We do need to rethink the interaction with ipsec, It looks like a strange mix of parts now.
Ideally we should ask ipsec about the connections that can be made instead of creating a strange mix of configuration and daemon entries.

related issue https://github.com/opnsense/core/issues/139