After upgrading to FW 1.9 on my EdgeRouter Lite, the Site-to-Site VPN won't come up. Tried to downgrade back to 1.85 - but I'm still unable to get the VPN up and running.
I tried deleting the VPN and creating it again from CLI with the following settings - but the VPN is still down:
configure
set vpn ipsec disable-uniqreqids
set vpn ipsec esp-group vpntunnel
set vpn ipsec esp-group vpntunnel compression disable
set vpn ipsec esp-group vpntunnel lifetime 28800
set vpn ipsec esp-group vpntunnel mode tunnel
set vpn ipsec esp-group vpntunnel pfs disable
set vpn ipsec esp-group vpntunnel proposal 1
set vpn ipsec esp-group vpntunnel proposal 1 encryption aes128
set vpn ipsec esp-group vpntunnel proposal 1 hash sha1
set vpn ipsec ike-group vpntunnel
set vpn ipsec ike-group vpntunnel lifetime 28800
set vpn ipsec ike-group vpntunnel proposal 1
set vpn ipsec ike-group vpntunnel proposal 1 dh-group 5
set vpn ipsec ike-group vpntunnel proposal 1 encryption aes128
set vpn ipsec ike-group vpntunnel proposal 1 hash md5
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec nat-traversal disable
set vpn ipsec site-to-site peer 109.202.152.99
set vpn ipsec site-to-site peer 109.202.152.99 local-address 5.103.105.14
set vpn ipsec site-to-site peer 109.202.152.99 authentication mode pre-shared-secret
set vpn ipsec site-to-site peer 109.202.152.99 authentication pre-shared-secret XXXXXX
set vpn ipsec site-to-site peer 109.202.152.99 connection-type initiate
set vpn ipsec site-to-site peer 109.202.152.99 default-esp-group vpntunnel
set vpn ipsec site-to-site peer 109.202.152.99 ike-group vpntunnel
set vpn ipsec site-to-site peer 109.202.152.99 tunnel 1
set vpn ipsec site-to-site peer 109.202.152.99 tunnel 1 esp-group vpntunnel
set vpn ipsec site-to-site peer 109.202.152.99 tunnel 1 local prefix 172.20.1.0/24
set vpn ipsec site-to-site peer 109.202.152.99 tunnel 1 remote prefix 192.168.96.0/19
commit
save