We have a network that consist of the following networks

Vpn clients have the following

The routing table is as following when connecting ping throw
vpn. bm 3.8 (linux firewall).

Our problem is that servers on the network are able to ping
the vpn clients.
These clients are not able to ping the servers on the net
unless nat is enabled on the private interface of the bm 3.8 server. The
problem is that we canít access resources directly on the internet when
not enabling nat on the public interface.