OpenVPN S2S: client to server OK but server to client fails

[afan]

Hi all,

I've set up an OpenVPN Site2Site over the public internet. The VPN connects well, no problems there.

Name   Remote Host   Virtual Addr   Connected Since   Bytes Sent   Bytes Received   Status   
My_OpenVPN UDP:1194   79.12.15.170   10.9.1.1   2023-01-19 20:58:26   46 KB   35 KB   up

I use 10.9.1.0/24 as tunnel network (per the above) and the subnets at each site are 10.7.1.0/24 (LAN site1) and 10.8.1.0/24 (LAN site2). Site1 is runs the OpenVPN server; site2 runs the client.

Firewall rules were set to allow all traffic on the OpenVPN tunnel (regardless of source), at both sides:

   Protocol   Source   Port   Destination   Port   Gateway   Schedule   Description       
        IPv4 *   *   *   *   *   *   *   Allow_OpenVPN_traffic

On the OPNsense shell of site1, I can ping 10.9.1.1 (local IP address of the tunnel) and 10.9.1.2 (which is the other side/site).

On site2 I can reach site1 just fine (I can ping 10.7.1.0/24 addresses).
However I cannot reach any IP address from site1 to site2 (e.g. 10.8.1.2).

An extract of the routing table of site2 (https://10.8.1.1/ui/diagnostics/interface/routes) shows entries of site1's 10.7.1.0 network:

ipv4   default   79.12.15.1   UGS   NaN   1500   vmx0   My_WAN
ipv4   10.7.1.0/24   10.9.1.1   UGS   NaN   1500   ovpnc1           
ipv4   10.9.1.1   link#8   UH   NaN   1500   ovpnc1           
ipv4   10.9.1.2   link#8   UHS   NaN   16384   lo0   Loopback       
ipv4   10.8.1.0/24   link#2   U   NaN   1500   vmx1   lan   

The same applies for site1 (i.e. site2 routes exist).

I rebooted both sides just in case to no avail.

Any idea where things are going wrong?

[afan]

FWIW, the day after things worked fine.
I added some firewall rules at both sides on the LAN to allow the network at the other side. I think this was the solution.