Use childless IKE_SA initiation (allow, prefer, force or never).
Use childless IKE_SA initiation (RFC 6023) for IKEv2, with the first CHILD_SA created with a separate CREATE_CHILD_SA exchange (e.g. to use an independent DH exchange for all CHILD_SAs). Acceptable values are allow (the default), prefer, force and never. If set to allow, responders will accept childless IKE_SAs (as indicated via notify in the IKE_SA_INIT response) while initiators continue to create regular IKE_SAs with the first CHILD_SA created during IKE_AUTH, unless the IKE_SA is initiated explicitly without any children (which will fail if the responder does not support or has disabled this extension). The effect of prefer is the same as allow on responders, but as initiator a childless IKE_SA is initiated if the responder supports it. If set to force, only childless initiation is accepted in either role. Finally, setting the option to never disables support for childless IKE_SAs as responder.
StrongSwan default: "allow"
null or one of "allow", "prefer", "force", "never"null