Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key material, optionally using a Diffie-Hellman exchange if a group is specified in the proposal. To avoid rekey collisions initiated by both ends simultaneously, a value in the range of <a href="/nixpkgs/option/services.strongswan-swanctl.swanctl.connections.&lt;name&gt;.children.&lt;name&gt;.rand_time"><a href="/nixpkgs/option/rand_time" rel="nofollow">rand_time</a></a> gets subtracted to form the effective soft lifetime.By default CHILD_SA rekeying is scheduled every hour, minus <a href="/nixpkgs/option/services.strongswan-swanctl.swanctl.connections.&lt;name&gt;.children.&lt;name&gt;.rand_time"><a href="/nixpkgs/option/rand_time" rel="nofollow">rand_time</a></a>.StrongSwan default: <code>"1h"</code>