To minimize the memory used by IPSEC, it is recommended not to select 0.0.0.0 as the listen local ip address in the Network page.
If you select fixed ip, ie, 192.168.1.10 or 127.0.0.1, IPSEC will run much faster, lesser memory used and support over 100,000 black ip in case of bulky hacking ip attack.