not sure if im supposed to manually create an SA for the bearer traffic (between 192.168.0.0/22 and 192.168.255.0/24) to go along with the SA I created between the BGP peer IPs?
I noticed I was not getting any encrypted traffic out my wan interface when trying to ping from 192.168.0.0/22 to 192.168.255.0/24, so I did add an additional SA between 192.168.0.0/22 and 192.168.255.0/24 in pfsense, and now I do see encrypted traffic when I ping, but still no routes in netstat -nr, so this leaves me a bit concerned as to whether/not Ill have good BGP routing resilience in the first place...