A little more information on my setup from what racoon logs show:
May 13 12:17:11 ave racoon: INFO: respond new phase 1 negotiation: 192.168.xxx.xxx[500]<=>xxx.xxx.xxx.xxx[500]
May 13 12:17:11 ave racoon: INFO: begin Identity Protection mode.
May 13 12:17:11 ave racoon: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
May 13 12:17:11 ave racoon: INFO: received Vendor ID: RFC 3947
May 13 12:17:11 ave racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
May 13 12:17:11 ave racoon: INFO: received Vendor ID: FRAGMENTATION
May 13 12:17:11 ave racoon: [68.40.135.16] INFO: Selected NAT-T version: RFC 3947
This is from a Microsoft Windows 10 client, and it reports using RFC 3947 for
Nat-t version, yet in the NetBSD 7.x udp_usrreq.c code, my system is selecting
the UDP_ENCAP_ESPINUDP_NON_IKE case but I had to edit the skip variable for
that case to what skip would be if the INP_ESPINUDP case was selected in
udp_usrreq.c to get my setup to work with the windows clients. If is confusing
to me, but my patch does work with windows clients but I don't know if my
patch breaks other cases.