What NAT type are your users reporting on real-time applications such as gaming? While yes, the implementation here “functions”, online matchmaking capabilities are reduced for users due to NAT type being too strict. This is a direct result of not having endpoint independent filtering support in the VyOS NAT implementation.
I encourage you to check your NAT types and follow closely to user reports of limited matchmaking opportunities, higher gaming latency due to having to expand the match making search radius, and voice chat capabilities.