IPFire 2.15 - Core Update 82 released

The IPFire Project ipfire-announce at lists.ipfire.org
Thu Sep 11 22:08:30 CEST 2014


This is the official release announcement for IPFire 2.15 – Core Update
82. This Core Update’s main features are the inclusion of the
crowd-funded Windows Active-Directory Single Sign-On Web Proxy and the
option to disable masquerading (NAT) on the local networking interfaces.
In addition to that, several system libraries and tools have been
updated, and minor bugs have been fixed.


Windows Active-Directory Single Sign-On Web Proxy

Proper and secure authentication against the squid Web Proxy has not
been possible in IPFire before. The “Windows” authentication has been
broken for a long time since there were bigger changes in the Windows
Domain Controllers. This update adopts IPFire to the new and secure
Active Directory authentication interfaces which use the SMB and
Kerberos protocols.

Documentation is available on our IPFire wiki [1] and some more
technical insights on the IPFire planet post [2].

We would like to thank all donors who contributed to this feature.


Firewall changes

Disabling masquerading on local zones is now possible to configure on
the GUI. If you have got public IP address space this can be used on one
of the zones (for example DMZ) and the firewall will not need to NAT any
packets at all. This functionality was requested by David Hauser from
Technische Universität Wien (Vienna University of Technology).

Timo Eissler also contributed a fix for some Voice-over-IP devices that
fail to register after reconnection of the Internet connection. All
packets that are sent to the firewall will now be dropped until the
Internet connection has been fully established and therefore false
entries into the connection tracking table will be avoided.
Misc.

* pppd has been updated to version 2.4.7. This release fixes some seldom
  occurring crashes on some PPPoE connections that use MSCHAPv2 for
  authentication.
* gmp has been updated to version 6.0.0
* mpfr has been updated to version 3.2.1
* Several fixes for the CGI scripts have been submitted by Dominik
  Hassler:
  * OpenVPN: The generated configuration files now contain correct line
    endings.
  * Active connections: IP addresses from the static OpenVPN address
    pools are now coloured correctly
* Axel Gembe contributed a fix for correct validation of fully
  qualified domain names according to RFC1035.
* Some coding style and minor bugs have been fixed in the ddns.cgi
  script.
* batctl, boost, and tracepath are now shipped with the core
  distribution.

Add-ons

New arrivals

* bacula (contributed by Timo Eissler)
* squid-accounting: Alexander Marx wrote a new squid accounting addon
  which can create beautiful PDF reports about how much data traffic has
  been used by each proxy user or IP address (Documentation [3])

Updates

* owncloud has been updated to version 7.0.0 by Daniel Weismüller


Thanks to all contributors and testers. We are happy to have you helping
to make IPFire better. If you want to contribute, too, please consider
sending us a donation.


[1] http://wiki.ipfire.org/en/configuration/network/proxy/wui_conf/microsoft-active-directory
[2] http://planet.ipfire.org/post/microsoft-active-directory-authentication-for-the-web-proxy
[3] http://wiki.ipfire.org/en/addons/squid-accounting/start
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ipfire.org/pipermail/ipfire-announce/attachments/20140911/a9b807f1/attachment.sig>


More information about the IPFire-Announce mailing list