I would like to add some extra information I gathered about the issue:
- when I try to ping a LAN machine from a VPN client, on my firewall (192.168.1.254) I got the following block message: ICMP reply without request. So the LAN machine tries to reply, but the firewall blocks it. I suspect for some reason the ICMP request comes from the RRAS server 192.168.1.6 (not interacting with my firewall) and the reply goes to the VPN Client's address through my firewall.
- I am able to query DNS request from a VPN client against my internal DNS server (192.168.1.1) and got a response.
- I am able to query an NTP resync from my local Windows NTP server (192.168.1.8) and got a response.
- I am able to ping my firewall LAN IP (192.168.1.254) from a VPN Client and get a response. Still can't ping anything else on the LAN.