Set http://kerneltrap.org/node/view/748 for some links to HOWTOs on this. In short, on Debian, run 'apt-get install ipsec-tools racoon', then configure Racoon and setkey.
I tried this, but couldn't get it working. I discovered that OpenS/WAN can also use the existing Linux 2.6 kernel implementation of IPSec, rather then it's own (rather invasive) kernel patches. Since I'm a lot more familiar with Pluto, ipsec.conf, and ipsec.secrets that went a lot better.