Hello,
I still have two questions of understanding:
1.) Why do I always get the following error messages in the IPsec log when using VTI ? I do not get any messages on the remote site.
<snip>
Sep 24 11:59:34 opnsense charon[73787]: 09[KNL] <con1|20> querying policy 0.0.0.0/0 === 0.0.0.0.0/0 in failed, not found
Sep 24 11:59:34 opnsense charon [73787]: 09 [KNL] <con1|20> querying policy 0.0.0.0/0 === 0.0.0.0.0/0 out failed, not found
</snip>
2.) Why is it that when using Let's Encrypt and IPsec with PSK ( without certificates )
a) Is the file chain.pem copied from the acme-cacerts directory to the ipsec-cacerts directory ?
b) Is this certificate sent to the remote peer despite the use of PSK ?
<snip>
Sep 24 11:59:37 opnsense charon[73787]: 10[IKE] <22> sending cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
</snip>
Many greetings,
atom
Translated with www.DeepL.com/Translator (free version)