ТУННЕЛЬ, dpdaction = перезагрузка

Question

привет, у меня есть проблема в моем туннеле vpn strongswam. У меня есть конфигурация фазы 1 и 2, но работает только 1 ....................... .................................................. .................................................. .................................................. .................................................. .................................................. .................................................. .................................................. ................................................

nano /etc/ipsec.conf

  config setup
  charondebug="all"
   uniqueids=yes

conn yyy-to-xxx
authby=secret
left=10.12.0.8
leftid=30.71.172.92
leftsourceip=%config
leftsubnet=10.12.0.8/32
right=40.204.128.170
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
# pfs=no
aggressive=no
keyingtries=0
keyexchange=ikev1
ikelifetime=1h
lifetime=24h
dpddelay=30
dpdtimeout=120
dpdaction=restart
type=tunnel
auto=start
conn add_xxx_sub0
also=yyy-to-xxx
right=40.204.152.238
rightsubnet=40.204.152.238/32[%any/10501]
leftsubnet=10.12.0.8/32
auto=start

ipse c status

 Security Associations (1 up, 0 connecting):
  yyy-to-xxx[51]: ESTABLISHED 14 seconds ago, 10.12.0.8[30.71.172.92]...40.204.128.170[40.204.128.170]

ipse c statusall

  Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.0.0-1034-gcp, x86_64):
  uptime: 17 minutes, since Apr 17 16:40:58 2020
  malloc: sbrk 1622016, mmap 0, used 823744, free 798272
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 112
  loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation 
  constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc 
  hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth- 
  generic counters
  Listening IP addresses:
  10.12.0.8
  Connections:
  yyy-to-xxxx: 10.12.0.8...40.204.128.170 IKEv1, dpddelay=30s
  yyy-to-xxx: local: [30.71.172.92] uses pre-shared key authentication
  yyy-to-xxx: remote: [40.204.128.170] uses pre-shared key authentication
  yyy-to-xxx: child: 10.12.0.8/32 === dynamic TUNNEL, dpdaction=restart
  add_xxx_sub0: child: 10.12.0.8/32 === 40.204.152.238/32[10501] TUNNEL, dpdaction=restart
  add_xxx_sub1: child: 10.12.0.8/32 === 40.204.152.232/32[8001] TUNNEL, dpdaction=restart
  add_xxx_sub2: child: 10.12.0.8/32 === dynamic TUNNEL, dpdaction=restart
  Security Associations (1 up, 0 connecting):
  yyy-to-xxx[54]: ESTABLISHED 7 seconds ago, 
  10.128.0.8[30.71.172.92]...40.204.128.170[40.204.128.170]
  yyy-to-xxx[54]: IKEv1 SPIs: e5f0058cab84984d_i* 123b59c38f1bb2fa_r, pre-shared key reauthentication 
  in 46 minutes
  yyy-to-xxx[54]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  yyy-to-xxx[54]: Tasks queued: QUICK_MODE QUICK_MODE QUICK_MODE QUICK_MODE
  yyy-to-xxx[54]: Tasks active: MODE_CONFIG