Here is working config for iOS devices (iPhone, iPod Touch, iPad).
/etc/ipsec.user.conf is little different ("rightsubnet=vhost:%no,%priv" should be replaced with rightsubnet=<normal ip notation for subnet (like 10.0.0.0/24)>)
Also "pfs=no" parameter is useless (but harmless to keep)
I removed "leftfirewall=yes" as well
Complete /etc/ipsec.user.conf (replace stuff in <> brackets):
conn <conectionname>
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=<ipfire fqdn>
leftsubnet=0.0.0.0/0
leftcert=/var/ipfire/certs/hostcert.pem
right=%any
rightsubnet=<subnet for ipsec vpn(different than green, blue, orange or openvpn subnet; for example:10.0.0.0/24)>
rightsourceip=<internal ip address(not in green, blue, orange or openvpn subnet; for example: 10.0.0.11/24)>
rightcert=/var/ipfire/certs/<conectionname>cert.pem
auto=add
lefthostaccess=yes
compress = yes