Add files via upload

AnyConnect/ocserv/group/Default

@@ -0,0 +1,10 @@
+## Config for group
+# cert-group-oid = 2.5.4.11
+# config-per-group = /etc/ocserv/group/
+# default-group-config = /etc/ocserv/group/Default
+# default-select-group = Default
+# auto-select-group = false
+
+## All Route List
+route = 0.0.0.0/128.0.0.0
+route = 128.0.0.0/128.0.0.0

AnyConnect/ocserv/group/NoRoute

@@ -0,0 +1,201 @@
+## No Route List
+no-route = 255.255.255.255/255.255.255.255
+no-route = 192.168.0.0/255.255.0.0
+
+no-route = 1.0.0.0/255.192.0.0
+no-route = 1.64.0.0/255.224.0.0
+no-route = 1.112.0.0/255.248.0.0
+no-route = 1.176.0.0/255.240.0.0
+no-route = 1.192.0.0/255.240.0.0
+no-route = 14.0.0.0/255.224.0.0
+no-route = 14.96.0.0/255.224.0.0
+no-route = 14.128.0.0/255.224.0.0
+no-route = 14.192.0.0/255.224.0.0
+no-route = 27.0.0.0/255.192.0.0
+no-route = 27.96.0.0/255.224.0.0
+no-route = 27.128.0.0/255.224.0.0
+no-route = 27.176.0.0/255.240.0.0
+no-route = 27.192.0.0/255.224.0.0
+no-route = 27.224.0.0/255.252.0.0
+no-route = 36.0.0.0/255.192.0.0
+no-route = 36.96.0.0/255.224.0.0
+no-route = 36.128.0.0/255.192.0.0
+no-route = 36.192.0.0/255.224.0.0
+no-route = 36.240.0.0/255.240.0.0
+no-route = 39.0.0.0/255.255.0.0
+no-route = 39.64.0.0/255.224.0.0
+no-route = 39.96.0.0/255.240.0.0
+no-route = 39.128.0.0/255.192.0.0
+no-route = 40.72.0.0/255.254.0.0
+no-route = 40.124.0.0/255.252.0.0
+no-route = 42.0.0.0/255.248.0.0
+no-route = 42.48.0.0/255.240.0.0
+no-route = 42.80.0.0/255.240.0.0
+no-route = 42.96.0.0/255.224.0.0
+no-route = 42.128.0.0/255.128.0.0
+no-route = 43.224.0.0/255.224.0.0
+no-route = 45.65.16.0/255.255.240.0
+no-route = 45.112.0.0/255.240.0.0
+no-route = 45.248.0.0/255.248.0.0
+no-route = 47.92.0.0/255.252.0.0
+no-route = 47.96.0.0/255.224.0.0
+no-route = 49.0.0.0/255.128.0.0
+no-route = 49.128.0.0/255.224.0.0
+no-route = 49.192.0.0/255.192.0.0
+no-route = 52.80.0.0/255.252.0.0
+no-route = 54.222.0.0/255.254.0.0
+no-route = 58.0.0.0/255.128.0.0
+no-route = 58.128.0.0/255.224.0.0
+no-route = 58.192.0.0/255.224.0.0
+no-route = 58.240.0.0/255.240.0.0
+no-route = 59.32.0.0/255.224.0.0
+no-route = 59.64.0.0/255.224.0.0
+no-route = 59.96.0.0/255.240.0.0
+no-route = 59.144.0.0/255.240.0.0
+no-route = 59.160.0.0/255.224.0.0
+no-route = 59.192.0.0/255.192.0.0
+no-route = 60.0.0.0/255.224.0.0
+no-route = 60.48.0.0/255.240.0.0
+no-route = 60.160.0.0/255.224.0.0
+no-route = 60.192.0.0/255.192.0.0
+no-route = 61.0.0.0/255.192.0.0
