From feda4a3d37728bc84f12a95f86f034cf835e6919 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 1 Jul 2020 13:49:58 +0200
Subject: [PATCH] vici: With start_action=start, terminate IKE_SA without
 children on unload

This includes IKE_SAs in CONNECTING state, which not yet have any
CHILD_SAs.

Closes strongswan/strongswan#175.
---
 src/libcharon/plugins/vici/vici_config.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 3ce1e3619..1eb7a24cd 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -2202,9 +2202,9 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
 				}
 				children->destroy(children);
 
-				if (id && !others)
+				if (!ike_sa->get_child_count(ike_sa) || (id && !others))
 				{
-					/* found matching children only, delete full IKE_SA */
+					/* found no children or only matching, delete IKE_SA */
 					id = ike_sa->get_unique_id(ike_sa);
 					array_insert_create_value(&ikeids, sizeof(id),
 											  ARRAY_TAIL, &id);