I have a running config of isakmpd that I have tried with OpenBSD, Linux and
Win32 peers.
You could try this config. Isakmpd will accept connections from anyone that
knows the pre-shared secret. It allows traffic host-lan and lan-lan
depending on what's on the other end.
Running ssh sentinel I have succesfully established a connection to this
host both from behind another OpenBSD gateway (nat) and linux gateway (nat).
Ssh sentinel must be in legacy mode, 3des and sha1.
Depending on your OpenBSD version, isakmpd may need a patch avalible on
www.ipsec.com. I'm running 3.3 and don't need this patch. Earlier I did need
it.

# cat /etc/isakmpd/isakmpd.conf
[Phase 1]
Default= ISAKMP-clients

[Phase 2]
Passive-Connections= IPsec-clients

[ISAKMP-clients]
Phase= 1
Configuration= Default-main-mode
Authentication= some-secret-passphrase

[IPsec-clients]
Phase= 2
Configuration= Default-quick-mode
Local-ID= Local-net
Remote-ID= Remote-host

[Local-net]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.1.0
Netmask= 255.255.255.0

[Remote-host]
ID-type= IPV4_ADDR_SUBNET
Network= 0.0.0.0
Netmask= 0.0.0.0


[Default-main-mode]
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA

[Default-quick-mode]
DOID= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Transforms= 3DES-SHA
Suites= QM-ESP-3DES-SHA-PFS-SUITE

# cat /etc/isakmpd/isakmpd.policy
Keynote-version: 2
Authorizer: "POLICY"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
esp_enc_alg != "null" -> "true";

Hope this helps.