conn %default
	auto=start
	forceencaps=yes

conn H1-to-H2
	type=tunnel
	authby=secret
	keyexchange=ikev1
	ike=aes256-sha1-modp1024
	esp=aes256-sha1-modp1024
	left=${H1-nat-ip}
	leftsubnet=${H1-subnet}
	leftsourceip=${H1-subnet-ip}
	right=${H2-public-ip}
	rightsubnet=${H2-subnet}
	rightsourceip=${H2-private-ip}