Single client implementation is the easy part. The hell starts when you need to use several different clients (think iOS, Android-built in or Strongswan, Windows, Linux Libreswan or Strongswan, also throw in several appliances by different vendors) and each of them has different ideas about what is acceptable in their algo list[1].

And that's just cipher negotiation. Don't get me started, what the clients expect to be in the certificates as CN and SAN. You have IPSec gateway behind NAT (so the internal IP of the gateway is different than the public IP), with dynamic IP, so you need to use DNS instead of fixed IP? Good luck with configuring your Windows clients.

[1] I.e. libreswan has deprecated MD5 and SHA1 in their default algo list; if you need them, you must find out how to configure the client that uses it as a backed. Ubiquiti routers on the other hand support SHA1 as their strongest auth algorithm, so there is no match, leading to forum posts like this: https://community.ui.com/questions/L2TP-unusable-on-Fedora/d..., where people butcher it and end up using 3DES and DH group 2. Yay, great for security.