From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <development+bounces-198-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZS1zL5C46z3348
	for <archive@lists.ipfire.org>; Tue,  1 Apr 2025 21:56:14 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZS1zH1XN4z2xbk
	for <development@lists.ipfire.org>; Tue,  1 Apr 2025 21:56:11 +0000 (UTC)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4ZS1zG2tfRz1GF
	for <development@lists.ipfire.org>; Tue,  1 Apr 2025 21:56:10 +0000 (UTC)
Authentication-Results: mail01.ipfire.org;
	dkim=pass header.d=rymes.net header.s=google header.b=NGCK9uKF;
	spf=pass (mail01.ipfire.org: domain of tom@rymes.net designates 2607:f8b0:4864:20::832 as permitted sender) smtp.mailfrom=tom@rymes.net;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org;
	s=202003rsa; t=1743544570;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=vgYsXR4CORkZEwkODjmcxB5160hCigRHqqQoDXI9oE8=;
	b=qViw9Q7Ai0La1pu8wyvSQJOcDfljOBGMn2HTfbh3seW1mo87TuNbFJxjWAtb82oKXujHtV
	HXgrf+lALCVMe/fyJI9Pb6Es/15yBXxW+xpGclfWFhrAWlNATIrsR2Dkw+xB3X1Fcgu4A0
	hb/EAMTES7VuDTPA8jvOBM/Oam7I3SbBd8eVZSPtX/vwAFlI5vZb7XI1kc70mj2EKyTn2p
	1vdffgLsxdw2Jq055sEHrR1Z1RGjQe0z8KKogxOhxxa5g7VnbS1ycOmGRvPT+m/UCPU0BP
	UBUmxybhzGqsuoW7zB1EkbC+pHaAHFW5Dz/09zgIlxYtCA+YmjFr4X1MJ2+u1w==
ARC-Authentication-Results: i=1;
	mail01.ipfire.org;
	dkim=pass header.d=rymes.net header.s=google header.b=NGCK9uKF;
	spf=pass (mail01.ipfire.org: domain of tom@rymes.net designates 2607:f8b0:4864:20::832 as permitted sender) smtp.mailfrom=tom@rymes.net;
	dmarc=none
ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1743544570; a=rsa-sha256;
	cv=none;
	b=EfLiyt45zKG7i99jY6y3St32KLD1hUTn3tn+dK8vWK30BceRrWKrc+G2yjrYiuYqiYQZW0
	/7hRl+TGEeBdoo3lj0zMvzX4Dwf5qHrbxOaWj/pFQbyf7p1vdDzRP9sqNasbyRdBeV7DKs
	iYOlimmwhMOpss9anJkm9wwPCG6/AIVKwoSub0fz2GhBOMlrbs49yHeJt7fzmxGrN85C4O
	cXCA1wuuIggXNtHObsPCEh3gjBRehQWXyZb+iNij4uWHic7WN/FIE+u3muiUScO8MApezC
	3bA1xui1n2IK/9+Kq/nau5F6ii4+Am34UmmrX8BDM7Y9H+NKwty8v+boXg/uIg==
Received: by mail-qt1-x832.google.com with SMTP id d75a77b69052e-4769b16d4fbso34124341cf.2
        for <development@lists.ipfire.org>; Tue, 01 Apr 2025 14:56:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rymes.net; s=google; t=1743544569; x=1744149369; darn=lists.ipfire.org;
        h=to:in-reply-to:cc:references:message-id:date:subject:mime-version
         :from:content-transfer-encoding:from:to:cc:subject:date:message-id
         :reply-to;
        bh=vgYsXR4CORkZEwkODjmcxB5160hCigRHqqQoDXI9oE8=;
        b=NGCK9uKFw1Hu/Y4RPyTso9GhC/tdWLbYLWZEWbG+rwPfaBK3ZgyrCnZLvBtp51wfH3
         0eFY4cRQgmmqsw8vLw6Imk79br/6B5j6S/tMn/mOVnaOCrEdAVhPIV5WepjQ/VpSM7gz
         B/xzd2rhwCCMmaya2+dvVvywyqeMqBEQu1Jn8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1743544569; x=1744149369;
        h=to:in-reply-to:cc:references:message-id:date:subject:mime-version
         :from:content-transfer-encoding:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=vgYsXR4CORkZEwkODjmcxB5160hCigRHqqQoDXI9oE8=;
        b=dKVLJwAG9XoXgBTStxVIe4Dj8ugZc7WXckXOzZla7gEJd3tlmbYcoi0ZWn1+j2TqnK
         nj6gcWmTWMu2jetr/egtKoXC0uCnhRAmV76kJ96Xs9hlgk4VWw6QTZh3jTHp2zkdZQ0L
         q+pWg/uVODsOMsLVHI9XYcoVOfjzDtAYZQRdJE/3q5b6sbBPhtQeHV5A7C+XcwbfLt1F
         IeMqp1uycHlqoSHkZUeb/WweC5ZpTeBnncv09OERzKj48W9foFRa1WoJUViLKXVxo49k
         BAPc8LHlz1ec6dfdLjCsM0mCfJP9yA4eWEh0uf38NG5DGU+2NNcNi9JQaPdxKsxZluwG
         iw8w==
