From bbbb0b9e01d342a5a5b4db14a37641a427786844 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Sat, 17 Dec 2022 14:46:32 +0000
Subject: [PATCH] backup(.pl): Replace OpenVPN DH parameter with ffdhe4096
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

This ensures restoring a backup won't silently bring back an insecure
Diffie-Hellman parameter (which could also not be inspected through the
web interface anymore).

Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/backup/backup.pl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 6fd9e45bb1..96e794439f 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -184,6 +184,9 @@ restore_backup() {
 	# move nobeeps if exist
 	[ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps
 
+	# Replace previously used OpenVPN Diffie-Hellman parameter by ffdhe4096
+	sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf /var/ipfire/ovpn/n2nconf/*/*.conf
+
 	# Update OpenVPN CRL
 	/etc/fcron.daily/openvpn-crl-updater
 
-- 
2.39.5