Hi, May be my last comment on that topic. Everything with UDP und ipsec leads to RFC 3948, the workaround for IPv4 and NAT. But for some reasons esp-pakets are also blocked by some ISP via IPv6. One of the questions was if linux supports udp encapsulation. I am not sure, if my thoughts complete nonsense.
https://people.netfilter.org/pablo/netdev0.1/papers/UDP-Encapsulation-in-Linux.pdf https://www.netdevconf.org/0.1/docs/herbert-UDP-Encapsulation-Linux.pdf may also useful for ipsec(ESP/AH) over udp over ipv6. If only used in manual configurations or also automated with free/libre/ strongSwan-forks. I don't know. Regards, Thomas
