I am using two Teltonika RUT955 routers with IPsec (Strongswan) built in. For testing I have a cable running from WAN to WAN with static IPs in both routers at 172.16.1.1 and 172.16.1.2. I have the tunnel up and working with the internal RS232 com port built into the RUT955 sending ESP packets from router to router, bidirectional communications. I have a network tap on all connections of the router, WAN/WAN and LAN/PC from both routers so I can monitor all traffic in the mock-up network. I can ping from PC on Router one LAN port (192.168.4.1/24) to the other PC that is connected to the LAN port of the second router (192.168.5.1/24). Both PC's have static IPs in the same subnet (192.168.4.3/24 and 192.168.5.3/24 respectively)
Typical use of my issue, I have a machine that is designed to talk to a topside computer using UDP packets running through a port in the router (50345). In a normal scenario, the PC and the machine would be connected to the same routers LAN ports, so same private network with open subnets/16 on both machine/PC. when the PC wants to talk to the machine, the PC will send a UDP packet to 255.255.255.255 port 50345 to the LAN port of the router, if the machine is on the network and hears the UDP packet/port, the machine will start to send health data back to the PC using UDP packets and port 50345, the connection would be created, UDP packets would be flying back and forth. The PC can talk to the machine and the machine can talk to the PC using the UDP packets.
So the issue is, how do I send these UDP packets with port through the WAN/IPsec tunnel, so PC on Router ones LAN and the machine on Router 2s LAN. I have attempted to port forward with no success. I have forwarded the 50345 port through port 4500 of the WAN(172.16.1.1 - 172.16.1.2), IPsec tunnel, with success, meaning I can see the port 50345 being sent through the LAN, then be encapsulated into an ESP packet at port 4500, but once it gets to router two (172.16.1.2), it does not get decapsulated and sent to the LAN port, so the machine can not see the UDP packet. My assumption is, whatever I do to router two so the machine can see the UDP packet, I must do to the other router for bidirectional communications.
TLDR; I am trying to send UDP packets through an IPsec tunnel using port forwarding, the packets are getting encapsulated and send through the IPsec tunnel, but not being forwarded to the LAN port with the original port of 50345. Need to find a way to complete the transfer of data.
