This is the announcement of the first testing release for IPFire 2.17 – Core Update 89. It comes with many updates of software packages and various minor bug fixes.

OpenVPN Net-To-Net Statistics

Connection statistics of OpenVPN net-to-net connections are now collected and graphed. They show incoming and outgoing traffic of the VPN connections and compression ratios.

Dynamic DNS Updater

The dynamic DNS updater tool ddns has been massively extended:

  • A database is used to track successful and failed updates. ddns will automatically back-off when an update could not be performed and will re-try after a longer time. asked to never repeat any updates after one has failed for any reason.
  • New supported providers:,,,,|net,,,,
  • Token-based authentication is now supported for
  • Support for and has been fixed which have changed their update protocols.
  • used to remove MX and backup MX records for every update. Additional parameters of the update request have been added so that the original settings are not changed any more.
  • Handle badagent response for all DynDNS2 protocol-compatible providers. ddns will respect if it has been blocked by the provider.
  • Improve error handling for various responses from the provider’s HTTP services.

Updated packages

daq 2.0.4, ethtool 3.16, fcron 3.2.0, file 5.20, gnupg 1.4.18, grep 2.21, hdparm 9.45, libart 2.3.21, libassuan 2.1.3, libcap 1.6.2, libevent 2.0.21-stable, libffi 3.2.1, libpcap 1.6.2, pcre 8.36, screen 4.2.1, smartmontools 6.3, snort, strongswan 5.2.2, sqlite 8.7.4, squid 3.4.9, tar 1.28, tzdata 2015a, wget 1.16, zlib 1.2.8

dnsmasq has been updated to a recent version with various fixes for DNSSEC and other bugs.


asterisk 11.15.0 + support for TLS and SRTP, clamav 0.98.6, fuse 2.9.3, NEW haproxy 1.5, htop 1.0.3, libdvbpsi 1.2.0, lynis 1.6.4, NEW monit 5.11, mc 4.8.13, miniupnpd 1.9, nginx 1.6.2, nmap 6.47, ntfs-3g 2014.2.15, owncloud 7.0.3, samba 3.6.25, tcpdump 4.6.2

Feature Enhancements & Bug fixes

  • Firewall
    • Service groups are limited to 15 services per protocol. Due to a defect in the web GUI it was possible to create groups with up to 16 services which has been fixed now.
    • The remark of some firewall rules could not be removed when nothing else was changed. This has been fixed as well.
    • Fix setting rate-limiting rules. Those were not always applied correctly.
  • IPsec
    • Allow an IKE lifetime up to 24 hours.
  • OpenVPN
    • Allow setting an expiration time for net-to-net connection certificates.
    • Let openssl pick the sources for entropy that are used to initialize the random-number generator on its own.
  • The backup functionality is robust against filenames including hyphens.
  • squid-accounting: #10693 (last month of year leads to error (no data shown in webinterface))
  • fireinfo: Improve finding the vendor/model of ARM single-board-computers.
  • Installer: Cut off too long harddisk description strings

There very many many contributions to this Core Update by: Matthias Fischer, Dirk Wagner, Erik Kapfer, and Christoph Anderegg in addition to the usual IPFire Core Developers.