[Openswan Users] Multiple Roadwarrior Connections

[kelvin]

Multiple Roadwarrior Connections
This mechanism also allows for multiple connections. For instance, if we
want a connection from North (also on dynamic IP) to West, we could set up
the following connections:
conn west-east
left=west.testbed.xelerance.net
right=%any
rightid=@east
leftrsasigkey=0sAQQED1....
rightrsasigkey=0sAQV7yV....
auto=add
conn west-north
left=west.testbed.xelerance.net
right=%any
rightid=@north
leftrsasigkey=0sAQQED1....
rightrsasigkey=0sAQ5GP....
auto=add
Note that the rightrsasigkey= settings for these two entries are different.
The first would contain East's public RSA key, and the second connection
would contain North's public RSA key.

content above is from "publish and building vpn with openswan"
there are two connections ,the parameter "right" of which are %any.
Following are MAIN MODE OF Phase 1 exchanges with RSASIG authentication
option.

Initiator                          Responder
       -----------                        -----------
        HDR, SA                     -->
                                    <--    HDR, SA
        HDR, KE, Ni                 -->
                                    <--    HDR, KE, Nr
        HDR*, IDii, [ CERT, ] SIG_I -->
                                    <--    HDR*, IDir, [ CERT, ] SIG_R

i see that the id payload(the rightid above) is sent through the last
message, then i want to know how can the west determine which connection the
coming roadwarriors belong to when the id payload was not included in the
first message .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061123/6ded2ce2/attachment.html