The "Wireguard" Thread on the Cryptography mailing list this month is super interesting.   As a someone who has just done  *another* *1/2* *assed* IPSEC implementation last week ( Because getting proprietary implementations to interact in the way you want is too difficult )  .. the thread from here is so easy to believe.  http://www.metzdowd.com/pipermail/cryptography/2018-September/034529.html