OP's logs show 192.168.25.201 as an identifier, so I'm sure that's this:
https://doc.pfsense.org/index.php/Upgrade_Guide#Stricter_Phase_1_Identifier_Validation
@mooboynyc:
IDir 'myhost.mydomain.com' does not match to 'XX.YY.ZZ.WWW'
To resolve, I edited the IPsec configuration. Under "Phase 1 proposal (Authentication)", change the "Peer Identifier" from "Peer IP Address" to "Distinguished Name" and enter the dynamic DNS name of the remote end. I was able to establish a connection after this single change.
Ditto for that. It was mismatched to begin with, racoon would just fall back to the IP if the identifier didn't match and try that, hiding the fact things weren't actually correctly configured.