From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 18 Jul 2014 14:05:47 +0000 (+0200)
Subject: swanctl: Document how connections.*.unique affects initiators
X-Git-Tag: 5.2.1dr1~86
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a59fa6467b0e600cfce1319f8dcd474aec84c86;p=thirdparty%2Fstrongswan.git

swanctl: Document how connections.*.unique affects initiators
---

diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index 5e38a6673f..f1e47a9e4b 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -194,6 +194,11 @@ connections.<conn>.unique = no
 	EAP or XAuth authentication is involved, the EAP-Identity or XAuth username
 	is used to enforce the uniqueness policy instead.
 
+	On initiators this setting specifies whether an INITIAL_CONTACT notify is
+	sent during IKE_AUTH if no existing connection is found with the remote
+	peer (determined by the identities of the first authentication round).
+	Only if set to _keep_ or _replace_ will the client send a notify.
+
 connections.<conn>.reauth_time = 0s
 	Time to schedule IKE reauthentication.