In S2S VPN using openVPN on VM ping only possible from Azure VNet to on-premise LAN. But not other way

Question

We are trying to setup a site to site VPN as in the picture:

We are using routing method for VPN (not NAT)

It all seems to work only one way, namely, VMs on Azure VNet can ping any on-premise machine nicely:
10. 1.0.4 -> 192.168.1.161 OK
10. 1.0.4 -> 192.168.1.18 OK
10. 1.0.5 -> 192.168.1.162 OK
10. 1.0.5 -> 192.168.1.18 OK
The other way ping is not working properly:
192. 168.1.161 -> 10.1.0.4 OK
192. 168.1.161 -> 10.1.0.5 FAIL
192. 168.1.18 -> 10.1.0.4 OK
192. 168.1.18 -> 10.1.0.5 FAIL

Azure routing table for the 10.1.0.0/24 subnet

No NAT gateway; No Network Security Group; No firewall

tcpdump on eth0:10.1.0.4
Ping from 10.1.0.5:
21:20:26.908451 IP 10.1.0.5 > 192.168.1.161: ICMP echo request, id 10, seq 1, length 64
21:20:26.922641 IP 192.168.1.161 > 10.1.0.5: ICMP echo reply, id 10, seq 1, length 64
21:20:27.910437 IP 10.1.0.5 > 192.168.1.161: ICMP echo request, id 10, seq 2, length 64
21:20:27.923025 IP 192.168.1.161 > 10.1.0.5: ICMP echo reply, id 10, seq 2, length 64
21:20:28.911367 IP 10.1.0.5 > 192.168.1.161: ICMP echo request, id 10, seq 3, length 64
21:20:28.924527 IP 192.168.1.161 > 10.1.0.5: ICMP echo reply, id 10, seq 3, length 64
21:20:31.228184 IP 10.1.0.5 > 192.168.1.18: ICMP echo request, id 11, seq 1, length 64
21:20:31.243222 IP 192.168.1.18 > 10.1.0.5: ICMP echo reply, id 11, seq 1, length 64
21:20:32.229840 IP 10.1.0.5 > 192.168.1.18: ICMP echo request, id 11, seq 2, length 64
21:20:32.243173 IP 192.168.1.18 > 10.1.0.5: ICMP echo reply, id 11, seq 2, length 64
21:20:33.231397 IP 10.1.0.5 > 192.168.1.18: ICMP echo request, id 11, seq 3, length 64
21:20:33.245325 IP 192.168.1.18 > 10.1.0.5: ICMP echo reply, id 11, seq 3, length 64

Ping from 192.168.1.161 and 192.168.1.18
21:22:44.218768 IP 192.168.10.14 > 10.1.0.5: ICMP echo request, id 11, seq 1, length 64
21:22:45.231778 IP 192.168.10.14 > 10.1.0.5: ICMP echo request, id 11, seq 2, length 64
21:22:46.256109 IP 192.168.10.14 > 10.1.0.5: ICMP echo request, id 11, seq 3, length 64
21:22:50.499008 IP 192.168.1.18 > 10.1.0.5: ICMP echo request, id 6664, seq 1, length 64
21:22:51.517736 IP 192.168.1.18 > 10.1.0.5: ICMP echo request, id 6664, seq 2, length 64
21:22:52.541671 IP 192.168.1.18 > 10.1.0.5: ICMP echo request, id 6664, seq 3, length 64

tcpdump on eth0:10.1.0.5
Ping from 10.1.0.5:
21:20:26.907854 IP 10.1.0.5 > 192.168.1.161: ICMP echo request, id 10, seq 1, length 64
21:20:26.923195 IP 192.168.1.161 > 10.1.0.5: ICMP echo reply, id 10, seq 1, length 64
21:20:27.909479 IP 10.1.0.5 > 192.168.1.161: ICMP echo request, id 10, seq 2, length 64
21:20:27.923316 IP 192.168.1.161 > 10.1.0.5: ICMP echo reply, id 10, seq 2, length 64
21:20:28.910648 IP 10.1.0.5 > 192.168.1.161: ICMP echo request, id 10, seq 3, length 64
21:20:28.924790 IP 192.168.1.161 > 10.1.0.5: ICMP echo reply, id 10, seq 3, length 64
21:20:31.227566 IP 10.1.0.5 > 192.168.1.18: ICMP echo request, id 11, seq 1, length 64
21:20:31.243642 IP 192.168.1.18 > 10.1.0.5: ICMP echo reply, id 11, seq 1, length 64
21:20:32.228993 IP 10.1.0.5 > 192.168.1.18: ICMP echo request, id 11, seq 2, length 64
21:20:32.243329 IP 192.168.1.18 > 10.1.0.5: ICMP echo reply, id 11, seq 2, length 64
21:20:33.230652 IP 10.1.0.5 > 192.168.1.18: ICMP echo request, id 11, seq 3, length 64
21:20:33.245702 IP 192.168.1.18 > 10.1.0.5: ICMP echo reply, id 11, seq 3, length 64

Ping from 192.168.1.161 and 192.168.1.18
nothing

It seems as packets get lost between 10.1.0.4 and 10.1.0.5

Could someone recommend how to fix the ping problem or at least give some hints, please?

Answer 1

@Alexey Kostin Does the OpenVPN Server VM's network interface have IP Forwarding enabled?