Hi Karl,
I am running GENERIC on the gateway as the docs say that's now ok; I used to run a custom kernel for other reasons (mostly PPS which I don't use anymore as I no longer have a local NTP clock) and the only material difference I can see is that the 12.2-STABLE custom kernel has the "enc" driver included in it ("device enc") while GENERIC does not.
Not sure if that driver is necessary or only required to do advanced filtering. You should definitely check if the kernel includes the following options (or if you can kldload a module that provides them):
options IPSEC device crypto # also needed because the Android app requires UDP encapsulation options IPSEC_NAT_T Regards, Tobias
