@werter вообще-то упомянул, но не суть. В принципе тему можно закрывать, я нашел выход насчет арп записей и статических маршрутов. Просто добавить основной маршрутизатор в арп

How are the two networks connected now? You can't send traffic through a gateway in another subnet like that. You need some kind of transit network. For example, if it's a dedicated circuit, you'd have that plugged into an additional NIC (or VLAN) on both pfSense firewalls, and then you'd have some other unrelated subnet to talk between them there. Then you use the address in that subnet as a gateway to reach the other.

If you have your LANs plugged together so they're all in the same Layer 2/flat network that is going to be a huge mess.

I had this same issue and what worked for me is creating a floating rule on the downstream PfSense to allow WAN to LAN connections. YMMW.

What is the point of this? Your wanting to load share to 2 different vpn connections off the same physical interface? And the same TUN interface as well?

Have no clue to what is the use case here... What is the point of the complexity - what does it get you? Your worried that r44 or r45 go down? What is the point of the loadsharing across the connection..

NHRP - with just the 2 connections.. With GRE and IPsec involved as well??

Is this some sort of class work - seems like nonsense waste of time, I see no real world application here. And down the rabbit hole we go...