Somehow working:

forecast {

    # Multicast groups to join locally, allowing forwarding of them.
    groups = 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250

    # Local interface to listen for broadcasts to forward.
    interface = BRIDGE_LAN

    # Whether to load the plugin. Can also be an integer to increase the
    # priority of this plugin.
    load = yes

    # CHILD_SA configurations names to perform multi/broadcast reinjection.
    # reinject = mobile,linux

}

connections {

   linux {
      local_addrs  = 192.168.3.253
      remote_addrs = darkrealm.dyndns.org
      keyingtries = 0
      
      local {
         auth = pubkey
         certs = neorealm.crt
      }
      remote {
         auth = pubkey
	 certs = darkrealm.crt
      }
      children {
         linux {
            local_ts  = 192.168.2.0/24,192.168.3.0/24,224.0.0.0/4,fd00:ffff:bbbb::/64,ff00::/8 
            remote_ts = 192.168.0.0/24,192.168.1.0/24,224.0.0.0/4,fd00:ffff:aaaa::/64,ff00::/8 
            mark_in  = %unique
            mark_out = %unique
	    ipcomp = yes
	    start_action = trap
	    close_action = trap
	    dpd_action = trap
	    
	    }
      		}
      }
}