A good system administrator usually uses separate IP addresses for separate services. When a service, such as a web server, mail server, or DNS server, is moved to another physical computer, the IP address moves along with it, and the transition happens smoothly without interruption. There are of course many other reasons why a server can have more than one IP address, but nevertheless many hosts on the Internet have multiple IP addresses.
Sometimes it can be desirable to exclude some IP addresses from OE, but to enable OE for the other IP addresses. For instance, a very busy DNS server may not have the resources to initiate OE for all incoming requests, but if that same server is an email server, you might wish to protect all outgoing SMTP connections using OE. This can be done, using the (old-style) IP aliases. The following is an example configuration for such a scenario:
config setup interfaces="ipsec0=eth0 ipsec1=eth0:2 ipsec2=eth0:3" conn eth0_2-to-anyone ...