How to set the remote host to a domain name with dynamic IP in *swan client?

I am now setting a vpn client for my university's own L2TP/IPSec VPN network, using both openswan, libreswan and strongswan (for different distros). Here is the problem: The remote site (VPN server) is a domain name (say xxx.com) with multiple IP addresses (say 123.123.123.100-123.123.123.103). In this case, how should I set the conn part? I have tried something like: conn university ... left=%defaultroute right=xxx.com ... auto=route Which seems not working, since when *swan start, it parses xxx.com and setup the route by the IP returned by the DNS request (say 123.123.123.100). Then when I make a connection to xxx.com, it may parse the domain again and get a different IP (say 123.123.123.101), and the connection will not go through *swan. I have also tried the rightsubnet option, but I don't know what should be the right option. If I just use %any, *swan will give some error like No route to destination (something like that, cannot remember) and refuse to add the conn. Now my workaround is: conn university0 right=123.123.123.100 also=university auto=route conn university1 right=123.123.123.101 also=university auto=route conn university2 right=123.123.123.102 also=university auto=route conn university3 right=123.123.123.103 also=university auto=route conn university4 right=123.123.123.104 also=university auto=route conn university left=%defaultroute ... ...which works, but seems ugly and non-scalable. In the past, when I use racoon, I can use the setkey command to modify the SPD directly, so I can set policies for the corresponding IPs directly. I think this case is common and there will be a solution designed for this case in *swan. Anyone can help?