Nice to see @jens9 you "solved" your issue, dont'worry about my psk, I regenerate it periodically 🚪
MY vpn in truth is pfSense to pfSense, and so is very interesting about your ipsec configuration discovery, you have check this kind of behavior, and top of all, opnSense might to be working fine , better than pfSense do. Lool!
Hope in meantime some developers like @jimp looks at this stranger thing about dealing with ipsec internals.
Best regards.