add 2 /32 routes, so traffic to ipsec peer addresses (203.0.113.2 and 203.0.113.3 in example) will use gateway of WAN1 / WAN2 respectively.
And enable ipsec on both wan interfaces, instead of only eth0 in example
Both authentication id and local-address should specify vyos WAN IP used for the tunnel.
Why does example use 10.10.0.5 for local-address ?? I’d use vyos WAN IP 198.51.100.3