Please note, I’m not talking about TCP or UDP traffic. Rather IP traffic with the protocol ids of 50 and 51.
The point of this being that I can then pass IPsec traffic thru to the internal machine where it would act as the VPN terminator.
Another option is to set the endpoint as the “DMZ host” in DD-WRT. This will pass and masquerade all traffic, including your exotic protocols.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.