There is one caveat to the reliability of IPsec, you must have your own public IP address. For home users with their own public IPv4 address, operating one IPsec connection to the corporate HQ is usually fine, even with a NAT gateway in between. Once you start running two connections (e.g., one from your laptop and one from your phone) to the same end-point, at least one of them will devolve into UDP. At that point IPsec will no longer be distinguishable from any other VPN technology and may be subject to summary blocking by the GFW.