Create an IKE group without DH group:
ike-group Foo { proposal 1 { encryption aes128 hash sha1 } }
In ipsec.conf you get: ike=aes128-sha1!
And then in logs you get:
Jun 1 02:29:11 vyos-test charon: 14[CFG] a DH group is mandatory in IKE proposals Jun 1 02:29:11 vyos-test charon: 14[CFG] skipped invalid proposal string: aes128-sha1
We should set the default to whatever it was in 1.1.8 I suppose, for compatibility reasons. I think it was DH group 2.