If you are every curious on the proposals that your client submits, just review the logs after a client attempts access. Here's a MACOSX 10.10.3 host using the native client;
( notice how we failed due to lack of matching proposals )
So out of all of the proposal the client submitted , none matched the single proposal offered by the pfsense gateway. Various vpnclients native or non-native can supported a a wide range of proposals.
A difference of the client OS version or type ( window/mac/andorid/iphone/....) can change the proposal offerings submitted by the client.
If your failing authentication ( xauth ) you will see a log message similar to the below.
Sometimes you have the right authentication and ciphers but the dh-grp key strength is wrong
To review the ipsec.conf file you can use the WebGUI cmdline tool and more the cfg file.
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
=( * * )=