On 2025-04-18, TSS <t...@mg-1.uk> wrote: > But also, I don't really want to modify the binary or have my own version > of xl2tpd that I compile from source. I know I was concerned about speed > earlier, but I can accept a little bit of pf delay for the convenience of > running stock code that someone else maintains.
If you're using the same tunnel IDs on both hosts behind the single NATted IP, the other side will have no way to distinguish between them other than the source port. However, source port for UDP behind NAT is not too reliable, if there's no traffic for a while the NAT mapping could be dropped, so it wouldn't be particularly unreasonable for the other side to ignore port numbers and just look at the IP / tunnel ID combo... -- Please keep replies on the mailing list.
