Also, backup.pl is actually a shell script, so it should either go as "backup.sh"
or without any file suffix whatsoever. :-)

> This ensures restoring a backup won't silently bring back an insecure
> Diffie-Hellman parameter (which could also not be inspected through the
> web interface anymore).
> 
> Reported-by: Michael Tremer <michael.tremer(a)ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
>  config/backup/backup.pl | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/config/backup/backup.pl b/config/backup/backup.pl
> index 6fd9e45bb..520d9315d 100644
> --- a/config/backup/backup.pl
> +++ b/config/backup/backup.pl
> @@ -187,6 +187,15 @@ restore_backup() {
>  	# Update OpenVPN CRL
>  	/etc/fcron.daily/openvpn-crl-updater
>  
> +	# Replace previously used OpenVPN Diffie-Hellman parameter by ffdhe4096
> +	if [ -f /var/ipfire/ovpn/server.conf ]; then
> +		sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf
> +	fi
> +
> +	if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
> +		sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf
> +	fi
> +
>  	return 0
>  }
>