Merge remote-tracking branch 'origin/core120' into kernel-4.14

config/rootfiles/core/120/update.sh

@@ -58,6 +58,9 @@ if [ -e /var/ipfire/ovpn/server.conf ]; then
 	sed -i -e 's/script-security 3 system/script-security 3/' \
 		-e '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf
 
+	# Disable Path MTU discovery settings
+	sed -e "/^mtu-disc/d" -i /var/ipfire/ovpn/server.conf
+
 	# Update the OpenVPN CRL
 	openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem \
 		-cert /var/ipfire/ovpn/ca/cacert.pem \
@@ -67,19 +70,28 @@ if [ -e /var/ipfire/ovpn/server.conf ]; then
 	/usr/local/bin/openvpnctrl -s
 fi
 
+# Update OpenVPN N2N configurations
+/usr/local/bin/openvpnctrl -kn2n
+
+for file in /var/ipfire/ovpn/n2nconf/*/*.conf; do
+	sed -e "/^mtu-disc/d" -i ${file}
+done
+
+/usr/local/bin/openvpnctrl -sn2n
+
 # Start services
 /etc/init.d/apache restart
 /etc/init.d/unbound restart
 
+# Regenerate IPsec configuration
+sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
+if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
+	/etc/init.d/ipsec restart
+fi
+
 # Remove deprecated SSH configuration option
 sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config
 
-# Remove any pakfire keys stored in /
-rm -rfv /.gnupg
-
-# Move old pakfire keystore into new place
-mv -v /root/.gnupg /opt/pakfire/etc/.gnupg
-
 # Import new Pakfire key
 /etc/init.d/pakfire start