IPsec VPN tunnel for mobile clients doesn't route through transparent squid

  • Dear pfSense gods - I hope you hear this outcry for help.

    •LAN Net is
    •I have a IPsec tunnel with IKEv2 running. Clients get virtual IPs in
    •Squid is successfully set up for transparent mode with SSL interception and SSL man-in-the-middle for all LAN traffic
    •All connections from LAN get neatly proxied via squid

    but I can't find any solution for our road warrior's traffic to get transparently proxied. They can manually use the proxy and then everything works, but I need this to work without manual configuration of the clients (other than accepting the self signed CA root cert).

    I tried NAT port redirection, but this didn't work. Is there a clean solution out there for this? Any help and hint is very much appreciated….

    Thank you guys and pfSense gods in advance :D