T5139 provided support for disabling rekey of IKE_SAs. We should also extend this to CHILD_SAs.
I propose adding a "rekey disable" option to esp-group which will disable all local-initiated rekeys based on time limits, byte limits, and packet limits. Disabling rekeying does not prevent the other side from initiating a re-key. Configured lifetime limits still apply and if the other side fails to re-key before a limit is reached, the SA will expire and the connection will be torn down. The default will be "rekey enable", so no behavior will change with existing configurations.
Disabling re-keying could be useful particularly for road warrior configurations, where it is often better to let clients drive the rekeying behavior so that clients can plan ahead sleep intervals, maximize battery life, etc.
As part of this change I also propose updating remote-access to have closer parity to site-to-site in terms of settings honored from the ike-group and esp-group. remote-access currently does not honor life_bytes/life_packets or DPD intervals. Additionally, the esp-group "lifetime" has a subtly different meaning for remote-access which may have been an oversight in the initial implementation.