Change server-side ipsec.conf settings

Switching to inline rekeying from reauthentication, and lengthening child_SA and IKE_SA lifetimes.

roles/vpn/templates/ipsec.conf.j2

@@ -4,11 +4,14 @@ config setup
 
 conn %default
     fragmentation=yes
-    rekey=no
+    rekey=yes
+    reauth=no
     dpdaction=clear
     keyexchange=ikev2
     compress=yes
     dpddelay=35s
+    lifetime=3h
+    ikelifetime=12h
 
 {% if algo_windows %}
     ike={{ ciphers.compat.ike }}