This ensures restoring a backup won't silently bring back an insecure Diffie-Hellman parameter (which could also not be inspected through the web interface anymore).
Reported-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/backup/backup.pl | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 6fd9e45bb..520d9315d 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -187,6 +187,15 @@ restore_backup() { # Update OpenVPN CRL /etc/fcron.daily/openvpn-crl-updater
+ # Replace previously used OpenVPN Diffie-Hellman parameter by ffdhe4096 + if [ -f /var/ipfire/ovpn/server.conf ]; then + sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf + fi + + if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then + sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf + fi + return 0 }