Hi, Combining reauthentication with closeaction=restart is a bad idea. Note that reauth=no does not disable reauthentication if the other peer has reauth=yes configured, see [1]. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey#IKEv2-Responder-Behavior