I have configured the following s2s VPN (in pfSense) connection which is working in general.

Unfortunately, I can connect (ping, netcat, ssh) only from client to the server, but not back.

If I can ssh normally, it means that firewall is not the problem, right? Since packages are travelling in both directions?

How to diagnose the problem with the means of command line tools?

I made a mistake, I can't netcat backwards. But I can see ping traffic with packet capture on a client when pining it from server.

Also, I did add explicit route

route add -net 192.168.31.0/24 192.168.27.2 

on a server.

I have configured the following s2s VPN (in pfSense) connection which is working in general.

Unfortunately, I can connect (ping, netcat, ssh) only from client to the server, but not back.

If I can ssh normally, it means that firewall is not the problem, right? Since packages are travelling in both directions?

How to diagnose the problem with the means of command line tools?

I made a mistake, I can't netcat backwards. But I can see ping traffic with packet capture on a client when pining it from server.

Also, I did add explicit route

route add -net 192.168.31.0/24 192.168.27.2 

on a server.

Here is what I see when dumping packets on client when pinging it (.31.1) or it's network counterpars (.31.155) from the server

$ tcpdump -n -i ovpnc2 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ovpnc2, link-type NULL (BSD loopback), capture size 262144 bytes
20:04:44.123925 IP 192.168.27.1 > 192.168.31.1: ICMP echo request, id 14862, seq 0, length 64
20:04:45.133435 IP 192.168.27.1 > 192.168.31.1: ICMP echo request, id 14862, seq 1, length 64
20:04:46.146100 IP 192.168.27.1 > 192.168.31.1: ICMP echo request, id 14862, seq 2, length 64
20:04:49.664935 IP 192.168.27.1 > 192.168.31.155: ICMP echo request, id 1295, seq 0, length 64
20:04:50.663422 IP 192.168.27.1 > 192.168.31.155: ICMP echo request, id 1295, seq 1, length 64
20:04:51.679393 IP 192.168.27.1 > 192.168.31.155: ICMP echo request, id 1295, seq 2, length 64
20:04:52.688367 IP 192.168.27.1 > 192.168.31.155: ICMP echo request, id 1295, seq 3, length 64

Apparently, a client end sees ping packets, but doesn't respond, right?

I have configured the following s2s VPN (in pfSense) connection which is working in general.

Unfortunately, I can connect (ping, netcat, ssh) only from client to the server, but not back.

If I can ssh normally, it means that firewall is not the problem, right? Since packages are travelling in both directions?

Also I can netcat from server to client by a tunnel address of 192.168.27.2, i.e. run

nc -l 1234

on client, and

nc 192.168.27.2 1234

on server and then I see the communication.

What does it mean? How to diagnose the problem with the means of command line tools?

I have configured the following s2s VPN (in pfSense) connection which is working in general.

Unfortunately, I can connect (ping, netcat, ssh) only from client to the server, but not back.

If I can ssh normally, it means that firewall is not the problem, right? Since packages are travelling in both directions?

How to diagnose the problem with the means of command line tools?

I made a mistake, I can't netcat backwards. But I can see ping traffic with packet capture on a client when pining it from server.

Also, I did add explicit route

route add -net 192.168.31.0/24 192.168.27.2 

on a server.