Also, in the release notes, security now depends on dhcp. Maybe having DHCP package disabled is causing the problem. You should remove all of those extra packages that you have disabled.
Sent from my Pixel 3 using Tapatalk
are you advertising the tunnel endpoint IPs via OSPF?!
check something like "redistribute connected routes" etc.