It makes sense to omit INITIAL_CONTACT if don't have a unique policy,
as a client might want to connect from different devices to the same
account.
This reverts commit
719c33b41a1f9fe9b2585df3e7aa804a760c361c.
xcbc algorithms.
- The IKEv2 daemon supports the INITIAL_CONTACT notify as initiator and
- responder.
+ responder. The notify is sent when initiating configurations with a unique
+ policy, set in ipsec.conf via the global 'uniqueids' option.
- The conftest conformance testing framework enables the IKEv2 stack to perform
many tests using a distinct tool and configuration frontend. Various hooks
get_reserved_id_bytes(this, id_payload);
message->add_payload(message, (payload_t*)id_payload);
- if (idr && message->get_message_id(message))
+ if (idr && message->get_message_id(message) == 1 &&
+ this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO)
{
host_t *host;