I think i figured it out the cause.
https://www.netgate.com/blog/state-policy-default-change
So to add a bit more color i have two VPNs.
Wireguard - Stable
IPsec VPN - Unstable
Checking logging for the past few hours i noticed the blocks started occurring after the upgrade.
89ed45e3-c2b4-4883-9afd-60eb81ca48ee-image.png
I am pretty confident that i have data showing this to be a post upgrade issue. Now the question is why.
Digging through the changes i noticed the bit about the firewall policy changes.
It still isn't clear to me WHY these two types of VPNs have different reactions to the state policy change introduced but there you have it.
I have updated the policy specifically for a rule i created permitting BGP across the tunnel and under Advanced there is the setting to adjust.
I feel this needs a redmine but not sure. @stephenw10 what do you think?