See the following error:
lucas@lcn-router:~$ generate ipsec profile windows-remote-access ClientVPN remote x.x.x.x Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 234, in <module> data['ike_encryption'] = ike['1'] ~~~^^^^^ KeyError: '1'
Note that the windows profile generator probably also needs to be examined along similar lines to T6617, to make sure x509 mode is properly accounted for and PFS dh-groups work.