+no-route = 61.80.0.0/255.248.0.0
+no-route = 61.128.0.0/255.192.0.0
+no-route = 61.224.0.0/255.224.0.0
+no-route = 91.234.36.0/255.255.255.0
+no-route = 101.0.0.0/255.128.0.0
+no-route = 101.128.0.0/255.224.0.0
+no-route = 101.192.0.0/255.240.0.0
+no-route = 101.224.0.0/255.224.0.0
+no-route = 103.0.0.0/255.0.0.0
+no-route = 106.0.0.0/255.128.0.0
+no-route = 106.224.0.0/255.240.0.0
+no-route = 110.0.0.0/255.128.0.0
+no-route = 110.144.0.0/255.240.0.0
+no-route = 110.160.0.0/255.224.0.0
+no-route = 110.192.0.0/255.192.0.0
+no-route = 111.0.0.0/255.192.0.0
+no-route = 111.64.0.0/255.224.0.0
+no-route = 111.112.0.0/255.240.0.0
+no-route = 111.128.0.0/255.192.0.0
+no-route = 111.192.0.0/255.224.0.0
+no-route = 111.224.0.0/255.240.0.0
+no-route = 112.0.0.0/255.128.0.0
+no-route = 112.128.0.0/255.240.0.0
+no-route = 112.192.0.0/255.252.0.0
+no-route = 112.224.0.0/255.224.0.0
+no-route = 113.0.0.0/255.128.0.0
+no-route = 113.128.0.0/255.240.0.0
+no-route = 113.192.0.0/255.192.0.0
+no-route = 114.16.0.0/255.240.0.0
+no-route = 114.48.0.0/255.240.0.0
+no-route = 114.64.0.0/255.192.0.0
+no-route = 114.128.0.0/255.240.0.0
+no-route = 114.192.0.0/255.192.0.0
+no-route = 115.0.0.0/255.0.0.0
+no-route = 116.0.0.0/255.0.0.0
+no-route = 117.0.0.0/255.128.0.0
+no-route = 117.128.0.0/255.192.0.0
+no-route = 118.16.0.0/255.240.0.0
+no-route = 118.64.0.0/255.192.0.0
+no-route = 118.128.0.0/255.128.0.0
+no-route = 119.0.0.0/255.128.0.0
+no-route = 119.128.0.0/255.192.0.0
+no-route = 119.224.0.0/255.224.0.0
+no-route = 120.0.0.0/255.192.0.0
+no-route = 120.64.0.0/255.224.0.0
+no-route = 120.128.0.0/255.240.0.0
+no-route = 120.192.0.0/255.192.0.0
+no-route = 121.0.0.0/255.128.0.0
+no-route = 121.192.0.0/255.192.0.0
+no-route = 122.0.0.0/254.0.0.0
+no-route = 124.0.0.0/255.0.0.0
+no-route = 125.0.0.0/255.128.0.0
+no-route = 125.160.0.0/255.224.0.0
+no-route = 125.192.0.0/255.192.0.0
+no-route = 137.59.59.0/255.255.255.0
+no-route = 137.59.88.0/255.255.252.0
+no-route = 139.0.0.0/255.224.0.0
+no-route = 139.128.0.0/255.128.0.0
+no-route = 140.64.0.0/255.240.0.0
+no-route = 140.128.0.0/255.240.0.0
+no-route = 140.192.0.0/255.192.0.0
+no-route = 144.0.0.0/255.248.0.0
+no-route = 144.12.0.0/255.255.0.0
+no-route = 144.48.0.0/255.248.0.0
+no-route = 144.123.0.0/255.255.0.0
+no-route = 144.255.0.0/255.255.0.0
+no-route = 146.196.0.0/255.255.128.0
+no-route = 150.0.0.0/255.255.0.0
+no-route = 150.96.0.0/255.224.0.0
+no-route = 150.128.0.0/255.240.0.0
+no-route = 150.192.0.0/255.192.0.0
