webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

backup(.pl): Replace OpenVPN DH parameter with ffdhe4096

Browse Source 
This ensures restoring a backup won't silently bring back an insecure
Diffie-Hellman parameter (which could also not be inspected through the
web interface anymore).

Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This commit is contained in:
Peter Müller
2022-12-17 14:46:32 +00:00
parent ee7944fe32
commit bbbb0b9e01
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/backup/backup.pl
View File

@@ -184,6 +184,9 @@ restore_backup() {
# move nobeeps if exist # move nobeeps if exist
[ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps [ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps
# Replace previously used OpenVPN Diffie-Hellman parameter by ffdhe4096
sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf /var/ipfire/ovpn/n2nconf/*/*.conf
# Update OpenVPN CRL # Update OpenVPN CRL
/etc/fcron.daily/openvpn-crl-updater /etc/fcron.daily/openvpn-crl-updater