N2N OpenVPN works only one way

I have had successful setup of OpenVPN in IPFIRE on my two separate locations setup. Lets call them SiteA and SiteB which are actually my two separate houses. SiteA acts like client and SiteB as server which actually in terms of OpenVPN is irrelevant since I am running it in net-to-net or site-to-site mode.

Now on SiteA I have replaced IPFIRE with Asus AC86U which runs AsusWRT. I have moved the config from IPFIRE to AsusWRT and setup a client connection from it. After some struggling with p12,certs,key,etc I managed to get the VPN up and running. So the VPn connection is now established fine.

Problem is that it works one way. From SiteB->SiteA it works fine but not the other way around.

I can see with tcpdump running on IPFIRE at SiteB that a test ping packet (sent from AsusWRT node) actually arrives into IPFIRE (on SiteB) and looks like this

10:35:58.922260 tun0 In IP 10.10.1.2 > 192.168.0.223: ICMP echo request, id 1577, seq 0, length 64

But then apparently it is not being forwarded for some reason to the dest host (in this case 192.168.0.223) . tcpdump on dest not does not receive anything even with firewalld turned off.

The routing table looks correct to me and looks line this on IPFIRE at SiteB

netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 178.78.202.129 0.0.0.0 UG 0 0 0 red0
10.10.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
178.78.YYY.XX 0.0.0.0 255.255.255.128 U 0 0 0 red0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 green0
192.168.1.0 10.10.1.2 255.255.255.0 UG 0 0 0 tun0

Keep in mind that if I connect back IPFIRE on SiteA then everything works just fine but not with AsusWRT.

I even tested on SiteA a frash install of raspbian,openvpn,same ovpn config and it does not work in the same manner as AsusWRT.

That makes me think that IPFIRE on SiteA (and IPFIRE in general) makes some tricks with the outgoing packets ?!? or with the routing on SiteA/B which I cannot see. For some reason onlu IPFIRE<->IPFIRE works.

Any ideas what this could be or what can I check or how else to troubleshoot?

Another finding is that pinging and tcpdumping shows different results when using ipfire IPFIRE(works) or AsusWRT(doesnt work) on SiteA.

There are 2 packets for for each request/response and from LAN ip when working and VPN/tunX IP when not working. Why?

ping SiteA(AsusWRT) → SiteB(IPFIRE)

10:35:58.922260 tun0 In IP 10.10.1.2 > 192.168.0.223: ICMP echo request, id 1577, seq 0, length 64

ping SiteA(IPFIRE) → SiteB(IPFIRE)

14:11:52.123255 tun0 In IP 192.168.1.1 > 192.168.0.223: ICMP echo request, id 10546, seq 1, length 64
14:11:52.123469 green0 Out IP 192.168.1.1 > 192.168.0.223: ICMP echo request, id 10546, seq 1, length 64
14:11:52.124664 green0 In IP 192.168.0.223 > 192.168.1.1: ICMP echo reply, id 10546, seq 1, length 64
14:11:52.124750 tun0 Out IP 192.168.0.223 > 192.168.1.1: ICMP echo reply, id 10546, seq 1, length 64