conn clear
	type=passthrough
	authby=never
	left=%defaultroute
	right=%group
	auto=ondemand

conn oe-base-server
	type=tunnel
	retransmit-interval=15000 # slow retransmits
	# right
	rightid=%fromcert
        rightrsasigkey=%cert
	right=%opportunisticgroup
	rightauth=rsasig
	# left
	leftid=%null
	left=%defaultroute
	leftauth=null

conn clear-or-private
	also=oe-base-server
	failureshunt=passthrough
	negotiationshunt=passthrough
	auto=add

conn private-or-clear
	also=oe-base-server
	failureshunt=passthrough
	negotiationshunt=passthrough
	auto=ondemand

conn private
	also=oe-base-server
	failureshunt=drop
	negotiationshunt=drop
	auto=ondemand

conn block
	type=reject
	authby=never
	left=%defaultroute
	right=%group
	auto=ondemand

# conn packetdefault is no longer used
include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common