I'm trying to construct the following scheme for the users. Some of them went to the Internet directly from the device through NAT, some access to the Internet via a device located at the other end of the gre-ipsec tunnel. But here the problem occurs. Almost all sites are not opened (except Google), though I can perform ping and traceroute to them (of course, through vpn). I thought that the problem may be in cipher and I tried to delete the IPSEC, leaving only the GRE tunnel. But the problem is not solved.
What could be the problem?