X-Gm-Message-State: AOJu0YxFQkH3TYbgSqpLHI5A1VPYYzWcUyAFGCSDJZ3PwBXxVd6vlcmm
	y+yqvYt+1lCWpUyFXUPmsVTEARZomcAAzUY0FgVxySLq9ipki2+bnwveASTPA0M=
X-Gm-Gg: ASbGncuBxbXDRvqDxLZTXlYGJxtlE9uP+OxPk02+lgurHyzFO3eXrG8CHpYgxKshzh3
	lcK1OJRrI18+66/dZAQv6jLvY1sY/iaLQQ57sQNwD58F4VGl86w3CErlec67gbX6PLWtfadjvQ5
	RUnq3bW9MSXOGnxV4ECK5gy398siVZphPz8j36S/cDMA8zKMuDDUOf5uNPoDb2wxChloJVfd3VZ
	SPmCH0dPEO+6gqaH1VBYWawNgKaHnFAYeyr8l7XK1cm12MRs6+t74OBkz+n6OxUBZvqaBJPl06M
	/+r3YbQQwbC7WnessbeAar2VhfLF/7CFHAjnL9i1p150RRkBLWz35TBBomhUUewIfEHDnzQmTpX
	OGrYb/VgHqCw+lbQ=
X-Google-Smtp-Source: AGHT+IGXys17FuJNtr8HkouF3TxxGLSU9+klQUsTg/LXdPNSRw5rwkqMfEZSFG0xs6TDKqmxTCbv5w==
X-Received: by 2002:a05:622a:291:b0:477:7007:7055 with SMTP id d75a77b69052e-477ed7c96cemr200216871cf.12.1743544568831;
        Tue, 01 Apr 2025 14:56:08 -0700 (PDT)
Received: from smtpclient.apple (c-73-119-24-220.hsd1.nh.comcast.net. [73.119.24.220])
        by smtp.gmail.com with ESMTPSA id d75a77b69052e-478754e8179sm57853691cf.44.2025.04.01.14.56.08
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 01 Apr 2025 14:56:08 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Tom Rymes <tom@rymes.net>
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH 4/6] backup.pl: Fixes bug13737 - restarts ipsec to use the restored certs etc
Date: Tue, 1 Apr 2025 17:55:57 -0400
Message-Id: <11E387A3-EFAA-48FC-8C1D-4989D350D0F0@rymes.net>
References: <641fb592-2f53-46fb-b48a-7e0d92baf0e4@ipfire.org>
Cc: "IPFire: Development-List" <development@lists.ipfire.org>
In-Reply-To: <641fb592-2f53-46fb-b48a-7e0d92baf0e4@ipfire.org>
To: Adolf Belka <adolf.belka@ipfire.org>
X-Mailer: iPhone Mail (22D82)
X-Rspamd-Server: mail01.haj.ipfire.org
X-Rspamd-Queue-Id: 4ZS1zG2tfRz1GF
X-Spamd-Result: default: False [-8.19 / 11.00];
	REPLY(-4.00)[];
	BAYES_HAM(-1.71)[93.18%];
	IP_REPUTATION_HAM(-0.99)[asn: 15169(-0.27), country: US(-0.01), ip: 2607:f8b0:4864:20::(-0.71)];
	NEURAL_HAM(-0.98)[-0.984];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
	R_DKIM_ALLOW(-0.20)[rymes.net:s=google];
	MIME_GOOD(-0.10)[text/plain];
	MX_GOOD(-0.01)[];
	TO_DN_ALL(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	ARC_NA(0.00)[];
	DMARC_NA(0.00)[rymes.net];
	FUZZY_RATELIMITED(0.00)[rspamd.com];
	RCPT_COUNT_TWO(0.00)[2];
	MIME_TRACE(0.00)[0:+];
	FROM_HAS_DN(0.00)[];
	DKIM_TRACE(0.00)[rymes.net:+];
	DKIM_REPUTATION(0.00)[0];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1];
	RECEIVED_SPAMHAUS_PBL(0.00)[73.119.24.220:received];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	APPLE_IOS_MAILER_COMMON(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::832:from]
X-Rspamd-Action: no action



> On Apr 1, 2025, at 5:47=E2=80=AFPM, Adolf Belka <adolf.belka@ipfire.org> w=
rote:

<snip>

> I have tested this and the old ipsec certificate connection kept on workin=
g, even though the restore had only a PSK connection and no certificate conn=
ection.
> So not doing a restart would leave the existing connections going but the c=
onnections that were restored would not work. So the question would be why d=
o a restore if you don't intend to replace the existing connections.

The restart seems wise to me. My only concern was that the user should be aw=
are that initiating the process will cause existing connections to be droppe=
d. Perhaps this could be an explicit notice to the user, or perhaps that=E2=80=
=99s unneeded because it should be obvious.

Tom