Anyone have the NEW portal Azure working with UTM 9.403?

Question

I have gone through countless threads over the past 10 days with no luck; the Classic portal setup works for me but not the NEW azure portal setup. 
 I have tried both Initiate and response, mostly initiate. My current policy setting is: 
 Compression off, not using strict policy. IKE Settings: AES 128 / SHA1 / Group 2: MODP 1024 Lifetime: 28800 seconds IPsec Settings: AES 128 / SHA1 / Null (None) Lifetime: 3600 seconds 
 The error I keep getting is: 
 2016:06:08-10:40:30 asl ipsec_starter[14412]: Starting strongSwan 4.4.1git20100610 IPsec [starter]... 2016:06:08-10:40:30 asl pluto[14426]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS 2016:06:08-10:40:30 asl pluto[14426]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve 2016:06:08-10:40:30 asl pluto[14426]: including NAT-Traversal patch (Version 0.6c) 2016:06:08-10:40:30 asl pluto[14426]: Using Linux 2.6 IPsec interface code 2016:06:08-10:40:30 asl ipsec_starter[14418]: pluto (14426) started after 40 ms 2016:06:08-10:40:31 asl pluto[14426]: loading ca certificates from '/etc/ipsec.d/cacerts' 2016:06:08-10:40:31 asl pluto[14426]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem' 2016:06:08-10:40:31 asl pluto[14426]: loading aa certificates from '/etc/ipsec.d/aacerts' 2016:06:08-10:40:31 asl pluto[14426]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts' 2016:06:08-10:40:31 asl pluto[14426]: Changing to directory '/etc/ipsec.d/crls' 2016:06:08-10:40:31 asl pluto[14426]: loading attribute certificates from '/etc/ipsec.d/acerts' 2016:06:08-10:40:31 asl pluto[14426]: adding interface ppp1/ppp1 10.3.5.1:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface ppp1/ppp1 10.3.5.1:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth4.2/eth4.2 10.4.0.1:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth4.2/eth4.2 10.4.0.1:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth2/eth2 10.5.0.1:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth2/eth2 10.5.0.1:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.27:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.27:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.26:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.26:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.28:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.28:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.25:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.25:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.18:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth1/eth1 xx.xxx.56.18:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth0/eth0 10.2.0.1:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface eth0/eth0 10.2.0.1:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface lo/lo 127.0.0.1:500 2016:06:08-10:40:31 asl pluto[14426]: adding interface lo/lo 127.0.0.1:4500 2016:06:08-10:40:31 asl pluto[14426]: adding interface lo/lo ::1:500 2016:06:08-10:40:31 asl pluto[14426]: loading secrets from "/etc/ipsec.secrets" 2016:06:08-10:40:31 asl pluto[14426]: loaded PSK secret for xx.xxx.56.18 xx.xx.88.90 2016:06:08-10:40:31 asl pluto[14426]: listening for IKE messages 2016:06:08-10:40:31 asl pluto[14426]: added connection description "S_to MS Azure" 2016:06:08-10:40:31 asl pluto[14426]: "S_to MS Azure" #1: initiating Main Mode 2016:06:08-10:40:31 asl pluto[14426]: packet from xx.xx.88.90:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 2016:06:08-10:40:41 asl pluto[14426]: packet from xx.xx.88.90:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN 
 
 Since the setup is fairly self-explanatory for the Connection tab and Remote Gateway tab, I feel the problem is with the policy - but none of the policy settings I have seen in the threads work for me to get a green light. I am running a super simple 8-digit numeral pre-share key too. 
 Any assistance would be greatly appreciated.

IanHardie · Accepted Answer

Nick offers some good suggestions above... 
 My first mistake was not being careful about setting up the gateway, I had re-created the gateway so many times I forgot to pay attention to the VPN type, which should be policy based (for UTM 9.4). Then the next resolution was the actual policy setup inside UTM. Here is my current working setting: 
 IKE Settings: AES 256 / SHA1 / Group 2: MODP 1024 Lifetime: 28800 seconds; IPsec Settings: AES 256 / SHA1 / Null (None) Lifetime: 3600 seconds 
 Compression off, not using strict policy. 
 I turned off DPD (Advanced tab). 
 I also referred to this link for assistance: https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpn-devices/ 
 It references the IKEv1 and IKEv2 policies for both policy and route-based setups.

balletbob · Answer

In case anyone is still having problems, have a look at this article. It's a fantastic writeup and worked for me for 9.5.

Nlogan · Answer

I just worked through this issue with one of my customers. You need to create a Policy Route when you first start creating the Azure VPN. The Policy Route uses IKEv1, which is the only version the UTM 9.4 supports. IKEv2 has been a requested feature for a couple years now, but not yet been implemented. Also, Azure appears to want to be the initiator, so be sure to configure everything for that direction, go to advanced and check "sniff at prshared keys" or something similar, if needed. 
 Nick