For Pulse, send ESP only of the same IP protocol as we're connected over

For Pulse, send ESP only of the same IP protocol as we're connected over

It really seems that when we're connected over Legacy IP, it only accepts
Legacy IP packets in ESP. And when we're connected over IPv6, it only
accepts IPv6 packets in ESP.

This matches the behaviour of the Windows client too.

If you connect to a NC server over IPv6 it doesn't even offer the ESP
config (since NC doesn't support IPv6 within the tunnel).

Someone really ought to report this bug to Pulse. For IPv6 VPN traffic
to be forced into TCP-over-TCP mode when you happen to be connected to
the VPN over Legacy IP is very bad.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>