I'm using Strongswan to handle IPsec connections, and need a way to support both Windows (IKEv2) and OS X (IKEv1) clients. I would prefer to use pure IPsec (i.e. avoid having to setup L2TP) unless there's a compelling reason to use L2TP/IPsec.
I know you can configure Strongswan in ipsec.conf to have some connections use IKEv1 whereas some other connections use IKEv2. However, in my case I can't easily setup separate connection configurations for each user because the IP address that they'll connect from won't be known in advance. I just use a single connection configuration for all of our users.
Is it possible to have some users connect via an IKEv1 connection configuration and others via an IKEv2 connection configuration, or setup a single connection configuration that'll handle both IKEv1 and IKEv2 connections? If not, what would be the easiest way to support both Windows and OS X built-in IPsec clients (with Strongswan or some other IPsec package)?