The NSA's Central Security Service - that's the part that's supposed to work on defense - has released two documents - these are PDF links - a full https://media.defense.gov/2020/Jul/02/2002355501/-1/-1/0/CONFIGURING_IPSEC_VIRTUAL_PRIVATE_NETWORKS_2020_07_01_FINAL_RELEASE.PDF and an abridged version, on securing virtual private networks.https://media.defense.gov/2020/Jul/02/2002355625/-1/-1/0/SECURING_IPSEC_VIRTUAL_PRIVATE_NETWORKS_EXECUTIVE_SUMMARY_2020_07_01_FINAL_RELEASE.PDF Of course, that's if you can trust the NSA to give advice that makes their job harder....