diff --git a/roles/strongswan/templates/ipsec.conf.j2 b/roles/strongswan/templates/ipsec.conf.j2
index 68fa3464..4f515dd8 100644
--- a/roles/strongswan/templates/ipsec.conf.j2
+++ b/roles/strongswan/templates/ipsec.conf.j2
@@ -4,11 +4,14 @@ config setup
 
 conn %default
     fragmentation=yes
-    rekey=no
+    rekey=yes
+    reauth=no
     dpdaction=clear
     keyexchange=ikev2
     compress=yes
     dpddelay=35s
+    lifetime=3h
+    ikelifetime=12h
 
 {% if algo_windows %}
     ike={{ ciphers.compat.ike }}