I hope you applied the x509 patch to FreeSWAN, will make life a lot easier for you later down the track...
For win connectivity
For certificate creation etc you will have to edit your openssl.cnf file for each certificate you create for each user and add the SubjectAltName as their email address.
you're gonna be having some fun
If it all gets too much you may want to consider OpenBSD w oakley/isakmpd, a much nicer implementation of IPsec...