Looks like the solution is simpeler than expected
On the fritzbox side choose connect to another fritzbox.
On the srx
edit security ike
policy fb-test {
mode aggressive;
proposal-set compatible;
pre-shared-key ascii-text "the pre-shared-key"; ## SECRET-DATA
}
gateway fb-test {
ike-policy fb-test;
address ip-of-the-fritzbox;
external-interface ge-0/0/0;
version v1-only;
}
edit security ipsec
proposal fritzbox {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
lifetime-seconds 3600;
}
policy fb-test {
perfect-forward-secrecy {
keys group2;
}
proposals fritzbox;
}
vpn fb-test {
bind-interface st0.1;
ike {
gateway fb-test;
ipsec-policy fb-test;
}
establish-tunnels immediately;
}