Hot on the heels of our recent WireGuard release, the next IPFire update is ready for testing! It comes packed with further WireGuard enhancements, high-resolution consoles, many package updates, and important bug and security fixes.
Kernel & Toolchain Updates

To keep IPFire aligned with the latest developments in the Linux ecosystem, we have rebased the IPFire kernel to Linux 6.12.34. This brings improved hardware support, better performance, and various security enhancements under the hood.
Alongside that, we have also updated GCC, IPFire’s main compiler suite, to version 15. This major update enables further optimizations across the entire distribution, making IPFire faster and more efficient—now and in the future.
WireGuard Improvements

The status of active WireGuard connections is now displayed directly on the dashboard of the web user interface, making it easier to monitor VPN connections at a glance.
The IPFire development team have backported several performance improvements from Linux 6.13 to IPFire’s kernel. These changes significantly increase TCP throughput over WireGuard tunnels by enabling support for Generic Segmentation Offload (GSO), allowing the system to handle large amounts of network traffic more efficiently.
Additionally, researchers from Italy have been working on removing bottlenecks in the kernel that have limited throughput over multiple WireGuard tunnels. The result has now found it ways into IPFire where from this release, each WireGuard device will be handled in an independent kernel thread which allows to use all available CPU cores to maximise throughput.
Console Graphics Stack Modernisation

We have modernised IPFire’s text console by migrating it to use the Linux Direct Rendering Manager (DRM). This replaces the older framebuffer system with a modern graphics stack that offers improved compatibility with contemporary graphics hardware.
With DRM, the console can now automatically use higher screen resolutions supported by your hardware, including Full HD (1080p), 4K, and beyond. This makes working on the console more comfortable, especially on high-resolution displays, with sharper text rendering and smoother transitions when switching between virtual consoles.
In addition to a better visual experience, DRM provides faster mode-setting, improved performance, and better support for multi-GPU and embedded graphics environments—all of which help bring IPFire’s text console experience up to modern standards and boost compatibility with modern EFI-based systems.
Misc.

  • Peer Dietzmann contributed a series of patches which will show for firewall hosts, groups and services in which firewall rules they are being used which will help to manage large sets of firewall rules easier.
  • IPsec: Since recently adding post-quantum key exchanges to IPsec, we have made some changes here, too. Since this new kind of cryptography has not yet received as much crypto analysis as the more traditional options, solutions like OpenSSH pair them with classic algorithms like Curve25519. This is now a change that we are rolling out in IPFire, too, and we will even upgrade existing connections for better protection. If you are running the default configuration you won't have to change anything.
  • OpenVPN: Generated client configuration files will now contain the "auth-user-pass" line which increases compatibility with some clients when the configuration is being imported.
  • Several problems have been solved around reliably showing OpenVPN graphs
  • A safety barrier in the IP Blocklist feature has been removed that prevented IPFire from downloading empty list. The intention was that we will always have some data to work with and won't accept any broken downloads. Since so many lists are outright dying and are only publishing empty lists, we have removed this safeguard and will now accept downloading empty lists instead of staying on an outdated list for forever.
  • An obscure edge-case bug in libloc has been reported by Adolf Belka (#13861) where some networks could not be found in the database although they have been created.
  • Stephen Cuka continued with a number of visual improvements of the Pakfire web UI page
  • Updated packages: apr 1.7.6, automake 1.18, bc 1.08.1, bind 9.20.10, boost 1.88.0, cmake 4.0.2, cURL 8.14.1, dhcpcd 10.2.4, elfutils 0.193, exfatprogs 1.2.9, expect 5.45.4, fmt 11.2.0, gettext 0.25, gperf 3.3, harfbuzz 11.2.1, hwdata 0.396, iana-etc 20250505, intel-microcode 20250512, iproute2 6.15.0, iputils 20250605, kbd 2.8.0, less 678, libarchive 3.8.0, libconfig 1.8, libffi 3.5.1, libgcrypt 1.11.1, libpng 1.6.48, libusb 1.0.29, libxml2 2.14.4, LVM2 2.03.32, m4 1.4.20, man 2.13.1, man-pages 6.14, meson 1.8.0, PAM 1.7.1, pixman 0.46.2, ruby 3.4.4, screen 5.0.1, smartmontools 7.5, SQLite 3.50.1, squid 6.14, sudo 19.17, texinfo 7.2, vim 9.1.1406, whois 5.6.1, wireguard-tools 1.0.20250521, zlib-ng 2.2.4
  • xorriso replaces cdrkit to master our ISO images

Add-ons

  • Updated packages: ClamAV 1.4.3, dnsdist 1.9.10, fetchmail 6.5.4, FRR 10.3.1, Git 2.50.0, iperf3 3.19, libvirt 11.4.0, mpd 0.24.4, myMPD 21.0.1, nano 8.5, netatalk 4.2.4, nut 2.8.3, postfix 3.10.2, QEMU 10.0.2, samba 4.22.2, SDL2 2.32.4, Tor 0.4.8.16, tshark 4.4.7
  • New packages: FORT Validator



More...