In the case of VPN's that are terminated on pfsense boxes, it is racoon,
and very recently a kernel patch was added to test NAT-T support with
ipsec-tools. I'm not sure if it's even made it into a public release
yet. It'll be there soon if not, but needs testing.
Thank you very much.
If you like, I will try to do some tests (not now, but in the near future), and will share my results.
Tom
