Command completion text is misleading compared to the underlying config generated for IPSec:

set vpn ipsec site-to-site peer x.x.x.x connection-type [tab]
Possible completions:
initiate This endpoint can initiate or respond to a connection
respond This endpoint will only respond to a connection

initiate results in auto=start in /etc/ipsec.conf
respond results in auto=route in /etc/ipsec.conf

The wiki page for this in strongswan states:

auto = ignore | add | route | start
what operation, if any, should be done automatically at IPsec startup. add loads a connection without
starting it. route loads a connection and installs kernel traps. If traffic is detected between
leftsubnet and rightsubnet, a connection is established. start loads a connection and brings
it up immediately. ignore ignores the connection. This is equal to deleting a connection from the config
file. Relevant only locally, other end need not agree on it.

At a minimum, the completion help text needs to be updated to reflect actual behavior.

From a config perspetive, it seems that the /etc/ipsec.conf file should end up with auto=add for "respond".

Adding a new 3rd connection-type of on-demand (or similar) that sets auto=route would then complete the available options in /etc/ipsec.conf

The EdgeOS forums have a thread (https://community.ubnt.com/t5/EdgeRouter-Beta/IPSec-connection-type-initiate-not-working/td-p/1399870) that's reporting the same background info with the same suggestions. I'm copying/documenting it here as I think the config commands should match actual function.