backup: Also update MLKEM configuration if a backup is being restored

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index a830e8c07d330e6be0044996dde99435b0c9b52a..0b8272266a5c8fe1ce6ffa33a98d7fe724df42a0 100644 (file)
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -331,6 +331,14 @@ restore_backup() {
                sed -i 'd' /var/ipfire/certs/index.txt
        fi
 
+       # Update MLKEM to only be used in combination with x25519
+       if ! grep -q "x25519-ke1_mlkem" /var/ipfire/vpn/config; then
+               sed -i -e "s@mlkem@x25519-ke1_mlkem@g" /var/ipfire/vpn/config
+
+               # Regenerate /etc/ipsec.conf
+               sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
+       fi
+
         # Restart ipsec if enabled
         # This will ensure that the restored certs and secrets etc are loaded and used
         if [ $(grep -c "ENABLED=on" /var/ipfire/vpn/settings) -eq 1  ] ; then