Don't include disabled ipsec phase2 entries on pf table vpn_networks
PF Table vpn_networks is populated with disabled Phase 2 entries.
This may lead to underperformance if
(a) You have IPSec MSS clamping turned on
(b) The disabled phase 2 network or a subnetwork is reachable by pfsense by other path (directly connected, other VPN)
(c) MSS on this path is > IPSec MSS clamping value
-Delete the phase 2 instead of just disabling it