strongSwan

I have a server running Debian 9 and strongSwan 5.5.1. My Client is a Raspberry Pi running Raspbian 9 and strongSwan 5.5.1.

The server has an official IP address (94.x.y.z). The Raspi is on a private network where it uses 192.168.1.11. This private network is connected to the internet through a NAT dial-up router that gets disconnected for some minutes every night and then gets a new IP address. Don't ask, it is like it is. I have edited the dial-up routers IP address to 95.x.y.z before the disconnection and to 96.x.y.z after the reconnect.

The client gets a fixed private address 172.29.254.1 from the server, so the "pool size" is 1.

About once a week the client has problems to reconnect after the disconnection. In the server log I see:

peer requested virtual IP 172.29.254.1
pool '172.29.254.1' is full, unable to assign address
no virtual IP found for 172.29.254.1 requested by 'raspi'
no virtual IP found, sending INTERNAL_ADDRESS_FAILURE
looking for a child config for 94.x.y.z/32 === 0.0.0.0/0
proposing traffic selectors for us:
 94.x.y.z/32
proposing traffic selectors for other:
 dynamic
[…]
configuration payload negotiation failed, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA
generating IKE_AUTH response 5 [ AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(INT_ADDR_FAIL) ]

and only after a while:

lease 172.29.254.1 by 'raspi' went offline

while the client logs:

received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA

So basically, the server did not free the lease from the "pool" yet, refuses to assign another virtual IP because the "pool" is full and no Child SA is established.

After that they keep happily sending DPD requests and keep alive packets to each other but make no attempts to establish a new child SA. Shouldn't the server drop the IKE SA in this case? Or do I have a configuration issue?