From 09ec0650b064e1c69097d832d7824db21c2ebd51 Mon Sep 17 00:00:00 2001
From: TC1977 <37350377+TC1977@users.noreply.github.com>
Date: Tue, 20 Nov 2018 11:34:46 -0500
Subject: [PATCH] Update ipsec.conf.j2

Enable rekey=yes, change to reauth=no, specify SA lifetime and IKE_SA lifetimes to 2h and 12h (previously 20min as per mobileconfig).
---
 roles/vpn/templates/ipsec.conf.j2 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/vpn/templates/ipsec.conf.j2 b/roles/vpn/templates/ipsec.conf.j2
index 086e18af..6a1e7986 100644
--- a/roles/vpn/templates/ipsec.conf.j2
+++ b/roles/vpn/templates/ipsec.conf.j2
@@ -4,11 +4,14 @@ config setup
 
 conn %default
     fragmentation=yes
-    rekey=no
+    rekey=yes
+    reauth=no
     dpdaction=clear
     keyexchange=ikev2
     compress=yes
     dpddelay=35s
+    lifetime=2h
+    ikelifetime=12h
 
 {% if algo_windows %}
     ike={{ ciphers.compat.ike }}