Router & Proxys

IPCOP

Documentationen (via www.ipcop.org)

IPCop Schnellstartanleitung (v1.x)

Installation Manual (v1.x)

Administration Manual (v1.x)

Netzwerkskizzen

Addon

URL-Filter (via urlfilter.net)

Advanced Proxy (via advproxy.net)

Net-Traffic (via blockouttraffic.de)

Installation von Addons

  • Nach dem Herunterladen des Addons muss es auf den IPCop kopiert werden
  • Kopieren Sie die Datei " Addon_VERSION.tar.gz " auf Ihren IPCop (mit Hilfe von SCP oder WinSCP bzw. FileZilla) nach " /tmp/ "
  • Entpacken des Archivs mit " tar zxvf Addon_VERSION.tar.gz "
  • Wechseln in den Ordner: " cd Addon_VERSION "
  • Installieren mit "./install" bzw. "./setup. (Readme lesen)
  • Nach erfolgreicher Installation kann der Ordner wieder gelöscht werden

IPCop Konfiguration in der internetLOUNGE

Hardware
Fujitsu Siemens
Pentium III
933 MHz
Software
IPCop Version: 1.4.21
Advanced Proxy
URL Filter
Net-Traffic

sonstige

IPCop Hardware Compatibility List (via rkaehler.de)

IPFIRE

IPFire 2.19 - Core Update 116 released

Just days after releasing Core Update 115 with our brand new Captive Portal, we are releasing the next update for IPFire which is necessary because some security vulneratbilities have been found in some packages that IPFire uses. Those are openssl and wget, but this update also brings some smaller bug fixes.

To help us to provide Core Updates regularly and swiftly in case of any security issues, we would like to ask you to support the project by sending us your donation!

openssl 1.0.2m

The OpenSSL project released version 1.0.2m and issued two security advisories in the last week. The two vulnerabilities that were discovered were of moderate and low security, but we have decided to ship you this update as soon as possible. Hence it is recommended to update as soon as possible, too.

The more severe vulnerability referenced as CVE-2017-3736 fixes a problem with modern Intel Broadwell and AMD Ryzen processors where OpenSSL uses some modern DMI1, DMI2 and ADX extensions and calculates the square root incorrectly. This could be exploited by an attacker who is able to put significant resources into recover a private key more easy alas this attack is still considered virtually unfeasible by the OpenSSL security team.

The less severe vulnerability was caused by overreading certificate data when a certificate has a malformed IPAddressFamily extension. This could lead lead to erroneous display of the certificate in text format. This vulnerability is tracked under CVE-2017-3735.

Misc.

  • wget also suffered from two security vulnerabilities that allowed an attacker to execute arbitrary code. They are referenced under CVE-2017-13089 and CVE-2017-13090.
  • apache was updated to version 2.4.29 which fixes a number of bugs.
  • snort has been updated to version 2.9.11.
  • xz has also been updated to version 5.2.3 which brings various improvements.

It is recommended to reboot the IPFire system after installing this Core Update.


IPFire 2.19 - Core Update 115 released

Hello Community,

finally, we are releasing the long-awaited IPFire 2.19 – Core Update 115 which brings the shiny new Captive Portal and various security and performance improvements as well as fixing security vulnerabilities.

This is a large Core Update with a huge number of changes and to support our efforts to develop new features and maintain the existing system as well as constantly improving it, we would like to ask you to donate!

Captive Portal

The new IPFire Captive Portal comes pre-installed on every IPFire system and allows easy access control for wireless and even wired networks. It is simple and very easy to set with only a few configuration options. That makes it versatile for many adminstrators and also very simple for all users.

It comes with two configuration modes: The default mode asks the user to accept terms and conditions. After doing so, access to the network is granted for a configurable time. After the time has expired, Internet access is blocked again immediately.

Optionally you can generate coupons that allow access for one device for a set time. Those coupons can also be exported as a PDF document and being printed so that they can be handed out easily at a hotel reception for example.

Although, Germany has just abolished the controversial law that made the subscriber of on Internet connection liable for everything anyone does over that connection (Störerhaftung), this is still a great feature for 2017 where WiFi networks in hotels, cafes and everywhere else are a must. It allows to only give access to the people who booked a room in your hotel, or bought a cup of coffee in your cafe. That will keep the WiFi from being overloaded and it will be fast for everyone.

The full documentation can be found on our wiki.

Thanks go to all the people of our community who have worked on this for a very long time.

Security Improvements

The web user interface has been hardened by a series of patches from Peter Müller:

  • When establishing a new TLS connection, ECDSA is now preferred over RSA which makes the TLS handshake much faster and uses less resources on the client and server. It is also considered to be stronger to brute-force.
  • An additional ECDSA key is now generated in addition to the existing RSA key which improves security of any TLS connections to the web user interface.
  • Previously, some attacks were possible to make the web browser submit login credentials via HTTP without encryption. The apache configuration has been changed to never ask for login without establishing a TLS connection before.
  • A smaller information leak has also been fixed where anyone could access the credits.cgi page which revealed the version information of the installed system.

These changes require to restart the web server that runs the web user interface. This happens automatically during the installation of this Core Update but might render the web user interface unavailable for a short moment.

OpenVPN Configuration Updates

The OpenVPN project has deprecated some configuration options. This has been updated in IPFire as well which will now generate new configuration files when ever a new certificate has been issued. The old configuration files and certificates will remain but won’t be compatible with OpenVPN 2.5 any more. There is no need for action right now, but old connections might not work with clients that run a newer version of OpenVPN in the future. New connections will work fine with any recent and future version of OpenVPN.

Thanks for Erik for sending in a patch for this.

Misc

  • The WiFi access point add-on has already been patched against the KRACK attacks on the day those were announced. The wpa_supplicant package which implements the WiFi client feature of IPFire has been patched in this release against those attacks.
  • IPsec VPNs that use Curve25519 would not want to come up after installing the previous Core Update. This has been fixed now.
  • Updated packages: logrotate 3.13.0, openvpn 2.3.18, unbound 1.6.7
  • Some files that have been unused for a very long time have been cleaned up.
  • All downloads of the project’s ISO files are now done over HTTPS.

Updated Add-Ons

  • tor 3.1.7

FLI4L

Release der stabilen fli4l Version 3.10.11

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Release der stabilen fli4l Version 3.10.10

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Build von fli4l-Archiven bricht unter Windows 10 (1703) mit Fehler ab

Bei Tests mit dem ab dem 11. April durch Microsoft ausgerollten Update für Windows 10 auf die...

Release der stabilen fli4l Version 3.10.9

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächstestabile Release der...

Release der stabilen fli4l Version 3.10.8

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Release der stabilen fli4l Version 3.10.7

Nach rund dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release...

Release der stabilen fli4l Version 3.10.6

Nach rund dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release...

Release der stabilen fli4l Version 3.10.5

Nach dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Patch/Bugfix für fli4l 3.10.4 verfügbar

Es steht eine Korrektur/Patch für das Paket "dns_dhcp" bereit der verhindert das bei bei...

Release der stabilen fli4l Version 3.10.4

Nach dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

LEG LOS! Anlaufstelle für Jugendmedienarbeit Berlin-Lichtenberg 2006-2017