Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key material, optionally using a Diffie-Hellman exchange if a group is specified in the proposal.To avoid rekey collisions initiated by both ends simultaneously, a value in the range of <a href="/nixpkgs/option/services.strongswan-swanctl.swanctl.connections.&lt;name&gt;.children.&lt;name&gt;.rand_time"><a href="/nixpkgs/option/rand_time" rel="nofollow">rand_time</a></a> gets subtracted to form the effective soft lifetime.If <a href="/nixpkgs/option/services.strongswan-swanctl.swanctl.connections.&lt;name&gt;.children.&lt;name&gt;.life_time"><a href="/nixpkgs/option/life_time" rel="nofollow">life_time</a></a> is explicitly configured, <a href="/nixpkgs/option/services.strongswan-swanctl.swanctl.connections.&lt;name&gt;.children.&lt;name&gt;.rekey_time"><a href="/nixpkgs/option/rekey_time" rel="nofollow">rekey_time</a></a> defaults to 10% less than that, otherwise, CHILD_SA rekeying is scheduled every hour, minus <a href="/nixpkgs/option/services.strongswan-swanctl.swanctl.connections.&lt;name&gt;.children.&lt;name&gt;.rand_time"><a href="/nixpkgs/option/rand_time" rel="nofollow">rand_time</a></a>.