Sep 12 18:16:25 vps pluto: ERROR: asynchronous network error report on eth0 (sport=500) for message to 18.104.22.168 port 20640, complainant 22.214.171.124: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Some say changing the "leftprotoport=17/%any" will fix this but I have not found this to be the case.
Essentially it means at least one end is blocking the ipsec packets. Sometimes the %any allows an alternative port to be used for smart clients but generally I have not seen this fix problems (especially if a network or country is intentionally blocking ipsec packets).
tp, ipsec, vpn, sep, vps, pluto, asynchronous, eth, complainant, errno, origin, icmp, authenticatedsep, authenticated, quot, leftprotoport, essentially, blocking, packets, allows, generally, intentionally,