ERX IPSec disconnecting approx. every 2 minutes

Hello,

I migrated from ERLite to ERX and found out that my IPSec tunnels are re-connecting approx. every two minutes.

This is what I see in the charon.log, only messages about creating acquire job and creating delete job:

root@erx:/var/log# cat charon.log | grep "Nov 29"
Nov 29 11:34:02 08[KNL] creating acquire job for policy 1.1.1.1/32[icmp/8] === 2.2.2.2/32[icmp/8] with reqid {1}
Nov 29 11:34:03 09[IKE] <peer-PUBLIC_IP1-tunnel-1|11> CHILD_SA peer-PUBLIC_IP1-tunnel-4{4} established with SPIs c729a287_i 1dd744d2_o and TS 3.3.3.101/32 === 2.2.2.0/24 
Nov 29 11:34:03 13[IKE] <peer-PUBLIC_IP1-tunnel-1|11> CHILD_SA peer-PUBLIC_IP1-tunnel-2{2} established with SPIs c1f0c5ca_i 8ddcffbe_o and TS 1.1.1.97/32 === 2.2.2.0/24 
Nov 29 11:34:10 12[IKE] <peer-PUBLIC_IP1-tunnel-1|11> CHILD_SA peer-PUBLIC_IP1-tunnel-3{3} established with SPIs c678afc2_i bd4b6d8e_o and TS 3.3.3.100/32 === 2.2.2.0/24 
Nov 29 11:34:30 04[IKE] <peer-PUBLIC_IP1-tunnel-1|11> CHILD_SA peer-PUBLIC_IP1-tunnel-1{1} established with SPIs cdc30fe0_i 85d2e72b_o and TS 1.1.1.1/32 === 2.2.2.0/24 
Nov 29 11:36:47 09[KNL] creating delete job for ESP CHILD_SA with SPI cf79f796 and reqid {1}
Nov 29 11:36:47 13[IKE] <peer-PUBLIC_IP1-tunnel-1|11> initiating Main Mode IKE_SA peer-PUBLIC_IP1-tunnel-1[12] to PUBLIC_IP1
Nov 29 11:36:48 15[KNL] creating acquire job for policy 1.1.1.1/32[icmp/8] === 2.2.2.2/32[icmp/8] with reqid {1}
Nov 29 11:36:50 04[IKE] <peer-PUBLIC_IP1-tunnel-1|12> IKE_SA peer-PUBLIC_IP1-tunnel-1[12] established between PUBLIC_IP2[PUBLIC_IP2]...PUBLIC_IP1[PUBLIC_IP1]
Nov 29 11:36:53 10[IKE] <peer-PUBLIC_IP1-tunnel-1|12> CHILD_SA peer-PUBLIC_IP1-tunnel-4{4} established with SPIs cddafc14_i 648f915f_o and TS 3.3.3.101/32 === 2.2.2.0/24 
Nov 29 11:36:53 09[IKE] <peer-PUBLIC_IP1-tunnel-1|12> CHILD_SA peer-PUBLIC_IP1-tunnel-2{2} established with SPIs ce84614d_i 2969d82d_o and TS 1.1.1.97/32 === 2.2.2.0/24 
Nov 29 11:37:00 10[IKE] <peer-PUBLIC_IP1-tunnel-1|12> CHILD_SA peer-PUBLIC_IP1-tunnel-3{3} established with SPIs cef38d93_i 02b8c0d1_o and TS 3.3.3.100/32 === 2.2.2.0/24 
Nov 29 11:37:20 05[IKE] <peer-PUBLIC_IP1-tunnel-1|12> CHILD_SA peer-PUBLIC_IP1-tunnel-1{1} established with SPIs cde332c9_i 0be85272_o and TS 1.1.1.1/32 === 2.2.2.0/24 
Nov 29 11:39:35 06[KNL] creating delete job for ESP CHILD_SA with SPI c422f415 and reqid {1}
Nov 29 11:39:35 11[IKE] <peer-PUBLIC_IP1-tunnel-1|12> initiating Main Mode IKE_SA peer-PUBLIC_IP1-tunnel-1[13] to PUBLIC_IP1
Nov 29 11:39:36 12[KNL] creating acquire job for policy 1.1.1.1/32[icmp/8] === 2.2.2.2/32[icmp/8] with reqid {1}
Nov 29 11:39:36 05[IKE] <peer-PUBLIC_IP1-tunnel-1|13> IKE_SA peer-PUBLIC_IP1-tunnel-1[13] established between PUBLIC_IP2[PUBLIC_IP2]...PUBLIC_IP1[PUBLIC_IP1]
Nov 29 11:39:38 14[IKE] <peer-PUBLIC_IP1-tunnel-1|13> CHILD_SA peer-PUBLIC_IP1-tunnel-4{4} established with SPIs ce66b215_i 7c01d411_o and TS 3.3.3.101/32 === 2.2.2.0/24 
