IPSec traffic not routed into tunnel

My problem is that although my IPSec tunnel connects properly, the packets destined to the tunnel endpoint are not routed into the tunnel (ER-X 1.9.0)

(fun fact: this config worked wonderfully until I rebooted the device. It IS possible that I forgot to save the config and lost something, but now I cannot figure out what the problem is)

Issue one: after reboot, the tunnel is not initiated, even though it should (not even if I try to ping the tunnel endpoint):

guyee@drpgw1:~$ show vpn ipsec sa
guyee@drpgw1:~$ show vpn ipsec policy
src 192.168.114.30/32 dst 192.168.114.25/32
        dir fwd priority 5891
        tmpl src x.y.z.101 dst 192.168.179.95
                proto esp reqid 1 mode tunnel
src 192.168.114.30/32 dst 192.168.114.25/32
        dir in priority 5891
        tmpl src x.y.z.101 dst 192.168.179.95
                proto esp reqid 1 mode tunnel
src 192.168.114.25/32 dst 192.168.114.30/32
        dir out priority 5891
        tmpl src 192.168.179.95 dst x.y.z.101
                proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
        socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket out priority 0
src ::/0 dst ::/0
        socket in priority 0
src ::/0 dst ::/0
        socket out priority 0
src ::/0 dst ::/0
        socket in priority 0
src ::/0 dst ::/0
        socket out priority 0

But clearing the ipsec-peer immediately brings the tunnel up:

guyee@drpgw1:~$ clear vpn ipsec-peer x.y.z.101
Resetting tunnel 0 with peer x.y.z.101...
guyee@drpgw1:~$ show vpn ipsec sa
peer-x.y.z.101-tunnel-0: #1, ESTABLISHED, IKEv2, 95eb682b8b5f30a4:69e8c15ec1120436
  local  'C=HU, L=Budapest, O=XXXXXXXX, OU=ICT, CN=drpgw1.xyz.xyz' @ 192.168.179.95
  remote 'fw2.xyz.xyz' @ x.y.z.101
  AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
  established 3s ago, rekeying in 6241s
  peer-x.y.z.101-tunnel-0: #1, INSTALLED, TUNNEL-in-UDP, ESP:AES_CBC-256/HMAC_SHA1_96
    installed 4 ago, rekeying in 2635s, expires in 3597s
    in  cd7d5e84,      0 bytes,     0 packets
    out 7204b632,      0 bytes,     0 packets
    local  192.168.114.25/32
    remote 192.168.114.30/32
guyee@drpgw1:~$ show vpn ipsec policy
src 192.168.114.30/32 dst 192.168.114.25/32
        dir fwd priority 2819
        tmpl src x.y.z.101 dst 192.168.179.95
                proto esp reqid 1 mode tunnel
src 192.168.114.30/32 dst 192.168.114.25/32
        dir in priority 2819
        tmpl src x.y.z.101 dst 192.168.179.95
                proto esp reqid 1 mode tunnel
src 192.168.114.25/32 dst 192.168.114.30/32
        dir out priority 2819
        tmpl src 192.168.179.95 dst x.y.z.101
                proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
        socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket out priority 0
src ::/0 dst ::/0
        socket in priority 0
src ::/0 dst ::/0
        socket out priority 0
src ::/0 dst ::/0
        socket in priority 0
src ::/0 dst ::/0
        socket out priority 0

Issue 2: pinging the endpoint:

guyee@drpgw1:~$ ping 192.168.114.30
PING 192.168.114.30 (192.168.114.30) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Net Unreachable
From 10.0.0.1 icmp_seq=2 Destination Net Unreachable
From 10.0.0.1 icmp_seq=3 Destination Net Unreachable
From 10.0.0.1 icmp_seq=4 Destination Net Unreachable
^C
--- 192.168.114.30 ping statistics ---
8 packets transmitted, 0 received, +4 errors, 100% packet loss, time 7030ms

10.0.0.1 is my ISP's PPPOE endpoint (reachable via default route, terminated by an other router), so the packet shouldn't even get there, it should've been routed into the tunnel.

And the SA shows that there were no egress traffic in the tunnel (ingress OSPF hellos arrive properly):

guyee@drpgw1:~$ show vpn ipsec sa
peer-x.y.z.101-tunnel-0: #1, ESTABLISHED, IKEv2, 95eb682b8b5f30a4:69e8c15ec1120436
  local  'C=HU, L=Budapest, O=XXXXXXXX, OU=ICT, CN=drpgw1.xyz.xyz' @ 192.168.179.95
  remote 'fw2.xyz.xyz' @ x.y.z.101
  AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
  established 424s ago, rekeying in 5820s
  peer-x.y.z.101-tunnel-0: #1, INSTALLED, TUNNEL-in-UDP, ESP:AES_CBC-256/HMAC_SHA1_96
    installed 425 ago, rekeying in 2214s, expires in 3176s
    in  cd7d5e84,   4900 bytes,    49 packets,     3s ago
    out 7204b632,      0 bytes,     0 packets
    local  192.168.114.25/32
    remote 192.168.114.30/32

My routing table is:

guyee@drpgw1:~$ show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "default"
S    *> 0.0.0.0/0 [210/0] via 192.168.179.1, eth0
C    *> 127.0.0.0/8 is directly connected, lo
C    *> 192.168.114.32/29 is directly connected, tun0
C    *> 192.168.179.0/24 is directly connected, eth0
C    *> 192.168.210.0/24 is directly connected, switch0

Anyone experienced similar behavior before?