a1ab398957
This server is compatible with the openconnect client, and cisco's anyconnect clients. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> [florian: fix libcrypt detection and missing protobuf-c dependency] Signed-off-by: Florian Fainelli <florian@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/packages@40797 3c298f89-4303-0410-b956-a3cf2f4a3e73
62 lines
2.0 KiB
Bash
62 lines
2.0 KiB
Bash
#!/bin/sh /etc/rc.common
|
|
|
|
SERVICE_USE_PID=1
|
|
|
|
START=50
|
|
|
|
start() {
|
|
user_exists ocserv 72 || user_add ocserv 72 72 /var/lib/ocserv
|
|
group_exists ocserv 72 || group_add ocserv 72
|
|
|
|
[ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
|
|
echo "Generating CA certificate..."
|
|
mkdir -p /etc/ocserv/pki/
|
|
certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/ca-key.pem >/dev/null 2>&1
|
|
echo "cn=`uci get system.@system[0].hostname` CA" >/etc/ocserv/pki/ca.tmpl
|
|
echo "expiration_days=-1" >>/etc/ocserv/pki/ca.tmpl
|
|
echo "serial=1" >>/etc/ocserv/pki/ca.tmpl
|
|
echo "ca" >>/etc/ocserv/pki/ca.tmpl
|
|
echo "cert_signing_key" >>/etc/ocserv/pki/ca.tmpl
|
|
|
|
certtool --template /etc/ocserv/pki/ca.tmpl \
|
|
--generate-self-signed --load-privkey /etc/ocserv/ca-key.pem \
|
|
--outfile /etc/ocserv/ca.pem >/dev/null 2>&1
|
|
}
|
|
|
|
#generate server certificate/key
|
|
[ ! -f /etc/ocserv/server-key.pem ] && [ -x /usr/bin/certtool ] && {
|
|
echo "Generating server certificate..."
|
|
mkdir -p /etc/ocserv/pki/
|
|
certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/server-key.pem >/dev/null 2>&1
|
|
echo "cn=`uci get system.@system[0].hostname`" >/etc/ocserv/pki/server.tmpl
|
|
echo "serial=2" >>/etc/ocserv/pki/server.tmpl
|
|
echo "expiration_days=-1" >>/etc/ocserv/pki/server.tmpl
|
|
echo "signing_key" >>/etc/ocserv/pki/server.tmpl
|
|
echo "encryption_key" >>/etc/ocserv/pki/server.tmpl
|
|
certtool --template /etc/ocserv/pki/server.tmpl \
|
|
--generate-certificate --load-privkey /etc/ocserv/server-key.pem \
|
|
--load-ca-certificate /etc/ocserv/ca.pem --load-ca-privkey \
|
|
/etc/ocserv/ca-key.pem --outfile /etc/ocserv/server-cert.pem >/dev/null 2>&1
|
|
}
|
|
|
|
[ -f /etc/ocserv/ocpasswd ] || {
|
|
touch /etc/ocserv/ocpasswd
|
|
}
|
|
|
|
[ -f /var/run/ocserv.pid ] || {
|
|
touch /var/run/ocserv.pid
|
|
chown ocserv:ocserv /var/run/ocserv.pid
|
|
}
|
|
[ -d /var/lib/ocserv ] || {
|
|
mkdir -m 0755 -p /var/lib/ocserv
|
|
chmod 0700 /var/lib/ocserv
|
|
chown ocserv:ocserv /var/lib/ocserv
|
|
}
|
|
service_start /usr/sbin/ocserv -c /etc/ocserv/ocserv.conf
|
|
}
|
|
|
|
stop() {
|
|
service_stop /usr/sbin/ocserv
|
|
}
|
|
|