• Core Update 175
  • Core Update 176
  • Squid-Clamav
    • running with version 5.11 from 2012.
    • Current version is 7.2 but requires ICAP.
    • Is it still worth supporting with most websites being HTTPS?
  • Organize IPFire meet-up
  • IPFire 3.x news


  • Adolf
  • Arne
  • Jonatan
  • Michael
  • Stefan
  • Peter


Core Update 175

  • OpenSSL 3.x legacy provider is mandatory for extracting any PKCS12 container created by OpenSSL 1.1.1x
  • For OpenVPN N2N connections, this wasn't sufficient
    • This option must go into the OpenVPN client configuration, too
    • OpenVPN has its own OpenSSL configuration file
  • unique_subject = yes necessary for IPsec (patch), even though this is the default?!
  • Adolf did lots of last-minute work on that update to get the coals out of the fire (sic!)
  • Creating new OpenVPN RW and N2N tested
  • Creating new IPsec RW and N2N untested so far, Peter will take care about this in due course
    • Existing IPsec connections confirmed to continue to work fine
  • Situation requires a wiki article, to save us from a massive headache, particularly in the forum
    • Michael will take care of this
    • Make clear that the entire OpenSSL mess is not our fault
    • There is nothing we can comprehensively do about it
    • Not updating to Core Update 175 does not avoid the issue
    • Core Update 175 is not the root cause of the problem
  • OpenVPN really is a major source of trouble, and has been repeatedly
    • Again, do we really want this in IPFire 3.x?
      • If not, we definitely need to provide an alternative
      • Alternative: Fresh start with OpenVPN, requiring users to regenerate their certificates and configurations
    • Point in favour: Possibility to tunnel it over TCP to port 443 => get around crappy WiFis

Organize IPFire meet-up

  • Something in September 2023?
  • Michael will send around an e-mail concerning this tomorrow

IPFire 3.x news