Multiple IKE SAs with Strongswan VPN

I have a VPN between one server (Debian 10, Strongswan 5.7.2) and a partner server (Stormshield SN510). All run fine, my others servers can reach the partner one on HTTPS via the VPN.

But IKE SAs stay actives, until I have 70 of them and the partner VPN endpoint have problems to handle them.

For example, a small subset (I removed every IP on purpose)

root@ipsec1:/etc# sudo swanctl -l
partner: #1837, ESTABLISHED, IKEv2
  established 669s ago, reauth in 19183s
  partner-phase2: #2629, reqid 26, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128
    installed 669s ago, rekeying in 1990s, expires in 2931s
    in  cd63b8c2,      0 bytes,     0 packets
    out cacc8158,      0 bytes,     0 packets
  partner-phase2: #2630, reqid 26, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128
    installed 669s ago, rekeying in 2087s, expires in 2931s
    in  c859fcff,      0 bytes,     0 packets
    out c2e8b52a,      0 bytes,     0 packets
  partner-phase2: #2631, reqid 26, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128
    installed 669s ago, rekeying in 1853s, expires in 2932s
    in  cb8845a0,      0 bytes,     0 packets
    out c3507f7a,      0 bytes,     0 packets
  partner-phase2: #2632, reqid 26, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128
    installed 668s ago, rekeying in 2188s, expires in 2932s
    in  c281ec0f,      0 bytes,     0 packets
    out c290fff2,      0 bytes,     0 packets
  partner-phase2: #2633, reqid 26, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128
    installed 668s ago, rekeying in 1913s, expires in 2932s
    in  c73a42eb,      0 bytes,     0 packets
    out ca21c339,      0 bytes,     0 packets

Here is the configuration file

conn partner
        auto=start
        authby=secret
        keyexchange=ikev2
        ike=aes256-sha2_256-modp3072
        left=xx.xx.xx.xx
        leftid=xx.xx.xx.xx
        right=xx.xx.xx.xx
        rightid=xx.xx.xx.xx
        ikelifetime=21600s
        aggressive=no
        dpdtimeout=120s
        dpddelay=30s
        dpdaction=restart
        
conn partner-phase2
        also=partner
        type=tunnel
        esp=aes256-sha2_256-modp3072
        compress=no
        leftsubnet=xx.xx.xx.xx/32,xx.xx.xx.xx/32,xx.xx.xx.xx/32
        rightsubnet=xx.xx.xx.xx/24
        lifetime=3600s

Extract from charon.log

[2021-11-25 10:22:57] 06[IKE] <partner|1837>   activating CHILD_REKEY task
[2021-11-25 10:22:57] 06[IKE] <partner|1837> establishing CHILD_SA partner-phase2{2675} reqid 26
[2021-11-25 10:22:57] 06[ENC] <partner|1837> generating CREATE_CHILD_SA request 80 [ N(REKEY_SA) SA No KE TSi TSr ]
[2021-11-25 10:22:57] 06[NET] <partner|1837> sending packet: from xx.xx.xx.xx[4500] to xx.xx.xx.xx[4500] (736 bytes)
[2021-11-25 10:22:58] 16[NET] <partner|1837> received packet: from xx.xx.xx.xx[4500] to xx.xx.xx.xx[4500] (208 bytes)
[2021-11-25 10:22:58] 16[ENC] <partner|1837> parsed CREATE_CHILD_SA response 80 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
[2021-11-25 10:22:58] 16[IKE] <partner|1837> received ESP_TFC_PADDING_NOT_SUPPORTED notify
[2021-11-25 10:22:58] 16[IKE] <partner|1837> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
[2021-11-25 10:22:58] 16[CFG] <partner|1837> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
[2021-11-25 10:22:58] 16[IKE] <partner|1837> ignoring KE exchange, agreed on a non-PFS proposal
[2021-11-25 10:22:58] 16[IKE] <partner|1837> inbound CHILD_SA partner-phase2{2675} established with SPIs cede52fe_i c22f460a_o and TS xx.xx.xx.xx/32 === xx.xx.xx.xx/24
[2021-11-25 10:22:58] 16[IKE] <partner|1837> outbound CHILD_SA partner-phase2{2675} established with SPIs cede52fe_i c22f460a_o and TS xx.xx.xx.xx/32 === xx.xx.xx.xx/24
[2021-11-25 10:22:58] 16[IKE] <partner|1837> reinitiating already active tasks
[2021-11-25 10:22:58] 16[IKE] <partner|1837>   CHILD_REKEY task
[2021-11-25 10:22:58] 16[IKE] <partner|1837> closing CHILD_SA partner-phase2{2641} with SPIs c48f9704_i (0 bytes) c8d17eb6_o (0 bytes) and TS xx.xx.xx.xx/32 === xx.xx.xx.xx/24
[2021-11-25 10:22:58] 16[IKE] <partner|1837> sending DELETE for ESP CHILD_SA with SPI c48f9704
[2021-11-25 10:22:58] 16[ENC] <partner|1837> generating INFORMATIONAL request 81 [ D ]
[2021-11-25 10:22:58] 16[NET] <partner|1837> sending packet: from xx.xx.xx.xx[4500] to xx.xx.xx.xx[4500] (80 bytes)
[2021-11-25 10:22:58] 07[NET] <partner|1837> received packet: from xx.xx.xx.xx[4500] to xx.xx.xx.xx[4500] (80 bytes)
[2021-11-25 10:22:58] 07[ENC] <partner|1837> parsed INFORMATIONAL response 81 [ D ]
[2021-11-25 10:22:58] 07[IKE] <partner|1837> received DELETE for ESP CHILD_SA with SPI c8d17eb6
[2021-11-25 10:22:58] 07[IKE] <partner|1837> CHILD_SA closed
[2021-11-25 10:22:58] 07[IKE] <partner|1837> activating new tasks
[2021-11-25 10:22:58] 07[IKE] <partner|1837> nothing to initiate