reading the changelogs I found out, that currently Phase1 is killed and not rekeyed if mode-config is used
from changelogs of 6.40:
this is bad when you use mode-config for site-to-site tunnels like I do, as it is torn down for a noticeable amount of time every 18 hours (or whatever is set as phase 1 lifetime).*) ike1 - kill phase1 instead of rekey if "mode-config" is used;
this is especially bad if you want to connect to a dyndns peer, which is thankfully now possible via DNS named peer and mode-config, but has the aforementioned drawback.
previously I used a script to make dyndns peers work, but i wanted to change to a "scriptless" version.
Would it be possible to make this setting "editable", so the user can decide if he wants to kill or rekey phase1 after expiry (soft-/hard timeout).
That would be great.