Then you have a problem at the remote end. Maybe it needs some firewallrules too? Also note that the devices that are establishing the tunnels usually can't use the tunnel itself unless you add a fake static route. Retry from clients behind the vpn endpoints.