Hello,
Seems like there's a bug in the IPSec config generation in TRB140 firmware TRB1400_R_00.01.06.1. You can check IPSec daemon log messages below, aggressive=1 is not accepted and should be aggressive=yes with this version of StrongSwan.
The connection does not work, but comes up just fine after manually modifying the config file and restarting the ipsec daemon.
Fri Jan 24 12:48:55 2020 authpriv.info ipsec_starter[10854]: charon stopped after 200 ms
Fri Jan 24 12:48:55 2020 authpriv.info ipsec_starter[10854]: ipsec starter stopped
Fri Jan 24 12:48:58 2020 authpriv.info ipsec_starter[11332]: Starting strongSwan 5.8.0 IPsec [starter]...
Fri Jan 24 12:48:58 2020 authpriv.info ipsec_starter[11332]: # bad value: aggressive=1
Fri Jan 24 12:48:58 2020 authpriv.info ipsec_starter[11332]: bad argument value in conn 'TK-TK_c'
Fri Jan 24 12:48:58 2020 authpriv.info ipsec_starter[11332]: # ignored conn 'TK-TK_c' due to 1 parsing error
Fri Jan 24 12:48:58 2020 authpriv.info ipsec_starter[11332]: ### 1 parsing error (0 fatal) ###
Fri Jan 24 12:48:58 2020 daemon.info ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.0, Linux 3.18.20-msm, armv7l)
root@dev:~# cat /var/ipsec/ipsec.conf
# generated by /etc/init.d/ipsec
version 2
conn TK-TK_c
left=%any
right=123.123.123.123
leftsubnet=172.16.0.0/16
leftfirewall=no
rightfirewall=no
ikelifetime=8h
lifetime=1h
margintime=9m
keyingtries=3
dpdaction=restart
dpddelay=30s
leftauth=psk
rightauth=psk
rightsubnet=10.56.0.0/24
auto=start
leftid=censored.id
rightid=123.123.123.123
aggressive=1
forceencaps=no
keyexchange=ikev1
esp=aes128-sha1-modp1024
ike=aes128-sha1-modp1024
type=tunnel