services.strongswan-swanctl.swanctl.connections.<name>.unique
Connection uniqueness policy to enforce. To avoid multiple connections from the same user, a uniqueness policy can be enforced.
- The value
neverdoes never enforce such a policy, even if a peer included INITIAL_CONTACT notification messages, - whereas
noreplaces existing connections for the same identity if a new one has the INITIAL_CONTACT notify. keeprejects new connection attempts if the same user already has an active connection,replacedeletes any existing connection if a new one for the same user gets established.
To compare connections for uniqueness, the remote IKE identity is used. If EAP or XAuth authentication is involved, the EAP-Identity or XAuth username is used to enforce the uniqueness policy instead.
On initiators this setting specifies whether an INITIAL_CONTACT notify is
sent during IKE_AUTH if no existing connection is found with the remote
peer (determined by the identities of the first authentication
round). Unless set to never the client will send a notify.
StrongSwan default: "no"
- Type
null or one of "no", "never", "keep", "replace"- Default
null- Declared
- <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>