From 5d0b4d3b9df0d93aeb3d2400550c5ee355ba7146 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 28 May 2025 14:14:04 +0000
Subject: [PATCH] backup: Also update MLKEM configuration if a backup is being
 restored

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/backup/backup.pl | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index a830e8c07..0b8272266 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -331,6 +331,14 @@ restore_backup() {
 		sed -i 'd' /var/ipfire/certs/index.txt
 	fi
 
+	# Update MLKEM to only be used in combination with x25519
+	if ! grep -q "x25519-ke1_mlkem" /var/ipfire/vpn/config; then
+		sed -i -e "s@mlkem@x25519-ke1_mlkem@g" /var/ipfire/vpn/config
+
+		# Regenerate /etc/ipsec.conf
+		sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
+	fi
+
         # Restart ipsec if enabled
         # This will ensure that the restored certs and secrets etc are loaded and used
         if [ $(grep -c "ENABLED=on" /var/ipfire/vpn/settings) -eq 1  ] ; then
-- 
2.39.5