IPsec questions

[atom]

Hello,

I still have two questions of understanding:

1.)  Why do I always get the following error messages in the IPsec log when using VTI ? I do not get any messages on the remote site.

<snip>
Sep 24 11:59:34 opnsense charon[73787]: 09[KNL] <con1|20> querying policy 0.0.0.0/0 === 0.0.0.0.0/0 in failed, not found
Sep 24 11:59:34 opnsense charon [73787]: 09 [KNL] <con1|20> querying policy 0.0.0.0/0 === 0.0.0.0.0/0 out failed, not found
</snip>

2.)  Why is it that when using Let's Encrypt and IPsec with PSK ( without certificates )
    a) Is the file chain.pem copied from the acme-cacerts directory to the ipsec-cacerts directory ?
    b) Is this certificate sent to the remote peer despite the use of PSK ?
   
<snip>   
Sep 24 11:59:37 opnsense charon[73787]: 10[IKE] <22> sending cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
</snip>


Many greetings,
atom

Translated with www.DeepL.com/Translator (free version)