Help selecting algorithms (S2S Ipsec)

[fadern]

Hi,
I'm trying to migrate my current Ipsec S2S connection (Tunnel Settings) to the new "Connections" but I'm not sure which algorithms etc to select. Could any of you help me choose a secure and fast algorithms? 
My current settings are (I ended up with these after some reading but I'm not sure that they are perfect...)
Phase 1
Encryption algorithm: 256 bit AES-GCM with 128 bit ICV
Hash algorithm: SHA512
DH key group: 21 (NIST EC 521)
Phase 2
Protocol: ESP
Encryption algorithms: aes256gcm16
Hash algorithms: none
PFS: 21 (NIST EC 521 bits)

[netnut]

Hi,
I'm trying to migrate my current Ipsec S2S connection (Tunnel Settings) to the new "Connections" but I'm not sure which algorithms etc to select.

What's wrong with the current ones ?

Could any of you help me choose a secure and fast algorithms? 

How fast a specific algorithm performs really depends on the hardware used (and specific cipher selection), that's something you have to benchmark on your platform.

My current settings are
Phase 1
Encryption algorithm: 256 bit AES-GCM with 128 bit ICV
Hash algorithm: SHA512
DH key group: 21 (NIST EC 521)
Phase 2
Protocol: ESP
Encryption algorithms: aes256gcm16
Hash algorithms: none
PFS: 21 (NIST EC 521 bits)

AES-GCM is the algorithm to choose, but 128bit is faster than 256bit, do you need the extra bits ?

ECC encryption uses smaller key sizes but shouldn't be automatically "faster" than RSA, but preferred anyway.

Do you trust the NIST curves ? You might want to choose ed25119 or ed448

https://zisc.ethz.ch/wp-content/uploads/2020/11/ed25519-SP.pdf

(I ended up with these after some reading but I'm not sure that they are perfect...)

To improve is to change; to be perfect is to change often. ― Winston Churchill