Hey Tom,
I am also quite frustrated about this. IPsec as a protocol is working well, but getting client support working is indeed a PITA.
However, this will be a huge job to get it to work better. There are loads of hacks around and I am not sure what has been tested as working and what now.
Right now, I am using OpenVPN for RW and IPsec for N2N connections. Although OpenVPN has other issues, this is working quite well across multiple clients, but always requires additional software to be installed.
I would propose the following process: I would prefer to implement this in IPFire 3 first. That does not help much with running this right now, but it is a good playing ground to build this properly and experiment. Loads of work has already been put into that.
However, my time is very limited at the moment and unfortunately I am very busy dealing with loads of other things in this project. Therefore progress has been … slow. So everyone who can contribute and help out so that more free time is available will be greatly appreciated of course.
-Michael