changes in IPsec config should down the connection
The fact that strongswan doesn't take down an established connection after changing the config has lead to a number of support issues and user complaints. racoon would drop any existing connections upon changing of that connection's config. Many support cases and forum threads of changes not being applied have this as the root cause. Usually either where a config mismatch was created, but not realized until hours later when the existing expires, or after having added or removed networks with IKEv2 which don't work until manually disconnecting the connection on the status page.
Just doing an 'ipsec down conX' for the connection when the config is changed will address.