14 DAY TRIAL // Michael Tremer from the IPFire Project announced the availability of a new stable update for the IPFire 2.19 series of the open-source Linux-based firewall distribution.
IPFire 2.19 Core Update 111 is now live and it appears to be a major update adding quite a large number of new features to the firewall, along with dozens of up-to-date components. The biggest change, however, seems to be the ability for IPFire to authenticate itself with an EAP (Extensible Authentication Protocol)-enabled wireless network, supporting both TTLS and PEAP methods.
"IPFire supports PEAP and TTLS which are the two most common ones. They can be found in the configured on the “WiFi Client” page which only shows up when the RED interface is a wireless device," says Michael Tremer in the release announcement. "The index page also shows various information about the status, bandwidth and quality of the connection to a wireless network."
To balance traffic, IPFire 2.19 Core Update 111 also implements multi-queueing support in QoS (Quality of Service) so that all the CPU cores of the host machine can be used instead of only one CPU core as it was enabled in previous versions of the firewall. More robust and modern cryptographic algorithms were enabled by default in IPFire on new systems, as well as for new VPN connections.
IPsec and OpenVPN enhancements, updated components
The latest IPFire 2.19 update is improving the IPsec implementation with support for the newest strongSwan release, which supports Curve 25519 and MODP-768 for the ESP and IKE proposals, while removing support for the deprecated SHA-1 cryptographic hash function, enforcing the use of SHA-2 256 or higher by default. OpenVPN was also updated to use SHA-512, but not without redownloading all client connections.
Updated components in IPFire 2.19 Core Update 111 include OpenSSL 1.0.2l, BIND 9.11.1, GCC 4.9.4, D-Bus 1.11.12, PCRE 8.40, OpenVPN 2.3.16, strongSwan 5.5.2, Nmap 7.40, TOR 0.3.0.7, GNU Nano 2.8.1, Logwatch 7.4.3, File 5.30, Unbound 1.6.2, Git 2.12.1, acpid 2.0.28, pkg-config 0.29.1, coreutils 8.27, cpio 2.12, gzip 1.8, libvirt 3.1.0, python3-libvirt 3.6.1, rrdtool 1.6.0, gdbm 1.13, gmp 6.1.2, vnstat 1.17, logrotate 3.12.1, unzip 60, m4 1.4.18, mpfr 3.1.5, and IPSet 6.32.
The Samba packages were updated as well to patch the CVE-2017-7494 security vulnerability, and only a new package appears to have been included in the new IPFire 2.19 update, namely ltrace, which is an open-source tool to trace library calls of a binary. You can download IPFire 2.19 Core Update 111 right now from our website if you want to deploy the firewall OS on new machine, but existing users need only update their installations to receive all the goodies mentioned above.