+no-route = 152.104.128.0/255.255.128.0
+no-route = 153.0.0.0/255.192.0.0
+no-route = 153.96.0.0/255.224.0.0
+no-route = 157.0.0.0/255.255.0.0
+no-route = 157.18.0.0/255.255.0.0
+no-route = 157.61.0.0/255.255.0.0
+no-route = 157.112.0.0/255.240.0.0
+no-route = 157.144.0.0/255.240.0.0
+no-route = 157.255.0.0/255.255.0.0
+no-route = 159.226.0.0/255.255.0.0
+no-route = 160.19.0.0/255.255.0.0
+no-route = 160.20.48.0/255.255.252.0
+no-route = 160.202.0.0/255.255.0.0
+no-route = 160.238.64.0/255.255.252.0
+no-route = 161.207.0.0/255.255.0.0
+no-route = 162.105.0.0/255.255.0.0
+no-route = 163.0.0.0/255.192.0.0
+no-route = 163.96.0.0/255.224.0.0
+no-route = 163.128.0.0/255.192.0.0
+no-route = 163.192.0.0/255.224.0.0
+no-route = 164.52.0.0/255.255.128.0
+no-route = 166.111.0.0/255.255.0.0
+no-route = 167.139.0.0/255.255.0.0
+no-route = 167.189.0.0/255.255.0.0
+no-route = 167.220.244.0/255.255.252.0
+no-route = 168.160.0.0/255.255.0.0
+no-route = 170.179.0.0/255.255.0.0
+no-route = 171.0.0.0/255.128.0.0
+no-route = 171.192.0.0/255.224.0.0
+no-route = 175.0.0.0/255.128.0.0
+no-route = 175.128.0.0/255.192.0.0
+no-route = 180.64.0.0/255.192.0.0
+no-route = 180.128.0.0/255.128.0.0
+no-route = 182.0.0.0/255.0.0.0
+no-route = 183.0.0.0/255.192.0.0
+no-route = 183.64.0.0/255.224.0.0
+no-route = 183.128.0.0/255.128.0.0
+no-route = 192.124.154.0/255.255.255.0
+no-route = 192.140.128.0/255.255.128.0
+no-route = 202.0.0.0/255.128.0.0
+no-route = 202.128.0.0/255.192.0.0
+no-route = 202.192.0.0/255.224.0.0
+no-route = 203.0.0.0/255.0.0.0
+no-route = 210.0.0.0/255.192.0.0
+no-route = 210.64.0.0/255.224.0.0
+no-route = 210.160.0.0/255.224.0.0
+no-route = 210.192.0.0/255.224.0.0
+no-route = 211.64.0.0/255.248.0.0
+no-route = 211.80.0.0/255.240.0.0
+no-route = 211.96.0.0/255.248.0.0
+no-route = 211.136.0.0/255.248.0.0
+no-route = 211.144.0.0/255.240.0.0
+no-route = 211.160.0.0/255.248.0.0
+no-route = 216.250.108.0/255.255.252.0
+no-route = 218.0.0.0/255.128.0.0
+no-route = 218.160.0.0/255.224.0.0
+no-route = 218.192.0.0/255.192.0.0
+no-route = 219.64.0.0/255.224.0.0
+no-route = 219.128.0.0/255.224.0.0
+no-route = 219.192.0.0/255.192.0.0
+no-route = 220.96.0.0/255.224.0.0
+no-route = 220.128.0.0/255.128.0.0
+no-route = 221.0.0.0/255.224.0.0
+no-route = 221.96.0.0/255.224.0.0
+no-route = 221.128.0.0/255.128.0.0
+no-route = 222.0.0.0/255.0.0.0
+no-route = 223.0.0.0/255.224.0.0
+no-route = 223.64.0.0/255.192.0.0
+no-route = 223.128.0.0/255.128.0.0

