IPFire, a free, open-source Linux-based hardened firewall designed to be deployed as a dedicated firewall/router system for protecting network environments, has issued IPFire 2.29 – Core Update 195.
WireGuard Finally Lands in IPFire
WireGuard’s arrival has been on administrators’ wish lists for quite some time, and for good reason. The protocol keeps configuration overhead low while providing performance that often rivals—or outpaces—IPsec and OpenVPN.
In IPFire 2.29, WireGuard is fully integrated into the web-based GUI, allowing operators to:
- Stand up both net-to-net and host-to-net (road-warrior) tunnels.
- Manage multiple peers, each with its own granular settings.
- Export configurations or on-screen QR codes for painless mobile device onboarding—scanning a code beats copy-pasting preshared keys any day.
- Import third-party WireGuard profiles for cross-vendor interoperability.
- Leverage IPFire’s Intrusion Prevention System (IPS) and connection tracking, so VPN traffic is filtered and logged just like any other flow.
Crucially, WireGuard can run side-by-side with existing IPsec and OpenVPN setups, giving administrators the latitude to migrate gradually rather than in one fell swoop.
Maintenance and Security Tweaks
Beyond WireGuard, Core Update 195 introduces several under-the-hood improvements:
- Removal of 3CoreSec blocklists, which have been discontinued.
- Refactored IP blocklist and IPS ruleset download code (thanks to Stefan Schantl) for better reusability.
- Bcrypt hashing for proxy user database passwords, enhancing security.
- UI polish for Pakfire, improving usability (courtesy of Stephen Cuka).
- Automatic SMART database updates for hard drive monitoring.
The update also includes upgraded packages, such as OpenSSL 3.5, Unbound 1.23, and OpenSSH 10.0.p1, ensuring stronger encryption and performance across the board.
Lastly, several add-ons have been upgraded to newer versions, including Alsa 1.2.14, Monit 5.35.2, Nano 8.4, and Shark 4.4.6.
For more information, see the announcement.
Core Update 195 is already available for download on IPFire’s website. Two build flavours cover the most common hardware: x86_64 and aarch64 for those needing a fresh install. Existing systems can be upgraded via IPFire’s web UI.
