Hello,
in the OPNsense GUI we have:
Start, Clear, Trap for DPD Action, Start sets:
/usr/local/etc/swanctl/swanctl.conf
dpd_action = start
But this is not a valid option for dpd_action, it the documentation ist correct:
https://docs.strongswan.org/docs/latest/swanctl/swanctlConf.html
Action to perform for this CHILD_SA on DPD timeout. The default clear closes the CHILD_SA and does not take further action. trap installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand (note that this is redundant if start_action includes trap. restart immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA.
So it should be changed to restart?