Microsoft Windows comes with a builtin IPsec client which works with certificate-based Roadwarrior connections with IPFire.
Create a new host-to-net connection as usual creating a new certificate. Microsoft Windows has certain requirements for the ciphersuite:
On the client, you will need to import IPFire's Root Certificate as well as the certificate of the connection as a computer certificate first. You can do this by downloaded those files to the computer and double-click. A wizard will guide you through the import.
Create a new VPN connection selecting IKEv2 as protocol:
After hitting Save, you will have to navigate to the network adapter of the connection and double-click. A new dialogue will open where you will have to change the authentication to "Use machine certificates".
You will then be able to establish the IPsec connection.