I worked around the problem in this particular setup by using Routed (VTI) in the child SA. This was possible because there are pfSense on both sides.
When using other VPN gateways, sometimes I can't use routed IPsec SA and then it would be nice when GRE over IPsec would just work.
Kind regards,
Mathias