conn clear
	type=passthrough
	authby=never
	left=%defaultroute
	right=%group
	auto=ondemand

conn clear-or-private
	type=tunnel
	left=%defaultroute
	authby=null
	leftid=%null
	rightid=%null
	right=%opportunisticgroup
	failureshunt=passthrough
	negotiationshunt=passthrough
	auto=add

conn private-or-clear
	type=tunnel
	left=%defaultroute
	authby=null
	leftid=%null
	rightid=%null
	right=%opportunisticgroup
	failureshunt=passthrough
	negotiationshunt=hold
	auto=ondemand
	# does not inherit from conn %default ?
        retransmit-timeout=20s
        retransmit-interval=2000


conn private
	type=tunnel
	left=%defaultroute
	leftid=%null
	rightid=%null
	right=%opportunisticgroup
	negotiationshunt=hold
	failureshunt=drop
	auto=ondemand

conn block
	type=reject
	authby=never
	left=%defaultroute
	right=%group
	auto=ondemand