IPsec VPN with PSK: IKEv1 works and IKEv2 doesn't? Check id / remote-id

I set up an IPsec VPN with the GUI and (works great) which uses IKEv1 and a pre-shared-secret.  I decided to try changing to IKEv2:

set vpn ipsec ike-group [group-name-here] key-exchange ikev2

but the tunnel wouldn't come up.  No errors show up in the regular log or in:

show vpn log

increasing the logging value to the max value didn't help either

set vpn ipsec logging log-level 2

but I found a thread explaining how to get a very detailed log.  Run the following command (not in configure mode) and leave it running while you attempt to bring up the VPN:

sudo swanctl --log

which showed me the issue:

11[CFG] looking for peer configs matching x.x.x.x[%any]...y.y.y.y[y.y.y.y]
11[CFG] selected peer config 'peer-sub.mydomain.com-tunnel-1'
11[IKE] no shared key found for '%any' - 'y.y.y.y'

x.x.x.x being the external IP of the machine running the command, and y.y.y.y being the external IP of the remote machine.  At first I solved it by creating a %any (match all) ipsec.secrets file as suggested in this post:

http://community.ubnt.com/t5/EdgeMAX-Beta/ipsec-secrets-FQDN-bug/m-p/1358449/highlight/true#M11862

but then I noticed the id and remote-id values in the VPN settings.  I then used:

set vpn site-to-site peer sub.mydomain.com authentication id main
set vpn site-to-site peer sub.mydomain.com authentication remote-id sub

at the first router and

set vpn site-to-site peer main.mydomain.com authentication id sub
set vpn site-to-site peer main.mydomain.com authentication remote-id main

at the second and the tunnel comes up just fine:

04[CFG] looking for peer configs matching x.x.x.x[main]...y.y.y.y[sub]
04[CFG] selected peer config 'peer-sub.mydomain.com-tunnel-1'
04[IKE] authentication of 'sub' with pre-shared key successful
04[IKE] peer supports MOBIKE
04[IKE] authentication of 'main' (myself) with pre-shared key
04[IKE] IKE_SA peer-sub.mydomain.com-tunnel-1[11] established between x.x.x.x[main]...y.y.y.y[sub]

Maybe this is because I am using FQDNs rather than the IPs of the routers? 

set vpn site-to-site peer sub.mydomain.com
instead of
set vpn site-to-site peer y.y.y.y

The remote site ("sub" in my example) is on a dynamic IP and all my sites will probably be switching to dynamic IPs so I figured I would set it up this way.  Also I am guessing this would not affect x509 (I am using a pre-shared-secret but probably will switch that down the road as well)

Anyway, I thought I would share my experience in case anyone else runs into this.  The tl;dr is if ikev1 works and ikev2 doesn't, try setting the id / remote-id at each site.