After some trial/error changes I found what is working.
Some posts like this one
Mentioned that adding inbound rule help. I didn’t work form me.
Instead the problem was that in Internal Network Firewall Rules I have Deny All by default. I thought that L2 routing will do the job since devices on VPN are in the same VLAN. But it didn’t.
After I added allow rule to internal rules where source and destination fields are the same VLAN network things started to work.