I played with ipsec-tools these days.Found two problems.

1) When use racoon as a road warrior client, use pre_shared_key authentication method will not work. I use the sample config file from the ipsec-tools release. and changed to pre_shared_key only, The client will not got ip, the debug message doesn't have MODE_CFG related messages, Use another client(Sherw VPN Client) can work, and debug message have something about MODE_CFG. change to xauth_psk_(client | server) will work.
Tested on ubuntu 11.04 with kernel 2.6.38-11, Ipsec-tools 0.7.3 and 0.8

2) Multiple client behind the same nat connect to same vpn server will cause one client no traffic.The SAs is established. Client got IPs, But only one client got traffic.

Tested on ubuntu 11.04 server with kernel 2.6.28-11, Ipsec-tools 0.7.3 and 0.8, with sample road warrior config from ipsec-tools release. changed to pre_shared_key only.
Client use (Sherw VPN Client 2.1.7)

According to the ChangeLog of ipsec-tools, mode config without xauth and multiple client behind nat is supported by ipsec-tools.
Have some one get these two features work?