IPsec AES256: CBC or GCM?

Most likely you will find an answer to this in other Communities.

https://www.privateinternetaccess.com/helpdesk/kb/articles/what-s-the-difference-between-aes-cbc-and-aes-gcm

https://crypto.stackexchange.com/questions/2310/what-is-the-difference-between-cbc-and-gcm-mode

Most likely you will find an answer to this in other Communities.

https://www.privateinternetaccess.com/helpdesk/kb/articles/what-s-the-difference-between-aes-cbc-and-aes-gcm

https://crypto.stackexchange.com/questions/2310/what-is-the-difference-between-cbc-and-gcm-mode

Well, I'd like to know which of them is used by the XG, not the difference between them.

Or maybe it doesn't matter?

My bad, misslead your question.

Strongswan (the ipsec module) supports couple of different encryption methods.

https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites

XG will choose this for you and you can check it in the console. 

console> show vpn connection status

CBC seems to be the preferred cipher with Cisco VPN/Sophos Connect. Is there a reason GCM is not used? GCM is a modern and faster cipher?

console> show vpn connection status
[154]: IKEv1 SPIs:
[154]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
{91}: AES_CBC_256/HMAC_SHA1_96

Sophos Connect

Sophos Connect uses IKEv1 and Remote Access IPsec. 

I cannot comment on this at all, i do not have a IKEv2 Tunnel right now to verify, which Method is used.