Re: ocservice — a bash toolkit for managing ocserv users

Wed Apr 22 10:56:12 PDT 2026

Hi Nikos,

Thank you so much for taking the time to respond — it means a great deal 
to me that you noticed ocservice.

To be honest, I haven't yet found anything in occtl that would block my 
plans for the tool. The current feature set is well covered by what 
occtl already provides. I'll study occtl more carefully as the project 
evolves, and if I come across something where better occtl support would 
make a real difference, I'll be sure to reach out.

I'd also be curious to hear your perspective — you know the ocserv user 
base better than anyone. Are there common administration pain points 
that you think a tool like ocservice could address? I developed it to 
solve my own administration needs, but I realize there may be broader 
use cases and pain points I'm not aware of.

Your response is a huge source of inspiration. I run ocserv in 
production with real users, and ocservice grew directly out of that 
experience. Knowing that the author of ocserv finds it interesting 
motivates me to keep developing it.

Best regards,
Ilyntiy

21.04.2026 13:30, Nikos Mavrogiannopoulos пишет:
> Hi Ilyntiy,
>   It looks pretty cool! Is there something that occtl can do to enable this tool further?
>
> Regards,
> Nikos
>
> Sent from Outlook for iOS<https://aka.ms/o0ukef>
> ________________________________
> From: openconnect-devel <openconnect-devel-bounces at lists.infradead.org> on behalf of Xryndelson <xryndelson at gmail.com>
> Sent: Saturday, April 11, 2026 12:43:50 PM
> To: openconnect-devel at lists.infradead.org <openconnect-devel at lists.infradead.org>
> Subject: ocservice — a bash toolkit for managing ocserv users
>
> Hi,
>
> I wanted to share a tool I've been using in production for managing
> ocserv users — ocservice.
>
> It's a set of bash scripts designed for servers where ocserv is built
> from source with a custom prefix and easy-rsa is used for PKI. The main
> features:
>
> - Create certificate users (easy-rsa + .p12 export)
> - Create login/password users via ocpasswd
> - User Management Center — lists all users with certificate dates, ban
> points, online status, connection limits
> - Supports cert, plain and both auth modes
> - config-per-user file created automatically for each user with a
> commented settings template
> - Certificate date cache for fast loading with large user counts (100+
> users)
> - Username pool for generating unique names automatically
> - install.sh detects existing installations and updates without
> overwriting user data
>
> I run it on a server with ~100 users and it handles day-to-day
> administration without touching ocserv internals directly.
>
> Repository: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FIlyntiy%2Focservice&data=05%7C02%7C%7Caafe2dd43749467da74608de97b74aea%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639115010653751840%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=sdDf7IQBd3j3Z%2FQH2bU6NBKEDs4SojeyQs%2Bz2VFgz7g%3D&reserved=0<https://github.com/Ilyntiy/ocservice>
>
> Feedback and suggestions are welcome.
>
> Best regards,
> Ilyntiy
>
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.infradead.org%2Fmailman%2Flistinfo%2Fopenconnect-devel&data=05%7C02%7C%7Caafe2dd43749467da74608de97b74aea%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639115010653790934%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=GZA6hca00pep6IGXsdEDwr4sp399CtTJrYuElVPlVIE%3D&reserved=0<http://lists.infradead.org/mailman/listinfo/openconnect-devel>
>