Router & Proxys

IPCOP

Documentationen (via www.ipcop.org)

IPCop Schnellstartanleitung (v1.x)

Installation Manual (v1.x)

Administration Manual (v1.x)

Netzwerkskizzen

Addon

URL-Filter (via urlfilter.net)

Advanced Proxy (via advproxy.net)

Net-Traffic (via blockouttraffic.de)

Installation von Addons

  • Nach dem Herunterladen des Addons muss es auf den IPCop kopiert werden
  • Kopieren Sie die Datei " Addon_VERSION.tar.gz " auf Ihren IPCop (mit Hilfe von SCP oder WinSCP bzw. FileZilla) nach " /tmp/ "
  • Entpacken des Archivs mit " tar zxvf Addon_VERSION.tar.gz "
  • Wechseln in den Ordner: " cd Addon_VERSION "
  • Installieren mit "./install" bzw. "./setup. (Readme lesen)
  • Nach erfolgreicher Installation kann der Ordner wieder gelöscht werden

IPCop Konfiguration in der internetLOUNGE

Hardware
Fujitsu Siemens
Pentium III
933 MHz
Software
IPCop Version: 1.4.21
Advanced Proxy
URL Filter
Net-Traffic

sonstige

IPCop Hardware Compatibility List (via rkaehler.de)

IPFIRE

IPFire 2.21 - Core Update 122 released

This is the official release announcement for IPFire 2.21 – Core Update 122. It rebases the distribution on the long-term supported Linux kernel 4.14 and many more improvements and bug fixes have found their way into the distribution.

Please help us to support everyone’s work with your donation!

Please note, that we have split this update into two parts. First, you will need to install IPFire 2.19 – Core Update 121 and then, the second part will automatically be installed after. Please be patient and let the system complete the update. When everything is done, please reboot into the new kernel.

Highlight: Linux 4.14

The distribution was rebased from our old long-term supported kernel to the new kernel 4.14.50.

Most importantly, this kernel improves the security of the system, increases performance and makes the core of IPFire more up to date and modern again. This update also enables mitigation against Meltdown and Spectre on some architectures. On Intel-based platforms, we update the microcode of the CPUs when the system boots up to avoid any performance penalties caused by the mitigation techniques.

Unfortunately, grsecurity is incompatible with any newer kernels and has been removed. This is connected to the decision of the grsecurity project to no longer open source their patches. Luckily the kernel developers have backported many features so that this kernel is still hardened and secure.

ARM systems won’t be able to install this update due to the kernel change which also requires changes on some bootloaders. For those users, we recommend to backup the system, reinstall and then restore the backup. The re-installed system will only come with a single ARM kernel instead of multiple for different platforms that we had before. It helps us to keep the distribution smaller and makes development efforts easier.

Misc.

  • Updated packages: apache 2.4, beep 1.3 with fixes for CVE-2018-0492, bwm-ng 0.6.1-f54b3fa, cmake 3.11.2, crda 3.18, ISC dhcp 4.4.1, dhcpcd 6.11.5, diffutils 3.1.6, gcc 7.3.0, grub 2.02, htop 2.2.0, iw 4.14, libidn 1.34, nano 2.9.7, nmap 7.70, openssh 7.7p1, pcre 8.42, powertop 2.9, rng-tools 6.2, sarg 2.3.11, tar 1.30, u-boot 2018.03, unbound 1.7.1, wget 1.19.5, xtables-addons 2.13, xz 5.2.4
  • The list of trusted Certificate Authorities has been updated and many have been removed
  • Also we updated firmware for various drivers and baseboards
  • The Web User Interface now shows any users logged in on the console
Smaller images due to more efficient compression

We have tried to make the download of the distribution faster and make it use less space on our servers. As a first step, the flash images have been merged together and there is only one image that boots on systems with serial console and normal video output. Secondly, we now compress all images with the XZ algorithm so that they download faster and even decompress quicker, too.

New partition layout

This release also changes the partition layout of the distribution. We have dropped the /var partition which was used for log files and data that the system collected. This data is now located on a single partition together with the OS. The size of the /boot partition has been increased to 128MB in the default partition layout.

Add-ons

Updated Packages
  • clamav 0.100.0
  • nagios-nrpe 3.2.1

IPFire 2.19 - Core Update 120 released

This is the official release announcement for IPFire 2.19 – Core Update 120. We are excited that it is package with a large number of features that will increase security of the entire system, increase performance of some cryptographic operations as well as fixing a number of smaller bugs.

