config setup
	protostack=netkey
	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!${H2-subnet}
	oe=off

conn %default
	auto=route
	leftnexthop=%defaultroute
	rightnexthop=%defaultroute
	forceencaps=yes

conn H2-to-H1
	authby=secret
	left=${H2-public-ip}
	leftsubnet=${H2-subnet}
	leftsourceip=${H2-private-ip}
	right=${H1-public-ip}
	rightid=${H1-nat-ip}
	rightsubnet=${H1-subnet}
	rightsourceip=${H1-subnet-ip}
	ike=aes256-sha1-modp1024
	phase2=esp
	phase2alg=aes256-sha1;modp1024
	ikelifetime=24h
	lifetime=24h
	type=tunnel