ARP with road warrior setup

[6502]

Hi,

I'm running OPNsense 22.7.6, want to use IPsec mobile clients and assign an unused IP address range from the LAN to them so they could act as "real" local LAN clients (I need this behavior for several reasons).

Works fine so far, the mobile clients are getting an IP address from the 'Virtual IPv4 Address Pool' (the unused local IP address range mentioned above). But the (reply) packets from hosts in my LAN to these clients cannot reach them. And I cannot change the routing at several devices of the LAN. So the idea is to use the farp plugin for libcharon that fakes the ARP responses (https://docs.strongswan.org/docs/5.9/plugins/farp.html).

I searched OPNsense up and down but I cannot find this plugin. Does anybody know how I could get it running on OPNsense (if possible at all)?

Otherwise my only options would be:

1) 'Interfaces' -> 'Virtual IPs' -> 'Proxy ARP' (I tried it and it works - but does it have any disadvantages compared with farp plugin?)
2) 'Firewall' -> 'NAT' - am I right? But to be honest: I would try to avoid NAT as long as I can ...
3) or maybe 'choparp' (did anybody use it on OPNsense?)

-> am I right?

Or any other idea how to solve this problem? Any help is much appreciated.

Thanks and kind regards