Hello community!

This is an other testing release announcement this month. IPFire 2.15 – Core Update 82 has been pushed into the testing tree and we appreciate your help testing this release. The more people contribute, the sooner and the better will the update be released.

This Core Update’s main features are the introduction of the crowd-funded Windows Active-Directory Single Sign-On Web Proxy and the option to disable masquerading (NAT) on the local networking interfaces. In addition to that, several system libraries and tools have been updated, and minor bugs have been fixed.

Windows Active-Directory Single Sign-On Web Proxy

Proper and secure authentication against the squid Web Proxy has not been possible in IPFire before. The “Windows” authentication has been broken for a long time since there were bigger changes in the Windows Domain Controllers. This update adopts IPFire to the new and secure Active Directory authentication interfaces which use the SMB and Kerberos protocols.

Documentation is available on our IPFire wiki and some more technical insights on the IPFire planet post.

We would like to thank all donors who contributed to this feature.

Firewall changes

Disabling masquerading on local zones is now possible to configure on the GUI. If you have got public IP address space this can be used on one of the zones (for example DMZ) and the firewall will not need to NAT any packets at all. This functionality was requested by David Hauser from Technische Universität Wien (Vienna University of Technology).

Timo Eissler also contributed a fix for some Voice-over-IP devices that fail to register after reconnection of the Internet connection. All packets that are sent to the firewall will now be dropped until the Internet connection has been fully established and therefore false entries into the connection tracking table will be avoided.


  • pppd has been updated to version 2.4.7. This release fixes some seldom occurring crashes on some PPPoE connections that use MSCHAPv2 for authentication.
  • gmp has been updated to version 6.0.0
  • mpfr has been updated to version 3.2.1
  • Several fixes for the CGI scripts have been submitted by Dominik Hassler:
    • OpenVPN: The generated configuration files now contain correct line endings.
    • Active connections: IP addresses from the static OpenVPN address pools are now coloured correctly
  • Axel Gembe contributed a fix for correct validation of fully qualified domain names according to RFC1035.
  • Some coding style and minor bugs have been fixed in the ddns.cgi script.
  • batctl, boost, and tracepath are now shipped with the core distribution.


New arrivals

  • bacula (contributed by Timo Eissler)
  • squid-accounting: Alexander Marx wrote a new squid accounting addon which can create beautiful PDF reports about how much data traffic has been used by each proxy user or IP address (Documentaion)


  • owncloud has been updated to version 7.0.0 by Daniel Weismüller

As always, this is now the bit where I ask you for testing. It is essential for us that we can be sure that this is a well-tested and stable update. So if you care as much about IPFire as we do (and I know you do), please take the time to test and report us your feedback!