Ipsec (libreswan) on openwrt

Has anyone successfully configured libreswan on openwrt for site-to-site connections? In a nutshell, I've configured iptables to allow UDP ports 500 (isakmp) & 4500 (ipsec-nat-t) through, the intermediate router port-forwards those same ports to/from "the wild", such packets are successfully traversing from/to the outside host & the openwrt box. However, when the tunnel is being negotiated, I receive the following messages on the openwrt box:

authpriv.warn pluto[4218]: packet from xxx.yyy.zzz.aa: initial Main Mode message received on zzz.yyy.xxx.bb:500 but no connection has been authorized with policy PSK+IKEV1_ALLOW

Is there a particular ike= algorithm, or a policy definition, I should try (in the .conf files) to get this to work?

Not sure if it is the root cause of your issue, but you also need to allow protocol ESP and AH on the firewall.

-A zone_wan_input -p esp -m comment --comment "!fw3: IPSec ESP" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 500 -m comment --comment "!fw3: IPSec IKE" -j ACCEPT
-A zone_wan_input -p ah -m comment --comment "!fw3: Auth Header" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 4500 -m comment --comment "!fw3: IPSec NAT-T" -j ACCEPT