conn clear-or-private
	leftid=%fromcert
	leftrsasigkey=%cert
	# name of your generated letsencrypt certificate e.g. letsencrypt.libreswan.org
	leftcert=YourServerDNSName
	leftauth=rsasig
	left=%defaultroute
	#leftmodecfgclient=yes
	#
	rightid=%null
	rightauth=null
	right=%opportunisticgroup
	#
	negotiationshunt=passthrough
	failureshunt=passthrough
	type=tunnel
	ikev2=insist
	sendca=issuer
	auto=add
	#
	rightaddresspool=100.64.0.1-100.64.255.254
	rightmodecfgclient=yes