VPN connection IPsec with AES, SHA authentication and Preshared Key

As client software you could use strongSwan (the other tools you mention don't use the IKEv2 protocol).

On Ubuntu you may use strongSwan's NetworkManager plugin (network-manager-strongswan package), but note that it requires strong pre-shared keys (at least 20 characters). If that's the case, the configuration is quite simple (similar to what you configure on macOS, the username field takes the client's identity). However, it's not possible to configure the server's identity explicitly (the configured hostname/IP address is used). The server's identity can optionally be configured since strongSwan 5.8.3 / NetworkManager-strongswan 1.5.0.

If the PSK is too short (or you use an older version and you have to be able to set the remote identity), you'll have to configure strongSwan via config file and manage it via command line. The legacy (but on Ubuntu still default) configuration backend (starter/stroke) uses the following two files and a management tool called ipsec.

/etc/ipsec.conf:

conn home
    right=mystaticip
    rightid=localIdinMyrouter
    rightauth=psk
    rightsubnet=0.0.0.0/0
    leftid=peeridinmyrouter
    leftauth=psk
    leftsourceip=%config
    auto=add

/etc/ipsec.secrets:

  localIdinMyrouter : PSK "..."

Afterwards, restart the service (e.g. via systemctl restart strongswan on current versions of Ubuntu, don't use ipsec start|stop directly) and use ipsec up home to initiate the connection.

Documentation about the newer configuration backend may be found on the strongSwan wiki.