Cómo configurar propuestas para la recodificación de IPSEC

Tengo una conexión VPN a través de IPSEC (strongswan) funcionando correctamente. Sin embargo, al menos una vez al día la conexión se interrumpe. Creo que tiene que ver con el cambio de claves, consulte los registros:

Aug 25 02:34:25 myserver charon: 09[KNL] creating rekey job for CHILD_SA ESP/0xcbd335d0/xxx.xxx.xxx.xxx
Aug 25 02:34:25 myserver charon: 10[IKE] establishing CHILD_SA infonline_datapool{2} reqid 1
Aug 25 02:34:25 myserver charon: 12[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
Aug 25 02:34:25 myserver charon: 12[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA
2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
Aug 25 02:34:25 myserver charon: 12[IKE] no acceptable proposal found
Aug 25 02:34:25 myserver charon: 12[IKE] failed to establish CHILD_SA, keeping IKE_SA
Aug 25 02:34:25 myserver charon: 12[IKE] sending DELETE for ESP CHILD_SA with SPI cbd2f4c3
Aug 25 02:34:25 myserver charon: 11[IKE] CHILD_SA rekeying failed, trying again in 10 seconds
Aug 25 02:34:35 myserver charon: 15[IKE] establishing CHILD_SA infonline_datapool{3} reqid 1
Aug 25 02:34:35 myserver charon: 06[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
Aug 25 02:34:35 myserver charon: 06[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA
2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
Aug 25 02:34:35 myserver charon: 06[IKE] no acceptable proposal found
Aug 25 02:34:35 myserver charon: 06[IKE] failed to establish CHILD_SA, keeping IKE_SA
Aug 25 02:34:35 myserver charon: 06[IKE] sending DELETE for ESP CHILD_SA with SPI c068db7b
Aug 25 02:34:35 myserver charon: 07[IKE] received DELETE for ESP CHILD_SA with SPI c7a90494
Aug 25 02:34:35 myserver charon: 07[IKE] closing CHILD_SA infonline_datapool{1} with SPIs cbd335d0_i (34701240 bytes) c7a90494_o (451113 bytes) and TS yyy.yyy.yyy.0/25 === 10.10.42.0/24
Aug 25 02:34:35 myserver charon: 07[IKE] sending DELETE for ESP CHILD_SA with SPI cbd335d0
Aug 25 02:34:35 myserver charon: 07[IKE] CHILD_SA closed
Aug 25 02:34:35 myserver charon: 07[IKE] detected CHILD_REKEY collision with CHILD_DELETE
Aug 25 02:34:35 myserver charon: 09[IKE] received DELETE for unknown ESP CHILD_SA with SPI 632d34ba
Aug 25 02:34:35 myserver charon: 09[IKE] CHILD_SA closed
Aug 25 02:34:35 myserver charon: 10[IKE] received DELETE for unknown ESP CHILD_SA with SPI 632d34ba
Aug 25 02:34:35 myserver charon: 10[IKE] CHILD_SA closed
Aug 25 02:34:35 myserver charon: 12[IKE] received DELETE for IKE_SA infonline_datapool[1]
Aug 25 02:34:35 myserver charon: 12[IKE] deleting IKE_SA infonline_datapool[1] between xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]...yyy.yyy.yyy.yyy[yyy.yyy.yyy.yyy]
Aug 25 02:34:35 myserver charon: 12[IKE] IKE_SA deleted

Supongo que las líneas clave aquí son:

Aug 25 02:34:25 myserver charon: 12[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
Aug 25 02:34:25 myserver charon: 12[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA
2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
Aug 25 02:34:25 myserver charon: 12[IKE] no acceptable proposal found

La configuración es

conn conn_name
    type=tunnel
    authby=secret
    left=xxx.xxx.xxx.xxx
    leftsubnet=xxx.xxx.xxx.0/25
    right=yyy.yyy.yyy.yyy
    rightsubnet=10.10.42.0/24
    ike=aes256-sha256-modp2048
    ikelifetime=86400s
    esp=aes256-sha1-modp2048
    pfs=yes
    auto=start

¿Cómo configuro la conexión para que no se rompa? (Cuando reinicio ipsec, se conecta bien).