I stumbled across strongswan issue #1220 (https://wiki.strongswan.org/issues/1220) on a VyOS 1.1.7 IPsec VPN Gateway in Amazon AWS. So we have 2-4% packet loss. All my tests confirm it’s this bug (packet loss only with small packets, only AES and only on AWS).
Is there a workaround (beside change to 3DES) or a solution (before VyOS 1.2.x)?
I also tested last nightly build, same problem, it also contain strongswan V5.3.5