IPFire 2.27 - Core Update 172 released
Shortly after Christmas, we release IPFire 2.27 - Core Update 172. It comes with cryptography improvements for IPsec and OpenVPN, as well as security improvements under the hood, a plethora of package updates and various bugs fixed across the place.
[...]
OpenVPN is automatically reconfigured to use a secure Diffie-Hellman parameter, both of sufficient length of 4,096 bit and standardized (see RFC 7919, section A.3, bug #12632). All OpenVPN clients and peers will automatically benefit from this cryptography improvement; no manual action is required. This also obsoletes the necessity of generating or uploading Diffie-Hellman parameters while configuring OpenVPN, saving a lot of time, as the generation of such parameters could have taken hours on slower hardware.
For early 2023, we anticipate post-quantum cryptography (PQC) to land in IPFire for IPsec, for which there is a strong (and growing) need, thanks to so-called "capture now, decrypt later" attacks endangering the confidentiality of information with long-term secrecy demand, such as biometric and health data.