Thanks for reporting back,
Am Dienstag, den 28.08.2018, 22:29 +0100 schrieb Paul Titjen:
Hi,
Thanks for the feedback. That certainly sorted the issue and the crypto warning has now gone. The root cause was that my original clean install of 2.21 core120 was then amended by an old 2.19 backup .ipf file. This has then put back an old version of /var/ipfire/ovpn/openssl/oven.cnf so adding those extended key usage lines back in and making new certs did the trick.
This behavior has been fixed https://cgit.ipfire.org/ipfire-2.x.git/commit/?id=291bfda71eb40a20dd4db77bac... since we excluded ovpn.cnf from the backup but that´s only one part since a backup do includes the old certificates with the old key usage of the digitalSignature in it so they need to be renewed in that case.
I have been caught out before by this restore of an old backup on a newer version of ipfire. My old restore had an include of a php extension in the Web server conf. After the restore Web interface disappeared on reboot due to apache failing the startup. Using command line soon fixed it once having worked out the cause.
This brings me to the backup ISO not working. Looking at the script it seems that it is downloading the ISO from ipfire download website with the core update number used in the source URL - the 123 iso is not yet available to download there and only the stable versions hence the fail. I am sure it works with 122. If all it does is get a clean iso then that still leaves the issue of breaking a clean install by restoring an old backup .ipf or does it build a new distribution based on the iso and the existing configuration files as a unique ISO for instant recreate of a system.
I think the core number problem in the URL should be fixed too https://cgit.ipfire.org/ipfire-2.x.git/commit/?id=f32cbd89d9990b2a1017b7ad19...
Best,
Erik