The server is at a public, addressable IP, not behind a NAT. I have tested with three clients: iPhone, Mac, and Windows 10. I have tested with all of them within the same NAT network as each other (no relation to the server's network), and I have tested with the iPhone on its public (cell) address. Every configuration connects successfully and works properly except Windows 10, which will not connect.
In another thread that I didn't wish to hijack, @sindy writes:
To align the phase 1 proposal, set the enc-algorithm, hash-algorithm, and dh-group in /ip ipsec peer configuration to include the strongest combination of these algorithms suggested by the Windows client; to align the phase 2 proposal, align the /ip ipsec proposal parameters auth-algorithms, enc-algorithms, and pfs-group with the Windows client's proposal.
Here is a screenshot of the log with the successful iPhone connection on the left, the unsuccessful Windows 10 connection on the right.
Other than the Windows local port number, I don't see any difference in the logs up to the point where the level 2 negotiation on the iPhone works right off the bat, while the level 2 negotiation on Windows gets retried over and over and eventually fails to connect. If Windows is proposing some phase 2 encryption protocol I haven't enabled, I don't know how to determine what that is from this log output.
Here is an image of my proposal parameters in case it is immediately apparent to someone familiar with Windows 10 what Windows 10 may be requiring that the Mac and iPhone apparently don't need.