Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• 2023-08-27

Progress call: 17:00 UTC

• OpenVPN bugs resolved (sunil)
  • Fixed issue with install in testing
  • Server-certificate overwrite issue was fixed
  • Certificate expiry date is being set to 2 years by default, instead of the desired 10 years. This is fixed.
    • Added upgrade code to fix the certificate expiry.
  • easy-rsa3 uses config files instead of env vars.

  • Certificates will be renewed automatically. Server certificate handled automatically. Client certificate stored on the FreedomBox.

    • Users have to download the user profile again, with the 10 years expiry.
• Update on Diagnostics daily run (sunil)
  • James completed work on daily run but running into issues with using Operation class.
  • James submitted a patch for showing proper error message when database is busy/locked.
• systemd-resolved for DNS resolution (sunil)
  • DNS over TLS: helps in overcoming censorship, but centralized DNS servers get all the domain names accessed
    • Have to check if systemd-resolved considers /etc/hosts file (e.g. for ad-blocking)

    • Use case: Configure FreedomBox to do the DNS resolution instead of the router. All connected devices get DNS over TLS, whether they support it or not.

  • DNSSec

  • NetworkManager automatically prefers systemd-resolved as the resolver.

  • /etc/resolv.conf will be a symlink to a file maintained by systemd-resolved
    • After installing systemd-resolved, the current DNS info will be lost and people have to reboot the machine

    • FreedomBox installed on Debian could have problems

  • avahi daemon is no longer necessary when using systemd-resolved, but can co-exist with it
    • systemd-resolved can resolve mdns queries
  • llmr daemon is not required
  • libraries like libnss.gateway can be removed
  • Can be enabled as an app, where features like DNS over TLS can be controlled.
    • Trade-off with ad-blocking. Pick either systemd-resolved or Pi-Hole. Hopefully they might co-exist.

  • Optional, but installed by default in FreedomBox images.

  • Clash with BIND (port 53) discussed in the previous progress call

• Joseph will be attending Debconf and DebCamp

  • Will work on packaging cryptpad