i'd like to implement a ipsec connection between two clients behind nat,
thanks to nat traversal on both parts.
The man of setkey says taht we can change the udp port used for nat
When NAT-T is enabled in the kernel, policy matching for ESP over UDP
packets may be done on endpoint addresses and port (this depends on the
system. System that do not perform the port check cannot support multiple
endpoints behind the same NAT). When using ESP over UDP, you can specify
port numbers in the endpoint addresses to get the correct matching. Here is
spdadd 10.0.11.0/24[any] 10.0.11.33/32[any] any -P out ipsec
I'd like to do so, in order to be able to have several ipsec endpoints
behind a same nat. I will do port forwarding on the router/nat.
But I'm not able able to make it works. Even if I change the destination
port to 30000, the udp packets still go to port 4500.
Does someone can help me to understand how to change the udp port?