Hello
more details today.
I find a workaround :
First step, disable all P1 ipsec configuration on each firewall.
Second step: changing the lifetime P1 to 1 year (31536000)
Enable conf Site1-Site2 on hardware 1
Enable conf Site1-Site2 on hardware 2
Connection autostart OK.
Enable conf Site1-Site3 on hardware 3
Disable conf Site1-Site2 on hardware 1 => not closing actual connection !! let it working even if you disable configuration
Enable conf Site1-Site3 on hardware 1
Connection autostart OK.
Enable conf Site1-Site2 on hardware 1
Now the 2 tunnels are ON on hardware 1
=> made the same strategy on 2 others firewall , all tunnels working now ...
not clean, but working since 20 hours now.
Take care
=> if 1 connexion down, (manually or because "lifetime parameter", you have to make same step manually again)
Analysis
All my tests show me that version 2.4.5-1 (initial install 2.4.4-p2, upgraded 2.4.4p3 few months ago) isn't able to work with more than 1 tunnel.
If you have more than 1 tunnel configuration enable on a firewall, pfsense can't establish the second tunnel :
Hardware1
Hardware2 Site1-Site2 conf enable Site2-Site3 conf disable
Hardware3 Site1-Site3 conf enable Site2-Site3 conf disable
=> in this case, hardware2 and 3 have only 1 tunnel enable, but as hardware1 has two, only 1 tunnel can be establish.
as soon you have more than 1 tunnel configuration enable, system can't establish connection. The main idea is to disable conf from a tunnel already open, it allow pfsense to open second tunnel.
=> not very clean but working.
I will try to send this bug to dev.
Best regards