Improve handling of clients behind NAT

When a client is behind a NAT it is often observable for it to lose the UDP channel port association. In that case the client's stream comes from the same IP but different port. As the new stream carries no identifying information, it is not possible for ocserv to distinguish streams from multiple clients behind the same IP. That results to the client losing its connection stream for long time, until a timeout, or something else (e.g., reconnection) occurs. We should improve that situation, and allow identifying clients behind such NATs.

Possible options:

• Utilize all the available information in unknown streams (i.e., record sequence numbers as in !12 (closed))
• Rely on a TLS extension such as: https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-07
• Negotiate within the openconnect protocol something similar to CID above, and prepend identifying information to UDP packets.