Hello, > On 23 May 2021, at 17:15, Peter Müller wrote: > > Hello *, > > Core Update 157 (testing, see: https://blog.ipfire.org/post/ipfire-2-25-core-update-157-available-for-testing) > is running here for about two days by now. While it did not introduce a major issue or a show-stopper, some minor > quirks came to my attention: > > (a) As several other testers already noticed, the update script is missing a "/usr/local/bin/sshctrl" call to > apply changed SSH configurations. Patch https://patchwork.ipfire.org/patch/4351/ will fix that, bug #12627 > has been filed for this. Merged. Thank you. > (b) Currently, the update still misses an updated version of the backup.pl script, leaving users vulnerable to > #12619. Patch https://patchwork.ipfire.org/patch/4352/ will fix that. Also merged. > (c) Other parts of the https://patchwork.ipfire.org/project/ipfire/list/?series=2069 patch series clean up > bits and pieces left over from pppd 2.4.8, and fix some permissions for NRPE plugins. Just mentioning that > for the sake of completeness, none of that is critical. Merged this too, although it strictly didn’t need to be in 157. > (d) The output of "memory.cgi" file is missing some information due to insufficient parsing of "free" results. > Bug #12628 has been filed for that - feel free to grab it and work on that, as the Perl script appears rather > hacky to me -; this issue appeared on Core Update 156 as well. Looks like this is going into 158 then. > Every now and then, I continue to suffer from an unknown bug causing VoIP calls not to be established properly (see: > https://lists.ipfire.org/pipermail/development/2021-March/009656.html). The changelog file for Linux 4.14.222 > (https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.222) mentions a commit f66f9f73e0303e0b498529cc72febbbfa11e2103, > which reads "netfilter: conntrack: skip identical origin tuple in same zone only" and _might_ be related to that. > > Unfortunately, I can currently neither confirm nor deny that this issue has been fixed, as I am unable to install > the testing update on a second, productive IPFire machine as well. > > Tested IPFire functionalities in detail: > - IPsec (N2N connections only) > - Squid (authentication enabled, using an upstream proxy) > - OpenVPN (RW connections only) > - IPS/Suricata (with Emerging Threats community ruleset enabled) > - Guardian > - Quality of Service > - DNS (using DNS over TLS and strict QNAME minimisation) > - Dynamic DNS > - Tor (relay mode) > > (a) to (c) require rebuilding Core Update 157. After this has been done and validated to be fixing the problems > mentioned, I look forward to the release of this Core Update. They are pushed and the build should be available in a couple of hours. Thanks for the feedback… -Michael > > Thanks, and best regards, > Peter Müller