**strongSwan IPsec lessons learned**

  * Compression limits the throughput to about 100 Mbps
  * Disable farp plugin when using 0.0.0.0/0 remote traffic selector
  * Enable Charon make before break if using auto=route
  * Enable keyingtries=%forever and set Charon retry_initiate_interval nonzero for always up tunnels with auto=route
  * Set retry_initiate_interval to nonzero if DNS resolution is in use