With some fiddling about, I did manage to make a functioning IKEv2 connection from Windows 10 to untangle... one seemingly secret hurdle was to install the intermediate SSL certificate into the local machine certificate store; until then I'd get the error "13801: IKE authentication credentials are unacceptable."
I do have a question though:
After the connection established, there was no route added to reach the remote network; windows has no clue what remote network I'm trying to reach, and there appears to be no mechanism for Untangle to tell it.
I manually added the route:
route add 192.168.27.0 mask 255.255.255.0 198.19.0.0
That worked, I can now access the remote network.
Is there a better way? Some better VPN client to use than what's built in to Windows? (don't say "just use OpenVPN, it's easier" - I have specific reason for not using OpenVPN)