AnyConnect/ocserv/group/Route

@@ -0,0 +1,172 @@
+## Route List
+route = 0.0.0.0/248.0.0.0
+route = 8.0.0.0/254.0.0.0
+route = 11.0.0.0/255.0.0.0
+route = 12.0.0.0/252.0.0.0
+route = 16.0.0.0/248.0.0.0
+route = 24.0.0.0/254.0.0.0
+route = 26.0.0.0/255.0.0.0
+route = 27.0.0.0/255.128.0.0
+route = 27.128.0.0/255.192.0.0
+route = 27.224.0.0/255.224.0.0
+route = 28.0.0.0/252.0.0.0
+route = 32.0.0.0/252.0.0.0
+route = 36.0.0.0/255.192.0.0
+route = 36.64.0.0/255.224.0.0
+route = 36.224.0.0/255.224.0.0
+route = 37.0.0.0/255.0.0.0
+route = 38.0.0.0/255.0.0.0
+route = 39.0.0.0/255.192.0.0
+route = 39.96.0.0/255.224.0.0
+route = 39.192.0.0/255.192.0.0
+route = 40.0.0.0/252.0.0.0
+route = 44.0.0.0/254.0.0.0
+route = 46.0.0.0/255.0.0.0
+route = 47.0.0.0/255.192.0.0
+route = 47.64.0.0/255.224.0.0
+route = 47.128.0.0/255.128.0.0
+route = 48.0.0.0/255.0.0.0
+route = 49.0.0.0/255.192.0.0
+route = 49.96.0.0/255.224.0.0
+route = 49.128.0.0/255.128.0.0
+route = 50.0.0.0/254.0.0.0
+route = 52.0.0.0/252.0.0.0
+route = 56.0.0.0/254.0.0.0
+route = 58.0.0.0/255.224.0.0
+route = 58.64.0.0/255.192.0.0
+route = 58.128.0.0/255.192.0.0
+route = 58.224.0.0/255.224.0.0
+route = 59.0.0.0/255.224.0.0
+route = 59.64.0.0/255.192.0.0
+route = 59.128.0.0/255.192.0.0
+route = 60.32.0.0/255.224.0.0
+route = 60.64.0.0/255.192.0.0
+route = 60.128.0.0/255.224.0.0
+route = 60.192.0.0/255.192.0.0
+route = 61.0.0.0/255.128.0.0
+route = 61.192.0.0/255.192.0.0
+route = 62.0.0.0/254.0.0.0
+route = 64.0.0.0/224.0.0.0
+route = 96.0.0.0/248.0.0.0
+route = 104.0.0.0/252.0.0.0
+route = 108.0.0.0/254.0.0.0
+route = 110.0.0.0/255.192.0.0
+route = 110.64.0.0/255.224.0.0
+route = 110.128.0.0/255.192.0.0
+route = 110.224.0.0/255.224.0.0
+route = 111.64.0.0/255.192.0.0
+route = 111.160.0.0/255.224.0.0
+route = 111.192.0.0/255.192.0.0
+route = 112.64.0.0/255.192.0.0
+route = 112.128.0.0/255.192.0.0
+route = 112.192.0.0/255.224.0.0
+route = 113.0.0.0/255.192.0.0
+route = 113.128.0.0/255.128.0.0
+route = 114.0.0.0/255.128.0.0
+route = 114.128.0.0/255.192.0.0
+route = 114.192.0.0/255.224.0.0
+route = 115.0.0.0/255.128.0.0
+route = 115.128.0.0/255.192.0.0
+route = 115.224.0.0/255.224.0.0
+route = 116.0.0.0/255.128.0.0
+route = 116.192.0.0/255.192.0.0
+route = 117.0.0.0/255.128.0.0
+route = 117.192.0.0/255.192.0.0
+route = 118.0.0.0/254.0.0.0
+route = 120.0.0.0/255.128.0.0
+route = 120.128.0.0/255.192.0.0
+route = 121.0.0.0/255.240.0.0
+route = 121.16.0.0/255.240.0.0
+route = 121.32.0.0/255.240.0.0
+route = 121.48.0.0/255.254.0.0
+route = 121.50.0.0/255.255.0.0
+route = 121.52.0.0/255.252.0.0
+route = 121.56.0.0/255.248.0.0
+route = 121.64.0.0/255.192.0.0
+route = 121.128.0.0/255.128.0.0
+route = 122.0.0.0/255.192.0.0
+route = 122.96.0.0/255.224.0.0
+route = 122.128.0.0/255.128.0.0
+route = 123.0.0.0/255.192.0.0
+route = 123.96.0.0/255.224.0.0
+route = 123.128.0.0/255.128.0.0
+route = 124.0.0.0/255.0.0.0
+route = 125.0.0.0/255.192.0.0
+route = 125.96.0.0/255.224.0.0
+route = 125.128.0.0/255.128.0.0
+route = 126.0.0.0/254.0.0.0
+route = 128.0.0.0/248.0.0.0
+route = 136.0.0.0/252.0.0.0
+route = 140.0.0.0/255.128.0.0
+route = 140.128.0.0/255.192.0.0
+route = 140.192.0.0/255.248.0.0
+route = 140.200.0.0/255.252.0.0
+route = 140.204.0.0/255.255.0.0
+route = 140.208.0.0/255.240.0.0
+route = 140.224.0.0/255.224.0.0
+route = 141.0.0.0/255.0.0.0
+route = 142.0.0.0/254.0.0.0
+route = 144.0.0.0/240.0.0.0
+route = 160.0.0.0/248.0.0.0
+route = 168.0.0.0/255.128.0.0
+route = 168.128.0.0/255.192.0.0
+route = 168.192.0.0/255.224.0.0
+route = 168.224.0.0/255.240.0.0
+route = 168.240.0.0/255.248.0.0
+route = 168.248.0.0/255.252.0.0
+route = 168.252.0.0/255.254.0.0
+route = 168.255.0.0/255.255.0.0
+route = 169.0.0.0/255.0.0.0
+route = 170.0.0.0/254.0.0.0
+route = 172.0.0.0/255.240.0.0
+route = 172.32.0.0/255.224.0.0
+route = 172.64.0.0/255.192.0.0
+route = 172.128.0.0/255.128.0.0
+route = 173.0.0.0/255.0.0.0
+route = 174.0.0.0/255.0.0.0
+route = 175.0.0.0/255.192.0.0
+route = 175.96.0.0/255.224.0.0
+route = 175.128.0.0/255.128.0.0
+route = 176.0.0.0/252.0.0.0
+route = 180.0.0.0/255.192.0.0
+route = 180.64.0.0/255.224.0.0
+route = 180.128.0.0/255.128.0.0
+route = 181.0.0.0/255.0.0.0
+route = 182.0.0.0/255.192.0.0
+route = 182.64.0.0/255.224.0.0
+route = 182.128.0.0/255.128.0.0
+route = 183.64.0.0/255.192.0.0
+route = 183.160.0.0/255.224.0.0
+route = 184.0.0.0/248.0.0.0
+route = 192.0.0.0/255.128.0.0
+route = 192.128.0.0/255.224.0.0
+route = 192.160.0.0/255.248.0.0
+route = 192.169.0.0/255.255.0.0
+route = 192.170.0.0/255.254.0.0
+route = 192.172.0.0/255.252.0.0
+route = 192.176.0.0/255.240.0.0
+route = 192.192.0.0/255.192.0.0
+route = 193.0.0.0/255.0.0.0
+route = 194.0.0.0/254.0.0.0
+route = 196.0.0.0/252.0.0.0
+route = 200.0.0.0/248.0.0.0
+route = 208.0.0.0/248.0.0.0
+route = 216.0.0.0/254.0.0.0
+route = 218.32.0.0/255.224.0.0
+route = 218.96.0.0/255.224.0.0
+route = 218.128.0.0/255.128.0.0
+route = 219.0.0.0/255.128.0.0
+route = 219.160.0.0/255.224.0.0
+route = 219.192.0.0/255.192.0.0
+route = 220.0.0.0/255.128.0.0
+route = 220.128.0.0/255.224.0.0
+route = 220.192.0.0/255.192.0.0
+route = 221.0.0.0/255.0.0.0
+route = 222.0.0.0/255.224.0.0
+route = 222.96.0.0/255.224.0.0
+route = 222.128.0.0/255.192.0.0
+route = 222.224.0.0/255.224.0.0
+route = 223.0.0.0/255.192.0.0
+route = 223.96.0.0/255.224.0.0
+route = 223.128.0.0/255.128.0.0
+route = 224.0.0.0/224.0.0.0

