packages/net/ocserv/files/ocserv.init

#!/bin/sh /etc/rc.common

SERVICE_USE_PID=1

START=50

start() {
	user_exists ocserv 72 || user_add ocserv 72 72 /var/lib/ocserv
	group_exists ocserv 72 || group_add ocserv 72

	[ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
		echo "Generating CA certificate..."
		mkdir -p /etc/ocserv/pki/
		certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/ca-key.pem >/dev/null 2>&1
		echo "cn=`uci get system.@system[0].hostname` CA" >/etc/ocserv/pki/ca.tmpl
		echo "expiration_days=-1" >>/etc/ocserv/pki/ca.tmpl
		echo "serial=1" >>/etc/ocserv/pki/ca.tmpl
		echo "ca" >>/etc/ocserv/pki/ca.tmpl
		echo "cert_signing_key" >>/etc/ocserv/pki/ca.tmpl

		certtool --template /etc/ocserv/pki/ca.tmpl \
			--generate-self-signed --load-privkey /etc/ocserv/ca-key.pem \
			--outfile /etc/ocserv/ca.pem >/dev/null 2>&1
	}

	#generate server certificate/key
	[ ! -f /etc/ocserv/server-key.pem ] && [ -x /usr/bin/certtool ] && {
		echo "Generating server certificate..."
		mkdir -p /etc/ocserv/pki/
		certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/server-key.pem >/dev/null 2>&1
		echo "cn=`uci get system.@system[0].hostname`" >/etc/ocserv/pki/server.tmpl
		echo "serial=2" >>/etc/ocserv/pki/server.tmpl
		echo "expiration_days=-1" >>/etc/ocserv/pki/server.tmpl
		echo "signing_key" >>/etc/ocserv/pki/server.tmpl
		echo "encryption_key" >>/etc/ocserv/pki/server.tmpl
		certtool --template /etc/ocserv/pki/server.tmpl \
			--generate-certificate --load-privkey /etc/ocserv/server-key.pem \
			--load-ca-certificate /etc/ocserv/ca.pem --load-ca-privkey \
			/etc/ocserv/ca-key.pem --outfile /etc/ocserv/server-cert.pem >/dev/null 2>&1
	}

	[ -f /etc/ocserv/ocpasswd ] || {
		touch /etc/ocserv/ocpasswd
	}

	[ -f /var/run/ocserv.pid ] || {
		touch /var/run/ocserv.pid
		chown ocserv:ocserv /var/run/ocserv.pid
	}
	[ -d /var/lib/ocserv ] || {
		mkdir -m 0755 -p /var/lib/ocserv
		chmod 0700 /var/lib/ocserv
		chown ocserv:ocserv /var/lib/ocserv
	}
	service_start /usr/sbin/ocserv -c /etc/ocserv/ocserv.conf
}

stop() {
	service_stop /usr/sbin/ocserv
}
ocserv: Added ocserv 0.3.5, an SSL VPN server. This server is compatible with the openconnect client, and cisco's anyconnect clients. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> [florian: fix libcrypt detection and missing protobuf-c dependency] Signed-off-by: Florian Fainelli <florian@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/packages@40797 3c298f89-4303-0410-b956-a3cf2f4a3e73 2014-05-20 04:51:50 +00:00			`#!/bin/sh /etc/rc.common`

			`SERVICE_USE_PID=1`

			`START=50`

			`start() {`
			`user_exists ocserv 72 \|\| user_add ocserv 72 72 /var/lib/ocserv`
			`group_exists ocserv 72 \|\| group_add ocserv 72`

			`[ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {`
			`echo "Generating CA certificate..."`
			`mkdir -p /etc/ocserv/pki/`
			`certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/ca-key.pem >/dev/null 2>&1`
			echo "cn=`uci get system.@system[0].hostname` CA" >/etc/ocserv/pki/ca.tmpl
			`echo "expiration_days=-1" >>/etc/ocserv/pki/ca.tmpl`
			`echo "serial=1" >>/etc/ocserv/pki/ca.tmpl`
			`echo "ca" >>/etc/ocserv/pki/ca.tmpl`
			`echo "cert_signing_key" >>/etc/ocserv/pki/ca.tmpl`

			`certtool --template /etc/ocserv/pki/ca.tmpl \`
			`--generate-self-signed --load-privkey /etc/ocserv/ca-key.pem \`
			`--outfile /etc/ocserv/ca.pem >/dev/null 2>&1`
			`}`

			`#generate server certificate/key`
			`[ ! -f /etc/ocserv/server-key.pem ] && [ -x /usr/bin/certtool ] && {`
			`echo "Generating server certificate..."`
			`mkdir -p /etc/ocserv/pki/`
			`certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/server-key.pem >/dev/null 2>&1`
			echo "cn=`uci get system.@system[0].hostname`" >/etc/ocserv/pki/server.tmpl
			`echo "serial=2" >>/etc/ocserv/pki/server.tmpl`
			`echo "expiration_days=-1" >>/etc/ocserv/pki/server.tmpl`
			`echo "signing_key" >>/etc/ocserv/pki/server.tmpl`
			`echo "encryption_key" >>/etc/ocserv/pki/server.tmpl`
			`certtool --template /etc/ocserv/pki/server.tmpl \`
			`--generate-certificate --load-privkey /etc/ocserv/server-key.pem \`
			`--load-ca-certificate /etc/ocserv/ca.pem --load-ca-privkey \`
			`/etc/ocserv/ca-key.pem --outfile /etc/ocserv/server-cert.pem >/dev/null 2>&1`
			`}`

			`[ -f /etc/ocserv/ocpasswd ] \|\| {`
			`touch /etc/ocserv/ocpasswd`
			`}`

			`[ -f /var/run/ocserv.pid ] \|\| {`
			`touch /var/run/ocserv.pid`
			`chown ocserv:ocserv /var/run/ocserv.pid`
			`}`
			`[ -d /var/lib/ocserv ] \|\| {`
			`mkdir -m 0755 -p /var/lib/ocserv`
			`chmod 0700 /var/lib/ocserv`
			`chown ocserv:ocserv /var/lib/ocserv`
			`}`
			`service_start /usr/sbin/ocserv -c /etc/ocserv/ocserv.conf`
			`}`

			`stop() {`
			`service_stop /usr/sbin/ocserv`
			`}`