diff options
author | Thomas Egerer <thomas.egerer@secunet.com> | 2017-10-25 10:45:02 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-11-02 10:17:24 +0100 |
commit | 2dad2936471845695b8dc66d5aa7113ee28f0be9 (patch) | |
tree | 4daea2f757f87a4c48d9f0b81cdaa9821675c180 /src | |
parent | 6ce7ae24a4b9d95c88870245a5b6cfac2155a085 (diff) | |
download | strongswan-2dad2936471845695b8dc66d5aa7113ee28f0be9.tar.bz2 strongswan-2dad2936471845695b8dc66d5aa7113ee28f0be9.tar.xz |
ike: Do not send initial contact only for UNIQUE_NEVER
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/libcharon/sa/ikev1/tasks/main_mode.c | 3 | ||||
-rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_auth.c | 1 | ||||
-rw-r--r-- | src/swanctl/swanctl.opt | 2 |
3 files changed, 2 insertions, 4 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 628ea0de8..4c16adba3 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -221,8 +221,7 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE); if (idr && !idr->contains_wildcards(idr)) { - if (this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO && - this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER) + if (this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER) { host = this->ike_sa->get_other_host(this->ike_sa); if (!charon->ike_sa_manager->has_contact(charon->ike_sa_manager, diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 53daaf2ad..aeaa701c9 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -471,7 +471,6 @@ METHOD(task_t, build_i, status_t, if (idr && !idr->contains_wildcards(idr) && message->get_message_id(message) == 1 && - this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO && this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER) { host_t *host; diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index ac0c2dd58..e5dbc921c 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -216,7 +216,7 @@ connections.<conn>.unique = no On initiators this setting specifies whether an INITIAL_CONTACT notify is sent during IKE_AUTH if no existing connection is found with the remote peer (determined by the identities of the first authentication round). - Only if set to _keep_ or _replace_ will the client send a notify. + Unless set to _never_ the client will send a notify. connections.<conn>.reauth_time = 0s Time to schedule IKE reauthentication. |