AnyConnect/ocserv/iptables.rules

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+ifname=`cat /proc/net/dev | awk -F: 'function trim(str){sub(/^[ \t]*/,"",str); sub(/[ \t]*$/,"",str); return str } NR>2 {print trim($1)}'  | grep -Ev '^lo|^sit|^stf|^gif|^dummy|^vmnet|^vir|^gre|^ipip|^ppp|^bond|^tun|^tap|^ip6gre|^ip6tnl|^teql|^ocserv' | awk 'NR==1 {print $0}'`
+[ -n "$ifname" ] || exit 1
+DIR=`dirname "$0"`
+TCP=`cat "${DIR}/ocserv.conf" |grep '#\?tcp-port' |cut -d"=" -f2 |sed 's/\s//g'`
+UDP=`cat "${DIR}/ocserv.conf" |grep '#\?udp-port' |cut -d"=" -f2 |sed 's/\s//g'`
+iptables -t nat -A POSTROUTING -o ${ifname} -j MASQUERADE
+[ -n "$TCP" ] && iptables -I INPUT -p tcp --dport ${TCP} -j ACCEPT
+[ -n "$UDP" ] && iptables -I INPUT -p udp --dport ${UDP} -j ACCEPT
+iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

AnyConnect/ocserv/ocserv.conf

@@ -0,0 +1,62 @@
+# ocserv.conf
+
+auth = "plain[passwd=/etc/ocserv/ocpasswd]"
+#auth = "certificate"
+#enable-auth = "plain[passwd=/etc/ocserv/ocpasswd]"
+enable-auth = "certificate"
+
+# TCP and UDP port number
+tcp-port = 443
+#udp-port = 443
+
+server-cert = /etc/ocserv/server.cert.pem
+server-key = /etc/ocserv/server.key.pem
+ca-cert = /etc/ocserv/ca.cert.pem
+dh-params = /etc/ocserv/dh.pem
+
+socket-file = /var/run/ocserv.socket
+occtl-socket-file = /var/run/occtl.socket
+pid-file = /var/run/ocserv.pid
+user-profile = /etc/ocserv/profile.xml
+run-as-user = nobody
+run-as-group = nogroup
+cert-user-oid = 2.5.4.3
+cert-group-oid = 2.5.4.11
+config-per-group = /etc/ocserv/group
+default-group-config = /etc/ocserv/group/Default
+default-select-group = Default
+auto-select-group = false
+net-priority = 6
+max-clients = 256
+max-same-clients = 256
+switch-to-tcp-timeout = 0
+max-ban-score = 0
+keepalive = 32400
+dpd = 96
+mobile-dpd = 1800
+#output-buffer = 1000
+try-mtu-discovery = true
+compression = false
+no-compress-limit = 512
+auth-timeout = 48 
+idle-timeout = 1024
+mobile-idle-timeout = 1024
+cookie-timeout = 32400
+persistent-cookies = true
+deny-roaming = false
+rekey-time = 32400
+rekey-method = ssl
+use-utmp = true
+use-occtl = true
+device = ocserv
+predictable-ips = false
+ping-leases = false
+dtls-psk = false
+cisco-client-compat = true
+tunnel-all-dns = true
+isolate-workers = false
+tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
+ipv4-network = 192.168.8.0
+ipv4-netmask = 255.255.255.0
+dns = 192.168.8.1
+

