while it can be true, Ipsec comes with some downsides IMHO - the first thing is you need open specific ports(1701, 500, 4500) to get it to work, and these ports may be blocked on client side. i have Ipsec configured in my house, and while i can access it from one office, i can't from another.
i have some success with OpenVPN on top of pfsense - it works just fine on UDP port 443, so there will be no problems on client side to connect. and i can issue specific configuration for every user with their own certificates. And i'm using 2FA authentication with Radius server inside pfsense too - user have to use Google Authenticator for example to log in.