Describe leftnexthop here.
Only one side nexthop is needed (the local side). This tells ipsec which local interface to bind to. This option is not needed if left/right is set to %defaultroute.
PLEASE! Somebody write down here how this key works.
If the gateway is directly connected to the connecting host (the routing should not go through the default gateway), then %direct should be specified. This is common with wireless routing (the network is not trusted).
If your default route is not a single host, you may find leftnexthop cannot express it. Fortunately, you can customize the route management script; see leftupdown.
For me, leftnexthop was simply the gateway address of my provider. That is, the cable modem dhcp handed me 66.23.33.55 with a gateway of 66.23.33.1, so my leftnexthop was 66.23.33.1
