pfSense

2) Because of filter_get_vpns_list() returns not only IPsec networks, IPsec MSS clamping option will affect unnecessary VPN types.

There are some people who rely on that behavior, so if it is altered, a means must be added to cover the other cases separately or to preserve the current behavior.

It is probably better to have a different setting for each type of VPN since they may have a different desired MSS value due to differences in overhead for each protocol. If we go that route, however, there should be a master setting to cover all VPNs with the current value.

This fix allows you to select for which VPN types / IP proto do MSS clamping:
https://github.com/pfsense/pfsense/pull/4299

it also allow to resolve https://redmine.pfsense.org/issues/8013

+ I think it would be better to split "Advanced Firewall” to “Advanced Firewall” and “Packet Processing” sections:

Advanced Firewall:
Disable Firewall
Static route filtering
Disable Auto-added VPN rules
Disable reply-to
Disable Negate rules
Allow APIPA
Aliases Hostnames Resolve Interval
Check certificate of aliases URLs

Packet Processing:
IP Do-Not-Fragment compatibility
IP Random id generation
Firewall Optimization Options
VPN MSS Clamping
Disable Firewall Scrub
Firewall Adaptive Timeouts
Firewall Maximum States
Firewall Maximum Table Entries
Firewall Maximum Fragment Entries

it can also reduce the scope of #7815