[Openswan Users] strange behavior, need advice

[jarek]

hello list!

I have an openswan gateway with a static public ip
and a user behind nat

user-------------------nat-router--------------------------openswan-router------------------------host
192.168.5.180-----192.168.5.1/x.x.x.x-public-ip======195.4.xx.xx/192.168.0.0/24-------192.168.0.142/32
============================tunnel===============================

192.168.5.180[C=DE, O=xx]---192.168.5.1...195.4.xx.xx[C=DE,
O=xx]===192.168.0.0/24

when I ping the host from users pc ping doesnt answer, but tcpdump shows
packets arraving on users pc:

IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17),
length: 160) 192.168.5.180.4500 > 195.4.xx.xx.4500: UDP-encap:
ESP(spi=0x96259ae9,seq=0x42), length 132

IP (tos 0x0, ttl  49, id 18001, offset 0, flags [none], proto: UDP (17),
length: 160) 195.4.xx.xx.4500 > 192.168.5.180.4500: UDP-encap:
ESP(spi=0x0c0721e4,seq=0x4a), length 132

IP (tos 0x0, ttl  63, id 21405, offset 0, flags [none], proto: ICMP (1),
length: 84) 192.168.0.142 > 192.168.5.180: ICMP echo reply, id 47387,
seq 60, length 64

the firewall is down on the users pc

system is:
uname -a = Linux notbock 2.6.13.1-1.1 #2 Mon Sep 12 21:16:41 CEST 2005
i686 GNU/Linux

openswn is:
Linux Openswan U2.3.1/K2.6.13.1-1.1 (netkey)

so why does ping not receive the answer packets?

regards

jaroslaw