*/
bool key_seen;
+ /**
+ * Whether to use childless IKE SA initiation
+ */
+ childless_t childless;
+
/**
* Selected connection profile
*/
.remote = this->host,
.remote_port = IKEV2_UDP_PORT,
.fragmentation = FRAGMENTATION_YES,
+ .childless = this->childless,
};
peer_cfg_create_t peer = {
.cert_policy = CERT_SEND_IF_ASKED,
}
this->child_proposals->insert_last(this->child_proposals, proposal);
break;
+ case CMD_OPT_CHILDLESS:
+ this->childless = CHILDLESS_PREFER;
+ if (arg && streq("force", arg))
+ {
+ this->childless = CHILDLESS_FORCE;
+ }
+ break;
case CMD_OPT_PROFILE:
set_profile(this, arg);
break;
.remote_ts = linked_list_create(),
.ike_proposals = linked_list_create(),
.child_proposals = linked_list_create(),
+ .childless = CHILDLESS_NEVER,
.profile = PROF_UNDEF,
);
"a single ESP proposal to offer instead of the default", {}},
{ CMD_OPT_AH_PROPOSAL, "ah-proposal", required_argument, "proposal",
"a single AH proposal to offer instead of the default", {}},
+ { CMD_OPT_CHILDLESS, "childless", optional_argument, "force",
+ "use childless IKE SA initiation if supported by the responder, ", {
+ "passing 'force' aborts if that's not the case",
+ }},
{ CMD_OPT_PROFILE, "profile", required_argument, "name",
"authentication profile to use, where name is one of:", {
" ikev2-pub, ikev2-eap, ikev2-pub-eap, ikev2-psk",
projects / thirdparty / strongswan.git / commitdiff
