FR: Will OPNsense adopt the new Endpoint-Independent NAT Patch?

[TheDragon]

As per the title really, I was reading that Tailscale sponsored a NAT Implementation in FreeBSD, which has made its way into pfSense - https://tailscale.com/blog/nat-traversal-improvements-pt-1#sponsoring-freebsds-endpoint-independent-nat-patch

This seems like a really useful compromise, which I imagine would be fairly popular.

For clarity I'm not seeking timelines or anything - I'm purely seeking clarity on whether its on the roadmap and/or whether any maintainers would be likely to be interested in implementing it in OPNsense?

[cdine]

Just replying to also voice my desire and support of this feature.

The Tailscale team has done some great work with this upstream in FreeBSD/pf with the FreeBSD Foundation's support. They called out OPNSense by name, so I do hope this makes its way in to OPNSense once it makes its way in to FreeBSD stable. From the looks of things, it is not yet there - see discussion in the review link below.

There appears to have also been an issue opened in the OPNSense repo asking for support of this, but it was auto-closed.

Links:

• Review thread with (well, sort of) recent discussion: https://reviews.freebsd.org/D11137
• Parent bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219803
• Project page for the work: https://www.freebsd.org/status/report-2024-07-2024-09/eim-nat/
• Tailscale blog post about the work as shared by TheDragon: https://www.freebsd.org/status/report-2024-07-2024-09/eim-nat/
• OPNSense GitHub issue asking for support of this feature: https://github.com/opnsense/core/issues/8384

[Monviech (Cedrik)]

Reading the reviews link it does not seem like that commit is in FreeBSD 14. Which means this will not hit the OPNsense kernel for a while if its not backported. So this looks more like it takes well into 2026-27 and FreeBSD 15 based OPNsense.