In rewritten IPSec implementation missed `lifetime options for IKE and ESP
From strongswan documentation, it a bit modified and should be:
ipsec.conf (old)
ikelifetime=3h (strongswan default)
strongswan.conf
connections.<conn>.rekey_time=170m (default: 4h) connections.<conn>.over_time=10m (default: 10% of rekey_time) see ExpiryRekey for details
By default, it adds about 10% to rekey_time, so with defined rekey_time=3600s we can see in ISAKMP value 3960
ESP phase2:
ipsec.conf (old)
lifetime=1h (strongswan default)
strongswan.conf
connections.<conn>.children.<child>.life_time=1h (strongswan default: 110% * rekey_time) but configuring connections.<conn>.children.<child>.rekey_time (default: 1h, so setting life_time to 1h without changing this, will disable rekeying) instead is preferred, see below and ExpiryRekey for details
https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey