I'm reading this article on wikipedia about protocols (OSI model) [1]
It says that ICMP(aka ping) and IPsec are at Layer 3(Network Layer). And ESP is at Layer 4(Transport Layer).
When I use strongSwan [2] on two machines and I have an established connection between the two of them, and I use ping command from one machine to another, in wireshark I see ESP packets and when I decrypt the ESP packets, they are in fact ICMP packets.
Why is this happening?
[1] : https://en.wikipedia.org/wiki/List_of_network_protocols_(OSI_model)