Thanks for the people who contributed to this Core Update by submitting their patches and please help us to support everyone?s work with your donation!

RAM-only Proxy

In some installations it might be desirable to only let the proxy cache objects in memory and not on disk. Especially when Internet connectivity is fast and storage is slow this is most useful.

The web UI now allows to set the disk cache size to zero which will disable the disk cache entirely. Thanks to Daniel for working on this.

OpenVPN 2.4

IPFire has migrated to OpenVPN 2.4 which introduces new ciphers of the AES-GCM class which will increase throughput on systems that have hardware acceleration for it. The update also brings various other smaller improvements.

Erik has been working on integration this which has required some work under the hood but is compatible with any previous configurations for both roadwarrior connections and net-to-net connections.

Improved Cryptography

Cryptography is one of the foundations to a secure system. We have updated the distribution to use the latest version of the OpenSSL cryptography library (version 1.1.0). This comes with a number of new ciphers and major refacturing of the code base has been conducted.

With this change, we have decided to entirely deprecate SSLv3 and the web user interface will require TLSv1.2 which is also the default for many other services. We have configured a hardened list of ciphers which only uses recent algorithms and entirely removes broken or weak algorithms like RC4, MD5 and so on.

Please check before this update if you are relying on any of those, and upgrade your dependent systems.

Various packages in IPFire had to be patched to be able to use the new library. This major work was necessary to provide IPFire with the latest cryptography, migrate away from deprecated algorithms and take advantage of new technology. For example the ChaCha20-Poly1305 ciphersuite is available which performs faster on mobile devices.

The old version of the OpenSSL library (1.0.2) is still left in the system for compatibility reasons and will continue to be maintained by us for a short while. Eventually, this will be removed entirely, so please migrate any custom-built add-ons away from using OpenSSL 1.0.2.

Misc

  • Pakfire has now learned which mirror servers support HTTPS and will automatically contact them over HTTPS. This improves privacy.
  • We have also started phase one of our planned Pakfire key rollover.
  • Path MTU Discovery has been disabled in the system. This has continuously created issues with the stability of IPsec tunnels that have chosen paths over networks that were incorrectly configured.
  • The QoS template could miscalculate the bandwidth which has now been fixed that the sum of the guaranteed bandwidth over all classes does not exceed 100%
  • Updated packages: bind 9.11.3, curl 7.59.0, dmidecode 3.1, gnupg 1.4.22, hdparm 9.55, logrotate 3.14.0, Net-SSLeay 1.82, ntp 4.2.8p11, openssh 7.6p1, python-m2crypto 0.27.0, unbound 1.7.0, vnstat 1.18

Add-ons

These add-ons have been updated: clamav 0.99.4, htop 2.1.0, krb5 1.15.2, ncat 7.60, nano 2.9.4, rsync 3.1.3, tor 0.3.2.10, wio 1.3.2

  • asterisk’s documentation is now included in the package which has been missing earlier and rendered asterisk unable to start

FLI4L

Release der stabilen fli4l Version 3.10.14

Nach gut drei Monaten Entwicklung stellt das fli4l-Team das nächste stabile Release der...

Release der stabilen fli4l Version 3.10.13

Nach gut drei Monaten Entwicklung stellt das fli4l-Team das nächste stabile Release der...

Release der stabilen fli4l Version 3.10.12

Nach etwas mehr als drei Monaten Entwicklungsphase stellt das fli4l-Team das nächste stabile...

Aktualisierung des wöchentlichen Tarballs verfügbar

Nachdem nun die neue Entwicklungsserver installiert und konfiguriert sind, nochmals vielen Dank an...

Release der stabilen fli4l Version 3.10.11

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Release der stabilen fli4l Version 3.10.10

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Build von fli4l-Archiven bricht unter Windows 10 (1703) mit Fehler ab

Bei Tests mit dem ab dem 11. April durch Microsoft ausgerollten Update für Windows 10 auf die...

Release der stabilen fli4l Version 3.10.9

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächstestabile Release der...

Release der stabilen fli4l Version 3.10.8

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Release der stabilen fli4l Version 3.10.7

Nach rund dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release...

LEG LOS! Anlaufstelle für Jugendmedienarbeit Berlin-Lichtenberg 2006-2017