AnyConnect/ocserv/ocserv.d

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+MyPath="$(dirname `readlink -f "$0"`)"
+MyPort="$(cat ${MyPath}/ocserv.conf |grep '^tcp-port' |grep -o '[0-9]*')"
+MyStartUp="/etc/init.d/ocserv"
+command -v nc >>/dev/null 2>&1
+[ $? -ne 0 ] && exit 1
+[ -e ${MyStartUp} ] || exit 1
+
+PORT_STATUS(){
+  nc -w 1 -vz 0.0.0.0 ${MyPort} >/dev/null 2>&1
+  [[ "$?" == "0" ]] && echo "0" || echo "1"
+}
+
+SCAN(){
+  if [[ "$(PORT_STATUS)" == "0" ]]; then
+    sleep 300;
+  else
+    bash ${MyStartUp} restart
+    sleep 10;
+  fi
+}
+
+while true; do SCAN; done

AnyConnect/ocserv/template/ca.tmpl

@@ -0,0 +1,8 @@
+cn = "MoeClub CA"
+organization = "MoeClub"
+serial = 1
+expiration_days = 1825
+ca
+signing_key
+cert_signing_key
+crl_signing_key

AnyConnect/ocserv/template/client.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+FriendlyName="AnyConnect"
+CA="Moeclub"
+
+[ $# -eq '1' ] && PASSWORD="$1";
+command -v openssl >>/dev/null 2>&1
+[ $? -ne 0 ] && echo "Not Found `openssl`" && exit 1
+command -v certtool >>/dev/null 2>&1
+[ $? -ne 0 ] && echo "Not Found `certtool`" && exit 1
+
+
+Check() {
+  if [ ! -f "./$1" ]; then
+    echo "Not Found $1"
+    exit 1
+  fi
+}
+
+Remove() {
+  [ -n "$1" ] || exit 1
+  if [ -f "./$1" ]; then
+    rm -rf "./$1"
+  fi
+}
+
+## Generate CA
+# certtool --generate-privkey --outfile ./ca-key.pem
+# certtool --generate-self-signed --load-privkey ./ca-key.pem --template ./ca.tmpl --outfile ./ca-cert.pem
+
+Check "ca-cert.pem"
+Check "ca-key.pem"
+Check "user.tmpl"
+Remove "user-key.pem"
+Remove "user-cert.pem"
+GROUP=`sed -n '/^unit/p' user.tmp |cut -d'"' -f2`
+[ ! -n "$GROUP" ] && echo "No Group." && exit 1
+certtool --generate-privkey --outfile ./user-key.pem
+certtool --generate-certificate --hash SHA256 --load-privkey ./user-key.pem --load-ca-certificate ./ca-cert.pem --load-ca-privkey ./ca-key.pem --template ./user.tmpl --outfile ./user-cert.pem
+cat ./ca-cert.pem >>./user-cert.pem
+openssl pkcs12 -export -inkey ./user-key.pem -in ./user-cert.pem -name "${FriendlyName}.${GROUP}" -certfile ./ca-cert.pem -caname "${CA}" -out "./${GROUP}.p12" -passout pass:$PASSWORD
+[ $? -eq '0' ] && echo -e "\nSuccess! \nGROUP\t\tPASSWORD\n$GROUP\t\t$PASSWORD\n" || echo -e "\nFail! \n";

AnyConnect/ocserv/template/user.tmpl

@@ -0,0 +1,5 @@
+cn = "MoeClub.Default"
+unit = "User.Default"
+expiration_days = 1825
+signing_key
+tls_www_client