For those who still have problem with Shrew VPN client and pfSense Mobile Client: to make it work try the following settings in the Shrew client:
a) General -> Auto Configuration -> ike config pull
b) Phase 2 ( this is what gives you the grief or at least what is being discussed in this topic) -> esp-aes / 256 / md5 / pfs - group 2 (can be any if set properly on both ends)
and everything should work.
If it does not, run Shrew VPN Trace ( a utility coming with the Shrew VPN) , change the debug log verbosity, you will get a log. Examine both logs (Shrew's one and pfSense's IPsec log and things should be more or less clear, you will see what is wrong).
That's beyond me why when I set up a site to site tunnel in Shrew I can easily do that with manual configuration and phase 2 settings mentioned in multiple pfSense tutorials: eso-aes / 256 / sha 1 But for the mobile client pfSense requires esp-aes / 256 / md5 - that is utterly strange.
Over last 2 days I read a lot of posts on this forum and other places regarding Shrew VPN related problems. I guess it speaks a volume. Anyway, I am glad that eventually I made it work.