Looks like the script /opt/vyatta/sbin/vpn-config.pl generate a wrong configuration options in the setup section;
In the specific the command
vpn ipsec disable-uniqreqids
add disableuniqreqids=yes to the ipsec.conf but according to the man page it should be
uniqueids = yes | no | never | replace | keep whether a particular participant ID should be kept unique, with any new IKE_SA using an ID deemed to replace all old ones using that ID. Participant IDs normally are unique, so a new IKE_SA using the same ID is almost invariably intended to replace an old one. The difference between no and never is that the daemon will replace old IKE_SAs when receiving an INITIAL_CONTACT notify if the option is no but will ignore these notifies if never is configured. The daemon also accepts the value replace which is identical to yes and the value keep to reject new IKE_SA setups and keep the duplicate established earlier.
I suppose the problem is here
/opt/vyatta/sbin/vpn-config.pl
# Set plutoopts: # Disable uniqreqids? # if ($vcVPN->exists('ipsec disable-uniqreqids')) { $genout .= "\tdisableuniqreqids=yes\n"; }