Hi Moses, Configure an IKE proposal that's accepted by your peer (you disabled log message for cfg, so you didn't see the details of the proposal negotiation). Most likely the problem is that modp1024 is proposed, a DH group strongSwan doesn't include in its default IKE proposal anymore. So to use it, IKE proposals have to be configured explicitly. Also see [1] for information on how to get Windows to use at least modp2048.
Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048
