2 files changed, 11 insertions, 9 deletions

diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index c2b073418..8ab5a8cf3 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -534,6 +534,15 @@ static int open_socket(private_socket_default_socket_t *this,
 	{
 		DBG1(DBG_NET, "installing IKE bypass policy failed");
 	}
+
+	/* enable UDP decapsulation for NAT-T sockets */
+	if (port == &this->natt &&
+		!hydra->kernel_interface->enable_udp_decap(hydra->kernel_interface,
+												   skt, family, this->natt))
+	{
+		DBG1(DBG_NET, "enabling UDP decapsulation failed");
+	}
+
 	return skt;
 }
 
@@ -630,13 +639,6 @@ socket_default_socket_t *socket_default_socket_create()
 		return NULL;
 	}
 
-	/* enable UDP decapsulation globally, only for one socket needed */
-	if (!hydra->kernel_interface->enable_udp_decap(hydra->kernel_interface,
-							this->ipv6_natt ?: this->ipv4_natt,
-							this->ipv6_natt ? AF_INET6 : AF_INET, this->natt))
-	{
-		DBG1(DBG_NET, "enabling UDP decapsulation failed");
-	}
 	return &this->public;
 }
 
diff --git a/src/libcharon/plugins/socket_raw/socket_raw_socket.c b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
index 1b3c9e126..e6d1e4d2f 100644
--- a/src/libcharon/plugins/socket_raw/socket_raw_socket.c
+++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
@@ -459,8 +459,8 @@ static int open_send_socket(private_socket_raw_socket_t *this,
 		DBG1(DBG_NET, "installing bypass policy on send socket failed");
 	}
 
-	/* enable UDP decapsulation globally, only for one socket needed */
-	if (family == AF_INET && port == CHARON_NATT_PORT &&
+	/* enable UDP decapsulation for NAT-T sockets */
+	if (port == CHARON_NATT_PORT &&
 		!hydra->kernel_interface->enable_udp_decap(hydra->kernel_interface,
 												   skt, family, port))
 	{