conn clear
        type=passthrough
        authby=never
        left=%defaultroute
        right=%group
        auto=ondemand


conn oe-base-server
	retransmit-interval=15000 # slow retransmits
	type=tunnel
	narrowing=yes
	# left
	leftcert=east
	left=%defaultroute
	leftid=%fromcert
        leftrsasigkey=%cert
	leftmodecfgclient=yes
	leftcat=yes
	# right
	rightrsasigkey=%cert
	rightid=%fromcert
	right=%opportunisticgroup
	rightaddresspool=10.0.10.1-10.0.10.200

conn clear-or-private
	also=oe-base-server
	failureshunt=passthrough
	negotiationshunt=passthrough
	auto=add

conn private-or-clear
	also=oe-base-server
	failureshunt=passthrough
	negotiationshunt=passthrough
	auto=ondemand

conn private
	also=oe-base-server
	failureshunt=drop
	negotiationshunt=drop
	auto=ondemand

conn block
        type=reject
        authby=never
        left=%defaultroute
        right=%group
        auto=ondemand