recent development efforts. IPFire 2.15 - Core Update 80 has been updated as some bugs have been found and fixed and some minor feature enhancements have been added.

This is "an invitation to take part in testing":http://wiki.ipfire.org/en/configuration/ipfire/pakfire/testing IPFire 2.15 - Core Update 80. It comes with lots of new features, some bugfixes and some minor security fixes.

Installing IPFire or other distributions on the APU boards by PCEngines is always a bit of a problem. The is no VGA output available and flashing the IPFire flash image on a mSATA SSD is not fun to do. An adapter from mSATA to eSATA is required and an eSATA port. All this had to be easier.

IPFire 2.15 - Core Update 79 is finally arriving with many bug fixes and enhancements. Among the big changes with this update are lots feature enhancements that massively increase the security level of OpenVPN connections, some enhancements of the web user interface and a lot more awesome stuff under the hood.

The IPFire project is operating a XMPP server that is used for communication between people involved into the project and also serves as a message relay for monitoring alerts, hosts some multi user chats and various other things. As the Jabber network is designed to be as much distributed as possible and because of the reason that this server is capable of serving many more users, we decided to open it for everybody who wants to use it.

The IPFire project has got an annually developer summit. The close followers of the project will know about that, I am sure. There are some things about those events I would like to discuss with you guys. So if you are interested in meeting with us and fellow IPFire users, please read on...

IPFire 2.15 - Core Update 79 is finally arriving with many bug fixes and enhancements. Among the big changes with this update are lots feature enhancements that massively increase the security level of OpenVPN connections, some enhancements of the web user interface and a lot more awesome stuff under the hood.

This is the official release announcement for IPFire 2.15 – Core Update 78. This update comes with important @openssl@ security fixes and we recommend to install it as soon as possible.

Finally, our domain name Michael Jackson.org@ is signed by DNSSEC.

After the release of IPFire 2.15 we have found an incompatiblity between xen-legacy-kernel xennet driver and udev that can handle only one virtual nic. So we have to disable the update for legacy-xen users. It is also not a good idea to use the old 2.6.xx kernel without grsecurity for security reasons.

Since yesterday, you will find the news about a kernel security issue on the front page of several tech magazine pages like "heise.de":http://www.heise.de/newsticker/meldung/Schwachstelle-im-Linux-Kernel-Admin-Rechte-fuer-alle-2187501.html that there is an exploit for a kernel security issue in the TTY code.

This is the official release announcement of IPFire 2.15 (Core Update 77). It is the release with the most changes since the beginning of the IPFire 2 series. Those changes of course include major work on the base of the system, security has been improved in lots of ways and there are many changes regarding the user interface, that introduce new functionality and make managing the firewall easier.

It is time for an other rant about some emerging technologies. I do not apologise in advance for it. It feels rather liberating to explain what is going wrong (in my opinion) and it makes me happy that I am sometimes able to open the eyes of some of you who are reading this.

Since a couple of weeks, we have a new wish on the "IPFire wishlist":http://wishlist.ipfire.org that is about "implementing Active Directory Authentication to the IPFire web proxy":http://wishlist.ipfire.org/wish/windows-active-directory-single-sign-on-for-web-proxy. As you can see, this has not made too much progress and I have received some emails that say that this is basically working for them. I would like to answer them now and here:

This is the official announcement of "IPFire 2.15 RC2":http://downloads.ipfire.org/release/ipfire-2.15-core77-rc2. It is supposed to be the second and final release candidate and with that goes - of course - the usual: Please install or "upgrade":http://wiki.ipfire.org/en/configuration/ipfire/pakfire/testing to this release in a testing environment and let us know if there are any bugs left. If everything is working alright for you, then please "let us know":http://wiki.ipfire.org/en/configuration/firewall/testday/start this, too.

Finally, we are aiming for the final spurt. We already got a lot of "feedback":http://wiki.ipfire.org/en/configuration/firewall/testday/start from you guys, but we still need more. We have found a couple of very rare corner-case bugs, but nothing serious which makes us very happy. That means that we already made a good job so far and that we are not expecting anything troubling any more until release.

You just installed the "new firewall GUI":http://wiki.ipfire.org/en/configuration/firewall/testday/start? You have questions on how to migrate? You have some questions that you want to discuss? Then come and join the Jabber channel where you can find others, ask your questions and give some ideas.

