Hey guys, it seems like a simple rule to dst-nat UDP 500 traffic does not work. I can dst-nat udp 161 no problem, but when I change the rule to 500 and send a UDP packet, the packet just seems to get absorbed by the router.

Packet captures show the UDP 500 packet come in to the public interface but not go out the private interface.
UDP 161 packets are passed and natted as appropriate.

I am using v5.26 on x86.

I assume there is some sort of kernel hook for UDP 500 traffic for IPSEC?? That I can't seem to turn off??? I tried un-installing the security package but it made no difference. I tried resetting the configuration and still no luck.

Anyone have any ideas?? Is there a way to get a custom kernel package that does not have IPSEC? Is it possible to make a patch that disables this behaviour?

I am trying to replace my crappy Cisco DPC3825 cable modem with a Mikrotik, but I need to be able to keep my Juniper IKEv2 working which is currently configured behind NAT using the router's DMZ and IPSEC passthrough features. It does not support static routes, but supports the required ability to NAT packets. Mikrotik does not support IKEv2

Ahhhh nvrm it seems it's working after upgrading to 6.4