interfaces="~[virtual=physical] ..."
interfaces=%defaultroute
From the ipsec.conf manpage:
virtual and physical interfaces for IPsec to use: a sin- gle virtual=physical pair, a (quoted!) list of pairs sep- arated by white space, or %none. One of the pairs may be written as %defaultroute, which means: find the interface d that the default route points to, and then act as if the value was ``ipsec0=d''. %defaultroute is the default; %none must be used to denote no interfaces. If %defaultroute is used (implicitly or explicitly) informa- tion about the default route and its interface is noted for use by ipsec_manual(8) and ipsec_auto(8)..)
If you specify more than one interface the %defaultroute value for the leftnexthop/rightnexthop may not behave as you would expect. Entering the default route manually (numerically or FQDN) may solve this.
