I have noticed, that when you create a new site to site IPsec VPN tunnel, it simply will not become active.
I have done a reasonable amount of diagnostics and my finding is this:
If you create or modify a firewall rule or alias and save, thereby reloading the firewall rules, the site to site VPN tunnel will then come up.
Whats going on?
I think when you press save on the new IPsec tunnel, the OPNsense is not immediately updating the hidden IPsec allow rules on the WAN interface and/or not reloading the firewall rules and therefore IPsec traffic is blocked until a firewall rules reload is manually done.
DEV any comments?
The way to address the developers with a way higher probability of receiving an answer is to open an issue on github. This is the community forum where users try to help each other out. Yes, Franco is joining in occasionally, but please with such a precise diagnose for a possible bug already - please create an issue.