Questions migrating Linux Strongswan IKEv2 setup

Strykar

I have Strongswan IKEv2 VPN setup for mobile clients running on a Slackware linux machine.
The clients are running Android and the latest strongswan ipsec client on their phones.
We are looking at moving the VPN server to pfsense.

Here's my current /etc/ipsec.conf:

# ipsec.conf - strongSwan IPsec configuration file

config setup
	charondebug="cfg 2, lib 1, dmn 1, ike 3, net 1, knl 1"

conn %default
	keyexchange=ikev2
	dpdaction=clear
	ike=aes128gcm16-aesxcbc-modp2048
	esp=aes128gcm16
	dpddelay=300s
	rekey=no
	leftsubnet=0.0.0.0/0,2000::/3
 	leftcert=vpnHostCert.pem
	leftid="C=CH, O=strongSwan, CN=slack14.wrtpoona.in"
	right=%any
	rightsourceip=%dhcp,2604:8800:100:8277:ffff:ffff:ffff:fffc/126 #4 IPv6 hosts

	leftfirewall=yes
	forceencaps=yes
	compress=yes
	auto=start

conn IPSec-IKEv2
	keyexchange=ikev2
	auto=add

I don't see an option for IKEv2 using certs in the Phase 1 proposal (Authentication method options).
What type should I select in the drop down menu?

How can I migrate this setup to pfsense?

jimp

EAP-TLS is IKEv2 with per-user certificates.