From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZS0WJ5ylvz331X for ; Tue, 1 Apr 2025 20:50:20 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZS0WF21pKz2xbb for ; Tue, 1 Apr 2025 20:50:17 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZS0WD4HLlz6T; Tue, 1 Apr 2025 20:50:16 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1743540616; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=dslKHzMYO8lbE8VhjlAneoEwCXHGpThAATVN5jgenyI=; b=Uoq4ArRpvkX4SMDJHTOnBPn2Nr9dNI6eJCmnEVmq9EqtdQEE5oAQ2J6B8i/kCLS4al3iG1 kwpZm1/6V3mzmyAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1743540616; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=dslKHzMYO8lbE8VhjlAneoEwCXHGpThAATVN5jgenyI=; b=TFZ2gZaIGUbLceYWVfVPuDshgsDFEM+pVA+YCl7bA6p8V6a/IongVMtgSeLiaxfKuRPUy4 uvzGjuAmvp0TPt1RuTlqlZGMBSh6ha3XWZNchraAIAYiMDMUDhj+JrQf5atm8giQJGx1FQ 1z4tOvwpr0HOBC9rUn0OCu1s/powamL85l1uFW0maZMqsggY8g2lKqZg01gLCAVrzLCqwO DwDvoma0h+3Sw92tyiUx0Q5bjb6J4NNqaf+7t5vDc57tQGxkF3PSA/MG1L1TIeHNB8GyTF pqd9lSou7y2wluOifBwo1NxLdCUM5BB3K85tl/NRyU0UUvK6MNmXzssfj2sCBQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 4/6 v2] backup.pl: Fixes bug13737 - restarts ipsec to use the restored certs etc Date: Tue, 1 Apr 2025 22:50:02 +0200 Message-ID: <20250401205002.24485-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit - This adds a check if the ipsec server is enabled. If it is then ipsecctrl is run to restart ipsec and ensure that the restored certs are all being used. - Tested this out on my vm testbed and confirmed that with this I could restore a backup and make the client connection as previously set up. - Without this I had to press the Save button on the ipsec WUI page to get the certs etc being used. Fixes: bug13737 Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/backup/backup.pl | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 1c8c87d0a..0cfbd4fc3 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -307,6 +307,12 @@ restore_backup() { # start collectd after restore /etc/rc.d/init.d/collectd start + # Restart ipsec if enabled + # This will ensure that the restored certs and secrets etc are loaded and used + if [ $(grep -c "ENABLED=on" /var/ipfire/vpn/settings) -eq 1 ] ; then + /usr/local/bin/ipsecctrl S + fi + return 0 } -- 2.49.0