Well, now we have more users working remotely so it will be harder to test. 
I’ll find some time in the evenings or up coming weekend. Thanks for your help. I’ll post back when I know more.
I changed reauth=no to rekey=no in ipsec.user.conf and changed the key lifetime to 1 hour to get results quickly. Will keep you posted.
I guess rekey lifetime won’t matter if rekey is set to no. So far after two hours, the connection has not been broken yet. Although it does seem a little slower than usual.
So now that we know it works with rekey=no and reauth=no, what is your suggested next step? Turn both back to yes and turn on make_before_break?
Yeah, the rekeying time is probably irrelevant when rekeying is disabled.
What do you mean slower? As in time it takes to handshake or throughput? None of that should be affected.
My suggestion would be adding an option to disable rekeying. Reauthentication is something I would probably not consider deactivating.
You can test that, but I suppose rekey=no is more effective and safe. But please let me know how make_before_break performs.
I think it was unrelated. We use a particular app over the vpn connection and the app was responding sluggishly.
For now I just kept rekey=no and left reauth at default (yes). I’ll have to make some time afterhours to experiment with make_before_break.
Thanks Michael.
Hi Tim,
how is rekey=no working for you?
Hey Michael,
It is working perfectly. Our business has been incredibly busy these past couple of months so I have not had time to experiment further as the connection is now being used 24/7. The rekey=no setting is unchanged since my last post and our connection has been very stable during that time.
Thank you for following up.
Tim