Yes, FreeS/WAN can do that. You would configure FreeS/WAN on the firewall box to act as a security gateway and configure it to advertise the routes necessary to reach your desktop LAN. I assume they're using Mac OS since you're talking about Timbuktu. Mac OS 10 comes with Racoon IPSec built-in, but it's completely command-line and config-file based, no GUI. In fact, if you ran OS 10 on your firewall you could use the built-in IPFW firewall with NATd (built-in) and Racoon IPSec (built-in).
For home users you'll probably want a GUI, so look at something like IPSecuritas or some of the other clients listed in the download section on www.apple.com.
You could also distribute config files for Racoon and a custom Terminal.app script that they could put on their Desktop and double-click on when they needed VPN access.