pfSense

I was trying to Configure a new Site to Site IPsec tunnel.
We already have 3 Sites, with lots of Child SA's, in our pfsense and this will be number 4.
The other (older) Connections / Sites work well (2x XG-7100 1U, 1xSG-1100)

After Configure everything as usual the following happend:
Traffic from Site A (debian10,strongswan 5.7.2) to Site B (pfsense+ on XG-7100 1U v2.5.1) don't work until.
Site B sends traffic to Site A.
DPD is enabled on Both Sites.
I also have Configured the keep-alive setting: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/keep-alive.html to Child SA / P2.

But it don't work very well, after some debuging i found this:
https://forum.netgate.com/topic/85691/ipsec-ping-host-for-keepalive-doesn-t-work/2

Witch brought me to ping_hosts.sh:
When i use ping_hosts.sh from CLI it runs like 9 to 10 minutes!

Investigating ping_hosts.sh brought me to /var/db/ipsecpinghosts with 31 entries in my case (4 Sites).
24 IP's in this entries don't exists (DOKU: It does not have to reply or even exist)

If i understand ping_hosts.sh correct a entry like this '192.168.0.1|192.168.68.254|3|||||6|' in /var/db/ipsecpinghosts
Means: ping from 192.168.0.1 to 192.168.68.254 3 times with 6sec timeout?
This will result in 6s timeout x 3 times x 24 entries = 432 sec | 7,2 minutes for all my non-existent keep-alive ip's

Dos thins mean the pfsense only send Traffic every 12 minutes (minicron 240 ping_hosts.sh[10+ min for ping_hosts.sh in my case] ) to Site A?

If i reconfigure and use only existing keep-alive IP's in Child SA's.
The ping_hosts.sh run in about one an a half minute and my tunnels are (more) stable.

But even this is not enough. After some Testing ist looks like i need to Configure, to send Traffic every 30 seconds for a stable Tunnel.

Is there a way to Configure The keep-alive Traffic on a per Connection and Child SA base like:
default 240s
CON1 - P2 net1: every 30s
CON1 - P2 net2: every 30s
CON2 - P2 net1: default
CON2 - P2 net2: default