> IPsec is extremely difficult to use correctly, or even at all.
No, it's not.
Some IPsec implementations are kludgy and lack proper granularity/control over their configurations. It is also very flexible, so you can of course misconfigure it to the point where the whole setup becomes a royal clusterf#ck, but doesn't mean it is "extremely difficult to use correctly". It works really well for a wide range of common scenarios, each of which is not that hard to configure once one knows what they are doing.
BITW ("bump in the wire") is easy to use. Trivial. It's just devices you insert in a point-to-point link to encrypt it. You don't even need IPsec for that, but whatever.
SG ("security gateway", aka VPN) is reasonably easy to use, especially if you assign users /32s (for IPv4) and inject those into you IGP -- then you cannot have the attack I mentioned.
Transport mode is very difficult to use correctly and safely, or even at all, in any network with more than a few nodes or with fluid IP address assignments.
For transport mode, the best answer, really, would be to use BTNS [0] and connection latching [1] so that you can just use IPsec from the application (via socket options or moral equivalent), performing channel binding to application-layer authentication, or else certificate chain validation and authorization at the application layer. But this hasn't been implemented. Solaris/Illumos has some IPsec-related socket options, and it will create and/or latch SPD entries (what traffic to protect and how) policy, but not SAD entries (how to authenticate peers) nor PAD entries (how to authorize peers) -- i.e., half-way to RFC5660 :(
Some of the obstacles really hit you when your working with different systems, if you connect the same systems then just mirror the config but when each end uses different terminology it can get confusing unless you know what you're doing. I don't think I'd agree that it's extremely difficult but it's nontrivial sometimes.
No, it's not.
Some IPsec implementations are kludgy and lack proper granularity/control over their configurations. It is also very flexible, so you can of course misconfigure it to the point where the whole setup becomes a royal clusterf#ck, but doesn't mean it is "extremely difficult to use correctly". It works really well for a wide range of common scenarios, each of which is not that hard to configure once one knows what they are doing.