#!/bin/sh /etc/rc.common SERVICE_USE_PID=1 START=50 start() { user_exists ocserv 72 || user_add ocserv 72 72 /var/lib/ocserv group_exists ocserv 72 || group_add ocserv 72 [ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && { echo "Generating CA certificate..." mkdir -p /etc/ocserv/pki/ certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/ca-key.pem >/dev/null 2>&1 echo "cn=`uci get system.@system[0].hostname` CA" >/etc/ocserv/pki/ca.tmpl echo "expiration_days=-1" >>/etc/ocserv/pki/ca.tmpl echo "serial=1" >>/etc/ocserv/pki/ca.tmpl echo "ca" >>/etc/ocserv/pki/ca.tmpl echo "cert_signing_key" >>/etc/ocserv/pki/ca.tmpl certtool --template /etc/ocserv/pki/ca.tmpl \ --generate-self-signed --load-privkey /etc/ocserv/ca-key.pem \ --outfile /etc/ocserv/ca.pem >/dev/null 2>&1 } #generate server certificate/key [ ! -f /etc/ocserv/server-key.pem ] && [ -x /usr/bin/certtool ] && { echo "Generating server certificate..." mkdir -p /etc/ocserv/pki/ certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/server-key.pem >/dev/null 2>&1 echo "cn=`uci get system.@system[0].hostname`" >/etc/ocserv/pki/server.tmpl echo "serial=2" >>/etc/ocserv/pki/server.tmpl echo "expiration_days=-1" >>/etc/ocserv/pki/server.tmpl echo "signing_key" >>/etc/ocserv/pki/server.tmpl echo "encryption_key" >>/etc/ocserv/pki/server.tmpl certtool --template /etc/ocserv/pki/server.tmpl \ --generate-certificate --load-privkey /etc/ocserv/server-key.pem \ --load-ca-certificate /etc/ocserv/ca.pem --load-ca-privkey \ /etc/ocserv/ca-key.pem --outfile /etc/ocserv/server-cert.pem >/dev/null 2>&1 } [ -f /etc/ocserv/ocpasswd ] || { touch /etc/ocserv/ocpasswd } [ -f /var/run/ocserv.pid ] || { touch /var/run/ocserv.pid chown ocserv:ocserv /var/run/ocserv.pid } [ -d /var/lib/ocserv ] || { mkdir -m 0755 -p /var/lib/ocserv chmod 0700 /var/lib/ocserv chown ocserv:ocserv /var/lib/ocserv } service_start /usr/sbin/ocserv -c /etc/ocserv/ocserv.conf } stop() { service_stop /usr/sbin/ocserv }