What subsystem is responsible if I can connect via s2s VPN connection only in one direction?

I have configured the following s2s VPN (in pfSense) connection which is working in general. Unfortunately, I can connect (ping, netcat, ssh) only from client to the server, but not back. If I can ssh normally, it means that firewall is not the problem, right? Since packages are travelling in both directions? How to diagnose the problem with the means of command line tools? *** I made a mistake, I can't netcat backwards. But I can see ping traffic with packet capture on a client when pining it from server. Also, I did add explicit route route add -net 192.168.31.0/24 192.168.27.2 on a server. *** Here is what I see when dumping packets on client when pinging it (.31.1) or it's network counterpars (.31.155) from the server $ tcpdump -n -i ovpnc2 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ovpnc2, link-type NULL (BSD loopback), capture size 262144 bytes 20:04:44.123925 IP 192.168.27.1 > 192.168.31.1: ICMP echo request, id 14862, seq 0, length 64 20:04:45.133435 IP 192.168.27.1 > 192.168.31.1: ICMP echo request, id 14862, seq 1, length 64 20:04:46.146100 IP 192.168.27.1 > 192.168.31.1: ICMP echo request, id 14862, seq 2, length 64 20:04:49.664935 IP 192.168.27.1 > 192.168.31.155: ICMP echo request, id 1295, seq 0, length 64 20:04:50.663422 IP 192.168.27.1 > 192.168.31.155: ICMP echo request, id 1295, seq 1, length 64 20:04:51.679393 IP 192.168.27.1 > 192.168.31.155: ICMP echo request, id 1295, seq 2, length 64 20:04:52.688367 IP 192.168.27.1 > 192.168.31.155: ICMP echo request, id 1295, seq 3, length 64 Apparently, a client end sees ping packets, but doesn't respond, right?