conn private-or-clear
	rightauth=rsasig
	right=%opportunisticgroup
	rightrsasigkey=%dnsondemand
	left=%defaultroute
	leftid=%null
	leftauth=null
	leftmodecfgclient=yes
	leftcat=yes
	narrowing=yes
	negotiationshunt=passthrough
	failureshunt=passthrough
	type=tunnel
	ikev2=insist
	auto=ondemand
	keyingtries=1
	retransmit-timeout=2s


conn block
        type=reject
        # temp workaround
        #authby=never
        authby=null
        leftid=%null
        rightid=%null
        left=%defaultroute
        right=%group
        auto=route