Site-to-Site VPN (Raspberry Pi to pfSense)

Hello! I'm trying to do a site to site VPN, the server is on a Raspberry Pi, and the client is on a pfSense box. Right now, from the pfSense side I can access the network on the Raspberry Pi side, but not the other way round. It's the first time I'm tying to do this, I'm not sure what I'm missing.

10.0.0.0/24 to 192.168.1.0/24 works

192.168.1.0/24 to 10.0.0.0/24 doesn't work

• 10.0.0.0/24(pfSense)
• 10.8.0.0/24(TUN)
• 192.168.1.0/24(Raspberry Pi)

Server Config

dev tun proto udp port 1194 ca /etc/openvpn/easy-rsa/pki/ca.crt cert /etc/openvpn/easy-rsa/pki/issued/server_b0kKByJ0t4CfspI8.crt key /etc/openvpn/easy-rsa/pki/private/server_b0kKByJ0t4CfspI8.key dh none topology subnet server 10.8.0.0 255.255.255.0 push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" push "route 192.168.1.0 255.255.255.0" route 10.0.0.0 255.255.255.0 push "block-outside-dns" push "redirect-gateway def1" client-to-client keepalive 1800 3600 remote-cert-tls client tls-version-min 1.2 tls-crypt /etc/openvpn/easy-rsa/pki/ta.key cipher AES-256-CBC auth SHA256 user nobody group nogroup persist-key persist-tun crl-verify /etc/openvpn/crl.pem status /var/log/openvpn-status.log 20 status-version 3 syslog verb 3 

Client Config

dev ovpnc1 verb 1 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-256-CBC auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local <my pfsesne box public ip> tls-client client lport 0 management /var/etc/openvpn/client1.sock unix remote <my server public ip> 1194 route 192.168.1.0 255.255.255.0 ca /var/etc/openvpn/client1.ca cert /var/etc/openvpn/client1.cert key /var/etc/openvpn/client1.key tls-crypt /var/etc/openvpn/client1.tls-crypt ncp-ciphers AES-128-GCM:AES-256-CBC:AES-256-GCM resolv-retry infinite 

Routing Tables pfSense

Routing tables Internet: Destination Gateway Flags Netif Expire 0.0.0.0/1 10.8.0.1 UGS ovpnc1 default core-campus-16.utc UGS re0 one.one.one.one core-campus-16.utc UGHS re0 one.one.one.one core-campus-16.utc UGHS re0 google-public-dns- 10.8.0.1 UGHS ovpnc1 10.0.0.0/24 link#11 U bridge0 pfSense link#11 UHS lo0 10.8.0.0/24 10.8.0.1 UGS ovpnc1 10.8.0.1 link#12 UH ovpnc1 10.8.0.2 link#12 UHS lo0 <my server public ip> core-campus-16.utc UGHS re0 <my server public ip>/32 core-campus-16.utc UGS re0 81.180.16.0/24 link#5 U re0 campus-16-002.utcb link#5 UHS lo0 campus-16-044.utcb link#6 UHS lo0 campus-16-254.utcb e8:de:27:41:4a:96 UHS re1 localhost link#8 UH lo0 128.0.0.0/1 10.8.0.1 UGS ovpnc1 192.168.1.0/24 10.8.0.1 UGS ovpnc1 cache.utcb.ro e8:de:27:41:4a:96 UHS re1 

Raspberry Pi routing tables

Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 192.168.1.1 0.0.0.0 UG 0 0 0 enxb827eb675bbf default 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 10.0.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enxb827eb675bbf 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0