Confirm that there is no INITIAL_CONTACT in IKE_AUTH response
In RFC 7296 (https://www.rfc-editor.org/rfc/rfc7296.txt), chapter 2.4. State Synchronization and Connection Timeouts,
The INITIAL_CONTACT notification, if sent, MUST be in the first IKE_AUTH request or response
I＇m trying to build the scenario for INITIAL_CONTACT in response as following:
1. build connection between local and remote peer;
2. kill local ipsec service forcelly (kill -kill start&charon pid), there is still IKE_SA and IPsec_SA in remote peer;
3. start ipsec in local peer manually, there is no SAs locally;
4. initiate connect from remote peer by command "ipsec up connection_name", local ipsec service does not send INITIAL_CONTACT and remote peer has two pairs SAs.
I also checked code, INITIAL_CONTACT is only added as payload in function build_i ike_auth.c.
Could you confirm my statement is correct or not?
If not correct, please guide how to config or build the scenario for INITIAL_CONTACT via IKE_AUTH response.