Some people I share a Slack with looked it up. It looks like the defaults include the 64-bit 3DES cipher in CBC mode, the SHA1 hash, and the 1024-bit DH Group 2. Does that sound wrong? They were working from man pages; maybe the real default configuration from the actual config files isn't 1990s crypto.
It depends on the server. On OpenBSD the default for IKEv1 is HMAC-SHA1 and AES. This is easy enough to change in the one-liner.
IIRC, all the modern IPSec stacks support at least AES and SHA256. However, the problem is that on macOS and (I think) Windows you specify the suites as fixed 3-tuples: MAC-CIPHER-DHKE, even if they could be independent (i.e. not mixed encryption/mac mode). So even though they all share strong cipher and MAC modes, the key exchange modes might not match as they only support a few combinations. I haven't tried changing my IKEv1 setup in the past several years (I'm not really using it much anymore except when traveling), but I have it configured as "auth hmac-sha1 enc aes group modp1024". I have a commented out block using "auth hmac-sha2-256 enc aes group modp2048" that says "OS X 10.11 supports SHA2-512 but only with group modp2048". IIRC that also worked on Windows but at the time I still needed to support macOS 10.10.
macOS and (I think) Windows support uploading specialized IPSec profiles, but like with security tokens I don't want to rely on a scheme that requires maintaining such things and never cared to dig too deeply. As far as I'm concerned it's not secure (in a larger, practical sense) if it requires complex manual configuration and software installation.
IPSec can be made simpler and has gotten much simpler and stronger in many respects as compared to the experience many of us had years ago. With only a tiny fraction of the effort needed to get native, vendor-shipped WireGuard support on macOS and Windows we could standardize a new, modern, cipher suite (as with TLS). For all I know that's already happened as a de facto matter.
WireGuard and IPSec don't have to be mutually exclusive. The notion that we can abandon IPSec is fanciful as a practical matter (nearly as fanciful as abandoning TLS), and so being fatalistic about IPSec is not constructive, not to mention a little unfair. Look at IPv6: some of the complexity of IPv6 has been shed as adoption has grown. IPv6 is an easier proposition today than it was 10 years as the way forward has become more clear.
I think the fact that you're still configuring IPSEC with 1024-bit DH modp groups pretty much makes the case I'm trying to make for me, but we can agree to disagree about this, too.
IKEv1 is a mess, by the way. Here's a good Cas Cremers survey of issues, circa 2011:
