Assistance with OPNsense IPSec VPN Site-to-Site Configuration

[NewbieAtOpnSense]

Hi Everyone,

This is my first time using OPNsense, and I am currently setting up an IPSec VPN Site-to-Site connection. Unfortunately, I'm encountering an issue where the peers are not connecting. The error message is as follows:

```
13[IKE] <con1|6> sending retransmit 1 of request message ID 0, seq 1 
13[NET] <con1|6> sending packet: from 192.168.20.2[500] to 211.XXX.XXX.XXX[500] (180 bytes) 
13[ENC] <con1|6> generating ID_PROT request 0 [ SA V V V V V ] 
13[IKE] <con1|6> initiating Main Mode IKE_SA con1[6] to 211.XXX.XXX.XXX
```
I have followed this documentation for this configuration. This is the link: https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html

The HQ and Branch are using different ISPs. I have verified with both providers that there is no port blocking on their end. I've successfully traced and pinged each side, and ICMP is allowed on the WAN interface.

HQ - OPNsense 23.10.2-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w

Branch - OPNsense 24.4.1_3-amd64
FreeBSD 13.2-RELEASE-p12
OpenSSL 3.0.14

**Network Configuration:**

- **Branch**
  - Public IP: 180.XXX.XXX.XXX
  - DMZ: 192.168.20.1
  - WAN Interface (OPNsense): 192.168.20.2
  - LAN: 192.168.30.1

- **HQ**
  - Public IP: 211.XXX.XXX.XXX
  - DMZ: 192.168.0.1
  - WAN Interface (OPNsense): 192.168.0.2
  - LAN: 192.168.1.1

**Firewall Rules Configured:**

- Allowed on WAN for both sides:
  - IPv4 ESP
  - IPv4 ISAKMP (500)
  - IPv4 NAT-T (4500)

I have also configured port forwarding for ESP, ISAKMP, and NAT-T under **Firewall > NAT > Port Forward**. However, when using external tools like canyouseeme.org, ports 500 and 4500 appear to be closed.

I'm seeking advice on whether there are any steps I might have overlooked or misconfigured. Any insights or suggestions from the community would be greatly appreciated.

Thank you.