Hello,
Thread necromancer here with the same question.
I have successfully followed this guide: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html#Create_Client_Pre-Shared_Keys, and have had an IKEv2 P1 setup for years.
I have a segmented network and allowing LAN access to loop back to the WAN interface was creating odd exceptions that allow a LAN user to have access to services that would be blocked by normal WAN rules, so I explicitly block LAN to WAN_address from a floating rule.
I now want to allow IKEv2 from LAN into secure segments but I can only bind my P1 to one interface. No worries. I got to setup a second P1 on accessible interface and run into the same thing as the OP. I presented with a 'remote gateway address' option and no EAP options. It's as if pfSense is presuming any additional P1 are always going to be a client as a oppose to the already created server.
I may be thinking about this wrong, any help appreciated.