When configuring strongSwan servers, is it safer to use `rekey=yes`?

Perfect forward secrecy (PFS) is an inherent part of IKEv2, as the key material for every IKE_SA is derived from an ephemeral Diffie-Hellman (DH) exchange and reusing DH factors is (hopefully) not a very common practice (strongSwan doesn't do that).

So even without rekeying each new IKE_SA will use independent keys. Unless childless IKE_SA initiation is used (RFC 6023), the keys for the first CHILD_SA are always derived from that key material. If additional CHILD_SAs are created (not the case with your config), they can optionally derive the keys from a separate DH exchange.

Rekeying the IKE_SA always requires using a DH exchange to create completely independent key material, it's optional when rekeying CHILD_SAs. Again, without DH exchange the CHILD_SA keys are derived from the IKE_SA's key material. Which means that depending on whether the IKE_SA has been rekeyed before the CHILD_SA, the new CHILD_SA keys are not related to those used by the previous CHILD_SA.

So rekeying basically controls how long, or for CHILD_SAs also for how many packets/bytes, a particular set of keys are used, that is, how much data an adversary who recorded all traffic can decrypt after a successful attack on a single DH exchange. Whether to employ rekeying and in what interval, therefore, depends on your policies/preferences under these aspects (it also depends on how long you expect the connection to be established at a time).

For IKE_SAs it's also possible to use reauthentication (reauth=yes in ipsec.conf) instead of rekeying, which creates a new IKE_SA and its CHILD_SAs from scratch (either before or after tearing down the previous SAs). This can, for example, be used to ensure a client still has access to a private key on a smartcard. However, the process is not as smooth as inline rekeying, so some packets can get dropped (in particular if the default break-before-make reauthentication is used).