Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec questions
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPsec questions (Read 4467 times)
atom
Full Member
Posts: 207
Karma: 4
IPsec questions
«
on:
September 24, 2020, 12:28:49 pm »
Hello,
I still have two questions of understanding:
1.) Why do I always get the following error messages in the IPsec log when using VTI ? I do not get any messages on the remote site.
<snip>
Sep 24 11:59:34 opnsense charon[73787]: 09[KNL] <con1|20> querying policy 0.0.0.0/0 === 0.0.0.0.0/0 in failed, not found
Sep 24 11:59:34 opnsense charon [73787]: 09 [KNL] <con1|20> querying policy 0.0.0.0/0 === 0.0.0.0.0/0 out failed, not found
</snip>
2.) Why is it that when using Let's Encrypt and IPsec with PSK ( without certificates )
a) Is the file chain.pem copied from the acme-cacerts directory to the ipsec-cacerts directory ?
b) Is this certificate sent to the remote peer despite the use of PSK ?
<snip>
Sep 24 11:59:37 opnsense charon[73787]: 10[IKE] <22> sending cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
</snip>
Many greetings,
atom
Translated with
www.DeepL.com/Translator
(free version)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec questions