Some of my customers want to use my application to encrypt video to a public IP. The problem is some routers have been configure to block most protocols except TCP taffic. So I want to explore other ways I can identify packets that I have changed/encrypted. The routers that I am dealing with seem to drop packets that have a protocol that they do not identify. I believe having an option to place an identifier in the options will allow me to make my application more robust. If there are yet better options out there to accomplish the same goal of identifying packets that I modify, please tell me about it. I do realize that using a common protocol like IPSEC may get me through the router, but it may confuse traffic as well. My encryption solution is disruptive and does not fall into the normal encryption schema.
I currently insert my special header into the packet, so all the information needed to decrypt the packet is already there. I currently change the protocol from 6 to 99 so that I can identify packets that I have changed.