Some of those are correct and some not. For instance the ovpn/certs should not be world readable so 700 is correct.
Read this forum post about permissions. It gives the command to only change the directories that need to be set to 755.
https://community.ipfire.org/t/trouble-when-upgrading-from-core-157-to-core-158/5842/56