From 983a5e88d330e28ec6b9726a365e372d3461141f Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 13 Jan 2011 10:50:46 +0100 Subject: [PATCH] Revert "Send INITIAL_CONTACT even if we have a unique policy" It makes sense to omit INITIAL_CONTACT if don't have a unique policy, as a client might want to connect from different devices to the same account. This reverts commit 719c33b41a1f9fe9b2585df3e7aa804a760c361c. --- NEWS | 3 ++- src/libcharon/sa/tasks/ike_auth.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index e8c050a57..fbae771cb 100644 --- a/NEWS +++ b/NEWS @@ -42,7 +42,8 @@ strongswan-4.5.1 xcbc algorithms. - The IKEv2 daemon supports the INITIAL_CONTACT notify as initiator and - responder. + responder. The notify is sent when initiating configurations with a unique + policy, set in ipsec.conf via the global 'uniqueids' option. - The conftest conformance testing framework enables the IKEv2 stack to perform many tests using a distinct tool and configuration frontend. Various hooks diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c index e48916eb2..178989a0a 100644 --- a/src/libcharon/sa/tasks/ike_auth.c +++ b/src/libcharon/sa/tasks/ike_auth.c @@ -429,7 +429,8 @@ static status_t build_i(private_ike_auth_t *this, message_t *message) get_reserved_id_bytes(this, id_payload); message->add_payload(message, (payload_t*)id_payload); - if (idr && message->get_message_id(message)) + if (idr && message->get_message_id(message) == 1 && + this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO) { host_t *host;