yes the mss rule is still necessary
on the contrary, enabling or disabling the additional ipsec policy "action=none dst-address=192.168.11.0/24 src-address=0.0.0.0/0" had no visible effect
In my case it does matter.It doesn't matter how hot it feels. The hardware can handle it and will work fine.