Hello community,

this is the official release announcement for IPFire 2.13 - Core Update 76. It comes with a security fix for the @strongswan@ package which is responsible for IPsec VPN connections. The vulnerability has got the number "CVE-2014-2338":http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2338. It was possible to bypass the authentication and therefore to overtake a VPN connection whilst the original peers are rekeying. IKEv1 connections are not vulnerable, but IKEv2. "Check out the blog post by the strongswan team":http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html.

Everyday, when I have breakfast, I read the title page of the local newspaper. There is usually nothing interesting on it and therefore I never make it more than one or two pages in. But this morning, a huge article on the title page caught my attention. It was about Heartbleed.

The IPFire Project is operating a lot of its own infrastructure that is supposed to give us "all the resources":http://planet.ipfire.org/post/infrastructure-4-better-communication-voip-jabber we need to work on our project. Part of that is our own mail server.

The next big release of IPFire with version number 2.15 is finally coming. We have been working for over a year on some of the features like the new firewall GUI and there is so much more that the release log I wrote is over 7 pages when I would print it out.

The Bundesnetzagentur (Federal Networking Agency, short BNetzA) presented a draft of a decree which is supposed to make the telecommunication market more transparent for customers and which should also get rid of "Routerzwang" - the problem that your provider requires you to use the router they sent you and nothing else instead. The "Free Software Foundation Europe":http://fsfe.org, the "Chaos Computer Club (CCC)":http://ccc.de, OpenWrt and us from the IPFire project sent a statement on this decree to the agency.

According to "fireinfo":http://fireinfo.ipfire.org, almost 10% of the systems that are running IPFire is an ALIX board by "PC Engines":http://pcengines.ch. These system have been a common choice for many people who deployed IPFire at home or even at work with this hardware. Unfortunately, the ALIX is weak when measured by modern standards. It comes with a single-core CPU at 500 MHz clock speed and only up to 256MB of RAM. Persistent storage is only possible with a CF card and the network interfaces are only capable of 100 MBit/s.

This is the official release announcement of IPFire 2.15 (Core Update 77). It is the release with the most changes since the beginning of the IPFire 2 series. Those changes of course include major work on the base of the system, security has been improved in lots of ways and there are many changes regarding the user interface, that introduce new functionality and make managing the firewall easier.

The beta testing is going on. According to our schedule, we are hoping that this is the last beta release and that we can pronounce the next release "release candidate" soon.

After some bugs have been fixed since the last beta release, we are now releasing IPFire 2.15 Beta 2.

IPFire 2.15 Beta 1 is now out for about two weeks and things are looking great. There have been some bug reports, but none which could not be resolved quickly.

We are pleased to announce the very first beta release of IPFire 2.15. This release of IPFire has been under development for more than the last year and it brings very many and very big changes with it.

I already spoke about "VPN Ciphers":http://planet.ipfire.org/post/feature-highlights-ipfire-2-15-3-vpn-ciphers in the series of new features of the upcoming version 2.15 of IPFire, but that is not all we have done on improving cryptography.

Along with all the changes under the hood there is pretty big change in the appearance of the web user interface. I would like to show you some images of this here and hope that you all like it!

So it is a new year and here is the first update of 2014: IPFire 2.13 Core Update 75. It comes with urgent bug fixes that solve problems introduced in the previous update.

The most popular consumer hardware router that is used in Germany is without doubt the AVM Fritz!Box. The demand of secure communication is increasing and people are thinking more about using VPN, which is good. Not so good is to use Fritz!Box because the hardware is very weak and creating a secure VPN IPsec connection is only possible with much limitations. Nevertheless, some people still want to do it.

As we are laying a lot of focus on the VPN functionality of IPFire, we did some changes on the ciphers that are used for IPsec and OpenVPN.

You can find lots of different image formats in the IPFire download section. They are all for different machines and for different ways to install IPFire. In the upcoming release IPFire 2.15, we dropped some of them and we combined some of them so that we don't need to host so much data any more.

IPFire 2.15 is approaching and before we release it for you all, we would like to show you what is waiting for you.

Shortly after Core Update 74, the next one is going to enter the test phase. It comes with minor bug fixes to fix issues that have been introduced with Core Update 74.

The IPFire developers and the team is usually working very closely together. That requires that we are all able to contact each other very easily. For that we used to use IRC and Asterisk. Recently, we got rid of both in favour of some new things:

Another big change we did in the last month was to migrate from MySQL to PostgreSQL as the database backend of most of the IPFire (web) infrastructure. Why did we do this?