IPFire maintainer Michael Tremer kicked off the new year by announcing the first Core Update of the open-source firewall distribution in 2018 with a huge number of security and bug fixes.

IPFire 2.19 Core Update 117 is now available to download and comes with the latest OpenSSL 1.0.2n TLS/SSL and crypto library, as well as an updated OpenVPN implementation that makes it easier to route OpenVPN Roadwarrior Clients to IPsec VPN networks by allowing users to choose routes in each client’s configuration.

The update also improves the IPsec implementation by allowing users to define the inactivity timeout time of an idle IPsec VPN tunnel that’s being closed and updating the strongSwan IPsec-based VPN solution to version 5.6.1. It also disabled the compression by default and removed support for MODP groups with subgroups.

IPFire 2.19’s build toolchain has been moved to a new location in this update, from /tools to /tools_< Arch >, and the build process was cleaned up a little by refactoring various build scripts. In addition, the nasm (Net Assembler) package has been updated to version 2.13.2.

Updated add-ons, other improvements

Among other noteworthy improvements added in IPFire 2.19 Core Update 117, we can mention that more GeoIP information is displayed in various places, SSL session tickets and compression is now disabled in Apache for better security, and adding of static routes over the web-based interface now works correctly.

“Some aesthetic issues on the captive portal configuration pages have been fixed and the captive portal is now working together with the proxy in transparent mode,” said Michael Tremer in the release notes. “Syslogging to a remove server can now be configured to either use TCP or UDP.”

As with every new Core Update, several of IPFire’s built-in add-ons have been updated to new versions, and it looks like the IPFire 2.19 Core Update 117 release includes a new Samba implementation with the latest security fixes, Midnight Commander 4.8.20 file manager, and GNU nano 2.9.1 text editor.

On the other hand, the Pound, vsftpd, and sslscan add-ons were dropped as they’re not compatible with OpenSSL 1.1.0 and no longer maintained upstream. You can download IPFire 2.19 Core Update 117 right now through our website for new installations of the open source firewall distribution, but existing users should update now.