This „bug“ was driving me nuts for 3 days. I saw with tcpdump, that esp-packages came back to my client from the remote vpn-server but the client was not using them. I had set up in the past a virtual additional ip-address at my windows xp ethernet device. removing this ip and it worked! What a weekend..