Supported methods per isakmpd(8): 1. Passphrase 2. Host Keys 3. X509 Certificates 4. Keynote Certificates
In fact "Keynote Certificates" is a bit ambiguous. KeyNote uses X.509 certificates and other alternatives to make decisions.
I know nothing about Keynote so I'm not sure if it can be used in a VPN. If anybody is using Keynote I would love to hear where it can be used advantageously.
Basically KeyNote is a trust management system. It's used by OpenBSD IPSec implementation to enforce and interpret security policies and credentials.
http://www.cis.upenn.edu/~keynote/ includes a brief explanation about KeyNote.
And a rather old but still useful kickstart tutorial by Matt Blaze will help too.
http://www.crypto.com/trustmgt/kn.html bdd