Linux Firewall IPFire 2.29 Core Update 195 Released With VPN Protocol Support

Summary
1.  IPFire 2.29 Core Update 195 now includes fully integrated WireGuard protocol with web UI management, supporting both net-to-net and roadwarrior connections alongside existing IPsec/OpenVPN options.
2. Proxy user database passwords now use bcrypt hashing for improved security, while automatic SMART database updates provide better hard drive monitoring.
3. Core system components updated including OpenSSH 10.0.p1, OpenSSL 3.5.0, Unbound 1.23.0, and numerous file system tools like btrfs-progs 6.14.
4. Removed discontinued 3CoreSec blocklists, refactored internal downloading code for better reusability, and implemented Pakfire interface enhancements for improved usability.

IPFire has released Core Update 195 for version 2.29, marking a significant milestone with the introduction of native WireGuard VPN protocol support. 

This highly anticipated update transforms the open-source firewall distribution by integrating modern VPN capabilities alongside comprehensive security enhancements and system improvements.

WireGuard VPN Integration

The standout feature of IPFire 2.29 Core Update 195 is the native WireGuard implementation, providing users with a lightweight and high-performance alternative to traditional IPsec and OpenVPN protocols. 

The integration offers comprehensive functionality through a fully integrated web user interface, enabling seamless configuration and management of WireGuard tunnels.

Key technical capabilities include support for both net-to-net and host-to-net (Roadwarrior) VPN connections, with full compatibility for multiple peers featuring individual configuration settings. 

The implementation incorporates QR code display functionality for streamlined mobile client setup and configuration file export capabilities. 

Additionally, the system includes a connection importer designed for interoperability with third-party vendors and VPN service providers.

The WireGuard integration maintains full compatibility with IPFire’s existing security infrastructure, including complete support for the Intrusion Prevention System (IPS) and Connection Tracking mechanisms. 

This ensures that the new VPN protocol seamlessly integrates with established security policies and monitoring systems.

Enhanced Security and System Improvements

Beyond VPN capabilities, Core Update 195 introduces several critical security enhancements. 

The proxy user database now utilizes bcrypt hashing for password storage, significantly improving credential security compared to legacy hashing methods. The system also implements automatic SMART database updates for hard drive monitoring and health assessment.

Notable changes include the removal of all 3CoreSec blocklists due to service discontinuation, while Stefan Schantl has refactored internal downloading code for IP blocklists and IPS rulesets to enable reusability across multiple system components. 

Stephen Cuka contributed aesthetic improvements to Pakfire to enhance overall usability and user experience.

The update delivers substantial package modernization with updated core components including coreutils 9.7, OpenSSH 10.0.p1, OpenSSL 3.5.0, and Unbound 1.23.0. 

File system support receives improvements through btrfs-progs 6.14 and xfsprogs 6.14.0, while system utilities benefit from gawk 5.3.2, grep 3.12, and gzip 1.14 updates.

Security-focused updates include libcap 2.76, libgpg-error 1.54, and protobuf 30.2 implementations. 

The add-on ecosystem also receives enhancements with alsa 1.2.14, monit 5.35.2, nano 8.4, and tshark 4.4.6 updates, ensuring comprehensive system functionality and compatibility.

This release represents IPFire’s commitment to providing cutting-edge firewall technology while maintaining the stability and security standards expected from enterprise-grade network security solutions.

Are you from SOC/DFIR Teams! - Interact with malware in the sandbox and find related IOCs. - Request 14-day free trial