Hello, > On 20 Mar 2022, at 10:35, Peter Müller wrote: > > Hello development folks, > > Core Update 165 (testing, see: https://blog.ipfire.org/post/ipfire-2-27-core-update-165-is-available-for-testing) > is running here for roughly a day, with some minor and one major issue(s) spotted so far. > > While installing the update went smooth (the improved Pakfire GUI is really nice - thanks > again to Leo!), I bumped into some IPS-related trouble afterwards: Network connections timed > out frequently, no matter whether they were directed to IPFire itself or not, and the GUI > (especially the graphs) took ages to load, if at all. This is a worry to me and should not happen. > Stopping the IPS and starting it again via the GUI solved the problem - I believe we should > do this in the update.sh script, but am not sure if there are cross-dependencies to something > else. There is no bug raised for this yet. This is even a bigger worry, because the IPS should not do this kind of stuff. > Also, I noticed Squid was not restarted during the update, which caused trouble until I > ran "/etc/init.d/squid restart" manually. Bug #12810 has been filed for this, and I just > submitted a patch fixing this a few minutes ago. > > Since my IPFire machine is rebooting every night via a scheduled job, I usually do not > conduct a manual reboot immediately after installing an update. This time, I felt it was a > good thing to do. Do people still do scheduled reboots? > Afterwards, Tor would not start again unless I disabled the "sandbox" feature manually. I > believe this is not a general problem, but due to the fact that we did not ship libseccomp. > Bug #12807 has been filed for this. Thank you. Merged. > Today (i. e. another reboot later), I noticed charon emitting some iptables warnings while > establishing an IPsec connection (filed as bug #12808), and, more important, some location- > based firewall rules not being properly loaded, which rendered DDNS - and subsequently IPsec > and OpenVPN - useless for me, since I am getting IP addresses assigned dynamically. Do you have more details on this? Do you believe the two problems are related? > Bug #12809 has been filed for the latter, and I believe this is a show-stopper. Oddly enough, > it did not appear after the first reboot, and _some_ location-based firewall rules were loaded > correctly after the second one. Manually reloading the rules via the GUI "solved" the problem > for now, but this is definitely something we need to have a look at before releasing C165. > > Apart from these, things look good to me. Tested IPFire functionalities in detail: > - IPsec (N2N connections only) > - Squid (authentication enabled, using an upstream proxy) > - OpenVPN (RW connections only) > - IPS/Suricata (with Emerging Threats community ruleset enabled) > - Guardian > - Quality of Service > - DNS (using DNS over TLS) > - Dynamic DNS > - Tor (relay mode) > > Thanks, and best regards, > Peter Müller -Michael