I had the problem that the ipsec sa rekeying prompted by the 100’000kb traffic rule from windows 10 client resulted in no proposal chosen and then loosing sa from client to server. Only when I set the pfs group to none under proposals, rekeying worked without any problem after every 100k kb.
I dont have this problem with android strongswan client, there it works with pfs set to modp1024 but I must admit that I did not analyze the rekeying behaviour there. It just worked for hours and lots of data volume.
Anybody some idea or hints, why? Maybe I have to customize win 10 ipsec defaults but I wanted to ask here first before I delve into powershell & co