strongSwan IPsec lessons learned
Compression limits the throughput to about 100 Mbps
Disable farp plugin when using 0.0.0.0/0 remote traffic selector
Enable Charon make before break if using auto=route
Enable keyingtries=%forever and set Charon retry_initiate_interval nonzero for always up tunnels with auto=route
Set retry_initiate_interval to nonzero if
DNS
resolution is in use