If the vpn peers are going to be on the internal network, then make sure the peers have static nat tranlations. Then make sure to pass udp 500 and protocol 50 (ESP). For FreeBSD use racoon as a ISAKMP daemon and setkey to setup your ipsec policy. No idea one linux, but i would assume its almost the same.