ike: Do not send initial contact only for UNIQUE_NEVER

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>

src/libcharon/sa/ikev1/tasks/main_mode.c

@@ -221,8 +221,7 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message,
 	idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE);
 	if (idr && !idr->contains_wildcards(idr))
 	{
-		if (this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO &&
-			this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER)
+		if (this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER)
 		{
 			host = this->ike_sa->get_other_host(this->ike_sa);
 			if (!charon->ike_sa_manager->has_contact(charon->ike_sa_manager,

src/libcharon/sa/ikev2/tasks/ike_auth.c

@@ -471,7 +471,6 @@ METHOD(task_t, build_i, status_t,
 
 		if (idr && !idr->contains_wildcards(idr) &&
 			message->get_message_id(message) == 1 &&
-			this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO &&
 			this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER)
 		{
 			host_t *host;

src/swanctl/swanctl.opt

@@ -216,7 +216,7 @@ connections.<conn>.unique = no
 	On initiators this setting specifies whether an INITIAL_CONTACT notify is
 	sent during IKE_AUTH if no existing connection is found with the remote
 	peer (determined by the identities of the first authentication round).
-	Only if set to _keep_ or _replace_ will the client send a notify.
+	Unless set to _never_ the client will send a notify.
 
 connections.<conn>.reauth_time = 0s
 	Time to schedule IKE reauthentication.