I'm trying to allow passthrough VPN connection to my Windows 2008 server behind OpenWRT.
Right now, I have the following in my firewall.user, but it doesn't work:

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
iptables -A forwarding_wan -p esp -j ACCEPT
iptables -A forwarding_wan -p ah -j ACCEPT
iptables -A forwarding_wan -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A forwarding_wan -p udp --sport 4500 --dport 4500 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 500 -j DNAT --to
iptables -t nat -A prerouting_wan -p udp --dport 4500 -j DNAT --to

iptables -t nat -A postrouting_rule -p esp -j ACCEPT
iptables -t nat -A postrouting_rule -p ah -j ACCEPT

Is it even possible to run IPSec VPN server behind NAT with OpenWRT? If so, what am I missing.