Hi all,

I too am testing core update 123.

My version of ipfire was a new install of 2.21 core update 122 followed by a restore of an .ipf backup from last 2.19.  This was then moved up to Core Update 123.

So far stable and have only two issues unresolved so far.

Backup.

Generate ISO is still not working for me.  I still have a size of 0.00 MB.  Web gui shows "Backup from ipfire-2.21.x86_64-full-core123.iso Size 0.00 MB"

The normal backup to generate an ".ipf" file does work. Web gui shows "Backup from 20180823-1150.ipf Size 14.38 MB"

Downloading these backups confirms the sizes shown.

OpenVPN

Initially had the two crypto warnings so deleted all the cert data and then generated new DH parameters with 3076 value.  Then generated new certificate data using the 3076 value. This removed the DH size warning but still leaves the  following:

Cryptographic warning

Your host certificate is not RFC3280 compliant.

Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.

All OpenVPN clients needs then to be renewed!

I looked for any settings that I could apply in web GUI to set extendkeyusage with TLS Web Server Authentication in the cert generation to make the warning go away but could not find a way to do this.

+       # Warning if certificate is not compliant to RFC3280 TLS rules

+       if (-f "${General::swroot}/ovpn/certs/servercert.pem") {

+               my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;

+               if ($extendkeyusage !~ /TLS Web Server Authentication/) {

+                       $cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";

+                       goto CRYPTO_WARNING;

+               }

+       }

+

+       CRYPTO_WARNING:

Is OpenVPN going to require critical extends on the certs in the future?

Hope this somewhat limited testing information helps.

Regards,

Paul