Hi Astar,
Interesting, complicated at first. To be honest I had a bit of a hardtime to understand the traffic flow with the names and vlans, so please bare with me if I got it wrong:
So it seems this lab networks has:
2x Win7 PC
2x Wanos
2x pfSense
WAN is where the two pfSense machines connect back to back. So we can ignore this network, except if the physical vmnic0 connects to the same network as vmnic3.
Vlan 0 simulates one site: Win7, wanos0
Vlan 10 simulates another site: Win7-10, wanos10
The two sites (or vlans) are connected to each other via the WAN network.
LAN and MAIN means site one and site two, basically.
Ok got it
The problem is most likely to be the NAT rule if it is based on port 80. Most routers and firewalls can't NAT ip proto 108 IPComp and drops the packets. Traffic stops for a while while the one peer is 'up' and after 60 Seconds they timeout and you can get to the pfSense GUI again.
The methods to resolve it is to use one to one NAT, disable NAT, or set encapsulation under optimization settings to UDP (Encap needs to match on both ends).
Also after all is working you can add a bypass rule for the pfSense ip address so that it is possible to access the pfSense GUI while the peers are up.
Hope it helps, please let me know if we need to investigate further.