on my end I haven't found a fix and chose to focus and migrate to opnsense for multiple reasons:
- DUID settings are just ignored. Either through the interface or the config file. So no IPv6 will eventually be an issue.
- I had to cron an interface restart to get rid of the renew issue. no firewall tagging rule would solve the problem.
- netgate general approach to maintenance of pfsense community edition... release 2.7 is really too late.
everything worked out of the box (configuration was prepared before actual migration).