Well, I finally made it work thanks to @Konstanti .
I want to leave it here in case it may help someone else, struggling with the finicky ipsec settings...
In my case the key point seems to be setting IKEv2 Algorithms as aes256-sha256-modp1024 in the StrongSwan Android Client.
The IPsec/ESP Algorithms may be left empty. I am just not sure what the benefits of specifying it ( @Konstanti , please correct me).
There is still another part that seems equally contibutes into the successful establishment of the IPSec tunnel - I also had to specify in StrongSwan Android Client:
Server identity: <MY_ORG>.duckdns.org
Client identity: ikev2-drew@<MY_ORG>.duckdns.org
Note, that setting client identity (at least in my case) MUST be specified in this email style: client1@<SERVER_IDENTITY>. For some reason, changing it to just client1 (ikev2-drew in my case) breaks everything, even though I canged the User distinguished name from ikev2-drew@<MY_ORG>.duckdns.org to Any in pfsense ipsec settings (phase1) in GUI.
Again, thank you very much, @Konstanti for your time and help!