Nov 29 11:39:38 08[IKE] <peer-PUBLIC_IP1-tunnel-1|13> CHILD_SA peer-PUBLIC_IP1-tunnel-2{2} established with SPIs c545cb86_i 0dfec155_o and TS 1.1.1.97/32 === 2.2.2.0/24 
Nov 29 11:39:45 04[IKE] <peer-PUBLIC_IP1-tunnel-1|13> CHILD_SA peer-PUBLIC_IP1-tunnel-3{3} established with SPIs c6bb3f60_i 0f057e68_o and TS 3.3.3.100/32 === 2.2.2.0/24 
Nov 29 11:40:05 12[IKE] <peer-PUBLIC_IP1-tunnel-1|13> CHILD_SA peer-PUBLIC_IP1-tunnel-1{1} established with SPIs c5ec997a_i af0466b0_o and TS 1.1.1.1/32 === 2.2.2.0/24 
Nov 29 11:42:21 08[KNL] creating delete job for ESP CHILD_SA with SPI cabb7995 and reqid {1}
Nov 29 11:42:21 10[IKE] <peer-PUBLIC_IP1-tunnel-1|13> initiating Main Mode IKE_SA peer-PUBLIC_IP1-tunnel-1[14] to PUBLIC_IP1
Nov 29 11:42:22 09[KNL] creating acquire job for policy 1.1.1.1/32[icmp/8] === 2.2.2.2/32[icmp/8] with reqid {1}
Nov 29 11:42:24 15[IKE] <peer-PUBLIC_IP1-tunnel-1|14> IKE_SA peer-PUBLIC_IP1-tunnel-1[14] established between PUBLIC_IP2[PUBLIC_IP2]...PUBLIC_IP1[PUBLIC_IP1]
Nov 29 11:42:28 10[IKE] <peer-PUBLIC_IP1-tunnel-1|14> CHILD_SA peer-PUBLIC_IP1-tunnel-4{4} established with SPIs ca2c7250_i 7c2954cf_o and TS 3.3.3.101/32 === 2.2.2.0/24 
Nov 29 11:42:28 11[IKE] <peer-PUBLIC_IP1-tunnel-1|14> CHILD_SA peer-PUBLIC_IP1-tunnel-2{2} established with SPIs c7122a68_i b16c74b2_o and TS 1.1.1.97/32 === 2.2.2.0/24 
Nov 29 11:42:35 04[IKE] <peer-PUBLIC_IP1-tunnel-1|14> CHILD_SA peer-PUBLIC_IP1-tunnel-3{3} established with SPIs c575c3d1_i ba3327b8_o and TS 3.3.3.100/32 === 2.2.2.0/24 
Nov 29 11:42:55 09[IKE] <peer-PUBLIC_IP1-tunnel-1|14> CHILD_SA peer-PUBLIC_IP1-tunnel-1{1} established with SPIs cc691738_i 811d1985_o and TS 1.1.1.1/32 === 2.2.2.0/24 
Nov 29 11:45:09 04[KNL] creating delete job for ESP CHILD_SA with SPI cc6093b0 and reqid {1}
Nov 29 11:45:09 10[IKE] <peer-PUBLIC_IP1-tunnel-1|14> initiating Main Mode IKE_SA peer-PUBLIC_IP1-tunnel-1[15] to PUBLIC_IP1
Nov 29 11:45:09 09[IKE] <peer-PUBLIC_IP1-tunnel-1|15> IKE_SA peer-PUBLIC_IP1-tunnel-1[15] established between PUBLIC_IP2[PUBLIC_IP2]...PUBLIC_IP1[PUBLIC_IP1]
Nov 29 11:45:10 12[KNL] creating acquire job for policy 1.1.1.1/32[icmp/8] === 2.2.2.2/32[icmp/8] with reqid {1}
Nov 29 11:45:13 10[IKE] <peer-PUBLIC_IP1-tunnel-1|15> CHILD_SA peer-PUBLIC_IP1-tunnel-4{4} established with SPIs c7f2b79b_i 5102b8cd_o and TS 3.3.3.101/32 === 2.2.2.0/24 
Nov 29 11:45:14 04[IKE] <peer-PUBLIC_IP1-tunnel-1|15> CHILD_SA peer-PUBLIC_IP1-tunnel-2{2} established with SPIs c0b63ade_i 19fcc26f_o and TS 1.1.1.97/32 === 2.2.2.0/24 
Nov 29 11:45:20 07[IKE] <peer-PUBLIC_IP1-tunnel-1|15> CHILD_SA peer-PUBLIC_IP1-tunnel-3{3} established with SPIs c97d5d48_i 10111fe0_o and TS 3.3.3.100/32 === 2.2.2.0/24 
Nov 29 11:45:42 11[IKE] <peer-PUBLIC_IP1-tunnel-1|15> CHILD_SA peer-PUBLIC_IP1-tunnel-1{1} established with SPIs cadf480e_i 3b4c1985_o and TS 1.1.1.1/32 === 2.2.2.0/24 

