I've got complaints from a client with 500+ MXes but some of them (about randomly 10 of them every day) have their tunnels down in the morning whereas they are working fine the day before.
Our customer solve the problem 2 ways :
Reboot the MX remotely
Reboot the ISP router
Then after that the tunnels are back to up status and working.
I found something interesting. The public IP of the MX mismatch with the public IP advertised to the VPN registry by the MX (in fact, the advertised IP is the former public IP because it changes every 24hrs, not a static one assigned to customer).
Note : the remote MX has a private IP, ISP devices perform NAT.
Did you have the same behavior ? How to avoid our customer to ask every day on site people to physically reboot equipment ?