moon::/etc/init.d/iptables start 2> /dev/null
carol::/etc/init.d/iptables start 2> /dev/null
carol::rm /etc/ipsec.d/private/*
carol::rm /etc/ipsec.d/certs/*
carol::cat /etc/scepclient.conf
carol::ipsec scepclient --dn \"C=CH, O=Linux strongSwan, CN=carol@strongswan.org\" --optionsfrom /etc/scepclient.conf
winnetou::scp carol:/etc/ipsec.d/reqs/myReq.der /etc/openssl/carolReq.der
winnetou::openssl req -inform der -in /etc/openssl/carolReq.der -out /etc/openssl/carolReq.pem
winnetou::cd /etc/openssl; COMMON_NAME="carol@strongswan.org" openssl ca -in carolReq.pem -out carolCert.pem -notext -config openssl.cnf -extensions user_ext < yy.txt
winnetou::scp /etc/openssl/carolCert.pem carol:/etc/ipsec.d/certs/myCert.pem
moon::rm /etc/ipsec.d/private/*
moon::rm /etc/ipsec.d/certs/*
moon::cat /etc/scepclient.conf
moon::ipsec scepclient --dn \"C=CH, O=Linux strongSwan, SN=01, CN=moon.strongswan.org\" --optionsfrom /etc/scepclient.conf
winnetou::scp moon:/etc/ipsec.d/reqs/moonReq.der /etc/openssl/
winnetou::openssl req -inform der -in /etc/openssl/moonReq.der -out /etc/openssl/moonReq.pem
winnetou::cd /etc/openssl; COMMON_NAME="moon.strongswan.org" openssl ca -in moonReq.pem -out moonCert.pem -notext -config openssl.cnf -extensions host_ext < yy.txt
winnetou::scp /etc/openssl/moonCert.pem moon:/etc/ipsec.d/certs/
carol::sleep 2
carol::ipsec start
moon::ipsec start
carol::sleep 2
carol::ipsec up home