Here is my IPSec configuration, I changed nothing and it is the same as it was on the ERLite:

[edit vpn ipsec]
ubnt@erx# show 
 auto-firewall-nat-exclude enable
 esp-group XXX-P2 {
     compression disable
     lifetime 14400
     mode tunnel
     pfs dh-group2
     proposal 1 {
         encryption aes256
         hash sha1
     }
 }
 ike-group XXX-P1 {
     ikev2-reauth no
     key-exchange ikev1
     lifetime 86400
     proposal 1 {
         dh-group 2
         encryption aes256
         hash sha1
     }
 }
 ipsec-interfaces {
     interface eth0
 }
 nat-networks {
     allowed-network 0.0.0.0/0 {
     }
 }
 nat-traversal enable
 site-to-site {
     peer PUBLIC_IP1 {
         authentication {
             mode pre-shared-secret
             pre-shared-secret secret-secret-secret
         }
         connection-type initiate
         ike-group XXX-P1
         ikev2-reauth inherit
         local-address PUBLIC_IP2
         tunnel 1 {
             allow-nat-networks disable
             allow-public-networks disable
             esp-group XXX-P2
             local {
                 prefix 1.1.1.1/32
             }
             remote {
                 prefix 2.2.2.0/24
             }
         }
         tunnel 2 {
             allow-nat-networks disable
             allow-public-networks disable
             esp-group XXX-P2
             local {
                 prefix 1.1.1.97/32
             }
             remote {
                 prefix 2.2.2.0/24
             }
         }
         tunnel 3 {
             allow-nat-networks disable
             allow-public-networks disable
             esp-group XXX-P2
             local {
                 prefix 3.3.3.100/32
             }
             remote {
                 prefix 2.2.2.0/24
             }
         }
         tunnel 4 {
             allow-nat-networks disable
             allow-public-networks disable
             esp-group XXX-P2
             local {
                 prefix 3.3.3.101/32
             }
             remote {
                 prefix 2.2.2.0/24
             }
         }
     }
 }

The situation is the same regardless the IPSec offlod is turned on or off.

Anyone facing the same issue?