This config item is a continuous source of confusion and misconfigurations, and it is understandable. While CLI says this:

vyos@vyos# set vpn ipsec site-to-site peer PEER_NAME connection-type 
Possible completions:
   initiate             Bring the connection up immediately
   respond              Wait for the peer to initiate the connection
   none                 Load the connection only

The respond actually does not do what is noted in the description: https://github.com/vyos/vyos-1x/blob/22c6a817faee11ef97bb33a5431d7467b683c2e6/data/templates/ipsec/swanctl/peer.j2#L96-L97

In a pair of IPSec peers, to avoid SA duplication, one must keep silent and the other attempt to connect. With the initiate / respond pair, one peer will actively try to initiate a connection, and another will be silent, but only if there is no traffic that matches a traffic selector for a peer. If such traffic occurs, it will try to connect as well.

The risk is relatively low, but if this happens, such peers may loop into an endless renegotiation process. We see such cases at least 5-10 times a year. So the problem is real.

To avoid confusion, I suggest:

1. Rename respond to trap and fix the description.
2. Migrate all respond to none, so the system does what is configured in the CLI.