In order to establish a VPN from an Android device to pfSense, you must be on at least pfSense 2.0.
L2TP was the easiest to make work during testing, but it does not encrypt traffic, it only tunnels.
In all cases, be sure to add firewall rules to the interface created for the VPN clients.
Initial testing was performed on a Verizon Droid X.
This is a summary of the following information only. Please keep reading for more details!
|↓||(All)||CHAP||PAP||PSK||IPSec-PSK||IPSec-RSA||Xauth PSK||Xauth RSA||Hybrid RSA||Native||3rd-party App|
|2.1 (Eclair)||Yes (no encryption)||Probably||Probably||?||?||?||?||?||?||n/a||Maybe|
|2.3 (Gingerbread)||Yes||Probably||Probably||?||?||?||Yes (see text for details)||?||?||n/a||Maybe|
|4.0 (Ice Cream Sandwich)||Yes||Probably||Probably||?||?||?||Probably||?||?||n/a||Yes|
|4.1 (Jelly Bean)||Yes||Probably||Probably||?||?||?||Yes||?||?||n/a||Yes|
See this note on Android and PPTP from a user on the forum:
For some devices, Gingerbread brought with it the "Advanced IPsec VPN" choices that will let it work with 2.0 and most likely other scenarios as well. Specifically these options are found on at least the Motorola Droid X, and likely others.
The VPN choices on these versions are:
The choices that use main mode (anything that isn't labeled "aggressive") likely won't work as the IP of the phone is used as the identifier, no matter what is entered in the phone's GUI, so it would require anonymous PSKs. Unless there is some trick I'm not seeing.
PSK v1 (AES, xauth, aggressive) works against a 2.0 server when properly configured. This combination is reported to work well - see Mobile IPsec on 2.0 for configuration details.
If you try another mode and it works, let us know. The certificate method (Cert v1 (AES, aggressive)) should work in theory but has not yet been tested.
With ICS, the VPN options have been revamped and the following choices are available:
Of those, at least the IPsec Xauth PSK option should work, but testing is needed to confirm.
Should be identical to 4.0. One report so far of a working configuration with XAuth: 
Android 4.0 also brings the ability for third-party VPN clients. There is an excellent OpenVPN client that does not require root available on Google Play for devices running ICS.
I have personally tested this client on an Asus Transformer Prime and a Motorola Droid Razr, both with Android 4.0.x.
With the latest update to the pfSense OpenVPN Client Export package, you can export an "Inline Configuration" that has the config, the certs, keys, etc, in a single file. This file imports into the client linked above quite easily, as follows:
NOTE: If you use K9 mail, and possibly others, when you save the attachment to /mnt/sdcard/ the OpenVPN app will launch and import automatically.
Now that it's saved, you need to tell it your username if you're using a User Auth type.
You should now be able to connect to the VPN.
After the VPN has been successfully configured and tested, remember to remove the .ovpn file from your Android device's SD card. The settings are stored securely by the app, so keeping the file on insecure storage is not needed nor recommended.