Agenda
- Core Update 175
- Core Update 176
- Squid-Clamav
- running with version 5.11 from 2012.
- Current version is 7.2 but requires ICAP.
- Is it still worth supporting with most websites being HTTPS?
- Organize IPFire meet-up
- IPFire 3.x news
Attendees
- Adolf
- Arne
- Jonatan
- Michael
- Stefan
- Peter
Log
Core Update 175
- OpenSSL 3.x legacy provider is mandatory for extracting any PKCS12 container created by OpenSSL 1.1.1x
- For OpenVPN N2N connections, this wasn't sufficient
- This option must go into the OpenVPN client configuration, too
- OpenVPN has its own OpenSSL configuration file
unique_subject = yes necessary for IPsec (patch), even though this is the default?!- Adolf did lots of last-minute work on that update to get the coals out of the fire (sic!)
- Creating new OpenVPN RW and N2N tested
- Creating new IPsec RW and N2N untested so far, Peter will take care about this in due course
- Existing IPsec connections confirmed to continue to work fine
- Situation requires a wiki article, to save us from a massive headache, particularly in the forum
- Michael will take care of this
- Make clear that the entire OpenSSL mess is not our fault
- There is nothing we can comprehensively do about it
- Not updating to Core Update 175 does not avoid the issue
- Core Update 175 is not the root cause of the problem
- OpenVPN really is a major source of trouble, and has been repeatedly
- Again, do we really want this in IPFire 3.x?
- If not, we definitely need to provide an alternative
- Alternative: Fresh start with OpenVPN, requiring users to regenerate their certificates and configurations
- Point in favour: Possibility to tunnel it over TCP to port 443 => get around crappy WiFis
Organize IPFire meet-up
- Something in September 2023?
- Michael will send around an e-mail concerning this tomorrow
IPFire 3.x news