It took me by surprise when I realised that Ubuntu 16.04 did not have OpenSwan as a package - it uses StrongSwan now. AWS only provides generic configuration, configuration steps for CGW hardware or Openswan configuration.
After a bit of head scratching and testing, I found the correct configuration for building a tunnel between an Ubuntu box running StrongSwan and an AWS VPG:
A connection entry for a tunnel in /etc/ipsec.conf
conn Tunnel1 authby=secret auto=start type=tunnel left=<private ip address of strongswan box> leftid=<public (outside) ip address of your firewall/router> leftsubnet=<local private CIDR block> right=<public ip address of AWS vpn connection> rightsubnet=<VPC private CIDR block> ikelifetime=8h ike=aes128-sha1-modp1024 esp=aes128-sha1-modp1024 keylife=1h keyingtries=%forever keyexchange=ikev1 dpddelay=10 dpdtimeout=30 dpdaction=restart
A secret for /etc/ipsec.secrets
<public ip address of your local firewall/router> <public ip address of AWS vpn connection> : PSK "<The pre shared key obtained from the generic config.txt file downloaded from AWS>"
There you go - now you can test vpn tunnels using an Ubuntu system running StrongSwan - hopefully that's a bit of time saved for you and remember VPN connections are charged by the hour once they are up!!