Traffic going in 1 direction only

manju_rn

I have the following setup

1. pfSense router is connected to LAN (192.168.1.0/24)
2. Cloud VMs running tailscale (different clouds - AWS and Azure)
3. pfSense and Cloud VMs are connected via the Tailscale - CIDR - 10.7.1.1
4. pfSense Tailscale Client has advertise the subnet routes 192.168.1.0/24 and is accepting routes
5. CLoud VMs tailscale clients has also advertised their routes (pvt.ips) 10.1.1.147 and 10.0.0.101
6. The following Rule is defined in the pfsense
   

Results:

1. All direct tailscale clients (pfSense and Cloud VMs) are able to talk to each other - 10.7.1.1 <-> 10.7.1.2 <-> 10.7.1.3
2. Cloud VMs can also ping subnet of pfSense 192.168.1.0/24 - 10.1.1.147 --> 192.168.1.111 and so on
3. But the Vice Versa - i.e machines in pfSense network is not able to talk to Cloud VMs - either the Tailscale IP (10.7.1.1 or 10.7.1.3) or Pvt Ips (10.1.1.147 or 10.0.0.101)
4. machines in pfSense network is obviously able to talk to pfSense's Tailscale ip (10.7.1.2) as it is the same as local network CIDR 192.168.1.0/24)

Question:

1. I think I just need to setup some rule to allow the comms from subnet of pfSense to cloud VMs as they are already connected
2. Tailscale is probably not the culprit as it is already allowing traffic from Cloud VMs to PfSense & its Subnet